Entire Shopify Store Stolen and Duplicated - Please Help!

Entire Shopify Store Stolen and Duplicated - Please Help!

Charp
Excursionist
36 1 5

Our entire product catalogue on our Shopify store was stolen and duplicated to a domain we don't hold.  We're drmower.ca.  Everyone of our 6000+ products, descriptions, images, and categories has been taken from our site and copied to drmower.shop - a website domain we don't own.  The contact info on the site is for a legit US company - motorhelmets.com.  It appears to have been taken by a company called FAMVIBE, which looks like a complete scamming site.

 

So - what do we do?  How can someone take our entire Shopify Store?  There is no indication of any kind of security breach and our real store is running as normal.  Please help!

Replies 12 (12)

biznazz101
Shopify Partner
494 50 90

You don't need to worry on the security breach idea, highly unlikely. It is pretty easy to scrape all the code and information from a store unless there is code preventing the theme files from being accessed. (google: right click inspect)

As for what you can do about it, you have a few options:

1) Contact Shopify. If it is truly a replica of your site they may remove it from the platform. (I'd hope they would)

2) Contact a lawyer. If they are infringing on copyright, trademarks, intellectual property, it may be cause for legal action.


3) Contact the people running the replica website directly, via a cease and desist notice.

4) I don't know if this would work, but maybe even contacting the domain registrar if it's not Shopify and make them aware of what it is being used for.

Realistically, if they are scammers, or not based in the same country as you it will be difficult to find success with options 2 or 3. Unfortunately, this happens more than one would think, although usually just the overall design, not products text etc. Based on the domain, I would guess it is a scam to fool potential customers, orthey plan on dropshipping your stores items. Either way it probably will not be up for very long.

Going forward you should add Javascript code to prevent right click in your store. This will somewhat protect your content. Sorry to hear this happened. Good luck!


Edit: I checked both URLs I don't know that shopif'y would remove it, the design is different enough that I don't see them doing it even if it is created with them. Also, the descriptions are different on the few products I checked. So don't see a lawyer being able to do anything either since the products are mostly created and sold by major companies. Even if they were using your unique images, descriptions, design it would be difficult and probably expensive to do anything anyways. I know that is frustrating but that is my opinion.

Don't hesitate to reach out for more help with your store.
SEE OUR TASK STORE or check us out via our profile! FREE STORE AUDIT
Charp
Excursionist
36 1 5

Thanks for the response.  I updated my journey and the steps taken to-date but am talking with my Shopify Experts on how we can avoid this in the future.  

Charp
Excursionist
36 1 5

Update - after emailing and reporting the site everywhere I could think of, I believe we will successfully have it removed in the next few hours.

 

Everyone I spoke with indicates this type of scam is not that unusual.  I wrongly assumed that my product data would have some security attached to it in our Shopify store.  We had recently upgraded to one of their new templates and had a Shopify Expert assist with the upgrade.  That was clearly not the case but I'm hoping to get that fixed in future.

 

This is what I did:

1. Contacted the people listed on the scam site.  This was motorhelmuts.com in California, who I believe is also a victim in that they seem a legitimate company who had no knowledge their info was on the scam site.

2. Contacted GoDaddy, with whom I purchased all my domains.  They gave me good info on next steps and I purchased their domain broker services to try to buy this domain back.

3. Ran a Whosis report to obtain the current domain registrar and server

4. Notified Shopify (useless as the scam site is not a Shopify site). Checked and updated security for our store

5. Contacted 99ecommerceexperts.com, the company who had helped with my recent upgrade. They gave me some good info.  

6. Emailed the Registrar's abuse email address (from the Whosis report) - this is ultimately the solution

7. Emailed ICANN and submitted an abuse form online

8. Submitted an abuse report to Cloudflare, the server listed on the Whosis report.  I received an email with a link to report the abuse but when I attempted to use it, received the message that this domain is not active on Cloudflare. This one is still outstanding.

9. Reported to Canadian Centre for Cyber Security - useless, received notification they couldn't help

10. Reported to the IC3 of the FBI

11. Tried to report to RCMP and  Canadian Anti-Fraud Centre but their website wouldn't work.  I was going to contact them today but will wait to see if this gets resolved

12. Reported a fraudulent site to Google and Microsoft

13. Am working with GoDaddy's domain broker to purchase this domain back.

14. Asked 99ecommerceexperts.com to insert the java script in my shopify store as suggested by Bizznazz101.

15. Sent out an email via Shopify to all my subscribed customers

16. Posted on our socials

17. Wrote a blog post on our website

18. Added a header on our website warning about the scam site

19. Keeping my fingers crossed as I received this email today:

Counterfeit Complaint - drmower.shop - Case #: ########(removed)

 

PublicDomainRegistry.com <abuse@publicdomainregistry.com>

8:46AM (2 hours ago)

 
 

 

 

 

 

 

 

Hello Char,

Thank you for bringing this to our notice. We have suspended the domain name ‘drmower[.]shop’. It shall reflect in 4 to 6 hours.

Feel free to let us know if you have any concerns.    

 

Regards,

Abuse Mitigation Team
PublicDomainRegistry

 

 

biznazz101
Shopify Partner
494 50 90

Glad you got it figured out! To prevent future issues you can add this JS to your global.js theme file at the bottom, it will disable right clicking:

<!-- ADD TO GLOBAL.JS OR THEME.JS FILE AT BOTTOM TO DISABLE RIGHT CLICKING IN YOUR STORE- BIZNAZZ101 -->


document.addEventListener('contextmenu', function(e) {
  e.preventDefault();
  alert('Right-click is disabled on this site.');
});



Don't hesitate to reach out for more help with your store.
SEE OUR TASK STORE or check us out via our profile! FREE STORE AUDIT
Rachel_Zylstra
Tourist
10 0 2

How did you find the registrar to email from the Whosis report?  The same thing just happened to our site, and I'm trying to figure out what to do.  I did run the report and filed a report with Cloudflare, and I'm in the queue to talk to GoDaddy support right now.  Ugh, so frustrating!  Any advice you can offer would be great!  Were you successful in getting the other site down?  Thanks!

tiptophomedecor
Visitor
3 0 0

Hi Rachel,

 

We are in the same boat. All my content from my website has been copied in a fake fraud website. My website is tiptophomedecor.com and they use tiptophomedecor.shop

Any tips on solving this would help!!!

biznazz101
Shopify Partner
494 50 90

Add the code from my comment above to your store to prevent further copying of code and content from your store.

In terms of what can be done, the list another user wrote above is a good starting point, I would also contact Wordpress maybe they can help as it is being run off their platform and they are copying images, descriptions, etc EXACTLY as they appear in your store.

 

This is the domain registrar information:

Domain Information
Domain:
tiptophomedecor.shop
Registrar:
Web Commerce Communication Ltd.
Registered On:
2023-09-18
Expires On:
2024-09-18
Updated On:
2023-10-11
Status:
ok
Name Servers:
stella.ns.cloudflare.com
norman.ns.cloudflare.com
Registrant Contact
State:
Wilayah Persekutuan
Country:
MY
Raw Whois Data

Domain Name: TIPTOPHOMEDECOR.SHOP
Registry Domain ID: DO8783577-GMO
Registrar WHOIS Server: iwhois.webnic.cc
Registrar URL: https://www.webnic.cc/
Updated Date: 2023-10-11T10:06:17.0Z
Creation Date: 2023-09-18T06:02:02.0Z
Registry Expiry Date: 2024-09-18T23:59:59.0Z
Registrar: Web Commerce Communication Ltd.
Registrar IANA ID: 460
Registrar Abuse Contact Email: email@webnic.cc
Registrar Abuse Contact Phone: +603.89966788
Domain Status: ok https://icann.org/epp#ok
Registrant State/Province: Wilayah Persekutuan
Registrant Country: MY
Registrant Email:
Admin Email:
Tech Email:
Name Server: STELLA.NS.CLOUDFLARE.COM
Name Server: NORMAN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-11-13T18:34:40.0Z <<<



Hope things work out for you!
@biznazz101 

Don't hesitate to reach out for more help with your store.
SEE OUR TASK STORE or check us out via our profile! FREE STORE AUDIT
Rachel_Zylstra
Tourist
10 0 2

I went through a lot of the steps listed above, and had success with the same solution - I was able to look up the domain in GoDaddy and find out it was through PublicDomainRegistry.com. I contacted their support and reported the site and they had it taken down withn 24 hours.  I then added an entry to our FAQ stating that the site was not affiliated with us, and that anyone who had tried to place an order should check their credit card for fraud. Since the site doesn't actually have any products to sell, they must be trying to get people's info via the check out form.

Charp
Excursionist
36 1 5

Glad it worked out.  We successfully got the drmower.shop scam site down, as l listed above.  We also wrote a blog post and did a brief email out to our active customers. We never did hear anything back from customers who bought from the scam site and didn't receive their parts, so hopefully all is good.  Char

Sam_Mac
Excursionist
16 0 5

Did it stay down? We've just found our site copied on at least two domains including one with this same registrar and another on the registrar shown below with another shopify store. I've reported it to the registrars, waiting to hear back.

Rachel_Zylstra
Tourist
10 0 2

We had ours removed almost a year ago, and it has stayed down, although someone still owns the domain.  I'm curious if anyone has had luck in buying the domain back. I figured the scammers would ask for a crazy amount of money for it, so we didn't even try.

Charp
Excursionist
36 1 5
We haven't had any problems since (fingers crossed). I did hire GoDaddy's
domain buyer to try to get the domain back, but no response. I keep
checking for it to come available and I have bought up all similar domains.

My developer says that there's really no way to stop scraping. We've added
the app Shop Protector but it is just for images.

I think Shopify should be addressing this issue as there's not much we can
do as shop owners.