Copycat phishing website updates in real time - How is this possible?

Copycat phishing website updates in real time - How is this possible?

M_R1
Tourist
9 0 7

There is a website that is an exact copycat of our legitimate business website, and it updates in real-time, the second we apply a change to OUR theme, THEIR site is updated. It makes me think they have some sort of direct connection or script inserted into the structure of OUR website or theme.

 

The fraud site is omoilifeshop.com, looks exactly like ours, but is not built with Shopify.

 

Our real site is omoionline.com

 

The only tell that they're the fake is their PRODUCTS ALL vs  our LATEST in the top menu navigation.

 

If anyone has any thoughts as to what this might be or how to deal with this, I'd greatly appreciate it.

 

In the meantime we have reported the domain to its hosting provider and domain registrar, as well as other areas where it has been affecting us. The site was temporarily suspended for phishing after I reported it to the hosting provider, but days later it was back as usual.

 

Any help is appreciated. Thanks.

Replies 5 (5)

dylanpierce
Shopify Partner
297 14 129

Technically speaking, they might just be scraping your website's HTML, then replacing the product section with their own version and republishing it.

Since this website isn't hosted on Shopify you'll have to file a DMCA request with the DNS Registrar that is hosting this site.

You can use a WHOIS lookup to determine the registrar, then you can file a claim with them with your evidence.

Eventually your claim will be processed and this site will be taken down, but it is some paperwork.

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

M_R1
Tourist
9 0 7

It's definitely a scraper in action. I've just never seen the real time updating like this. As I wrote in my OP, I have already contacted the registrar and hosting provider.

Laza_Binaery
Shopify Partner
335 62 93

HI @M_R1 

 

Sorry to hear about your case, it must be so stressful.  But it is a good sign I got a warning for a phishing website when I visited the link.

That is a good start, plus you reported to hosting and provider and domain register. But check this video, links in description and report on as many sites as you can   https://www.youtube.com/watch?v=0fIUiv9-UFk

 We had a similar try but more naive I think, and the site was closed in a few days.

 

But how it is possible, when in this AI age, there are some tools that can copy complete websites? Plus there could be scripts that scrap your website and maybe scheduled tasks that run those scripts at even intervals.

 

Hope you can solve this issue.

Kind regards
Laza
www.binaery.com
M_R1
Tourist
9 0 7

Laza_Binaery, thank you so much for that YT link, I just went and submitted reports to all the sites in the vid. So far, this seems like best follow-up action to take (assign negative reputation thru widespread reporting), since the hosting provider initially did report the site/it was blocked, but it was back in action the next day.

PaulNewton
Shopify Partner
7721 678 1620

Actual cases of "script inserted into the structure" that steals content are very serious and require actual evidence and real effort to backup it up.

Speculation or ignorance of how the internet security works just makes it harder to address actual solutions.

 

If a site is public they don't need to be "inserted into the structure of OUR website", they just poll it for changes.

This can be looked for in analytics, of course direct IP bans can be a temporary band-aid but copycat sites are more of a honeypot situation.

 

Often these are unmanned bot sites with the goal of collecting payment info for fraud, or less likely poison pill sites to try and peal traffic away.

For unmanned bots sites, a simple obfuscated script that checks the url and disables things, or subtly cripples the theft site can work.

If you just blank the site the bot runners may notice and filter out the script so you can't just be dumb about what it does.

 

But getting the hosting to comply is the better way, the best way of course is legal action to get to the domain owner /registrar behind the scenes.

And not just through DMCA but through trademark enforcement.

As otherwise it's whackamole as they move from host to host.

 

Contact paull.newton+shopifyforum@gmail.com for the solutions you need


Save time & money ,Ask Questions The Smart Way


Problem Solved? ✔Accept and Like solutions to help future merchants

Answers powered by coffee Thank Paul with a Coffee for more answers or donate to eff.org