Domain Spoofing: What to do when a fraudster copies your website

Imagine this: You Google your business name. The first result looks familiar—but something feels off.

Then you see it: the URL doesn’t end in ".com." It's slightly different.

When you click, your heart sinks. Someone has cloned your entire website.

Even worse, your clients are seeing this fake site and unknowingly sending their private information directly to scammers.

What would you do next?

What exactly is domain spoofing?

Domain spoofing (or site spoofing) is when fraudsters create convincing replicas of legitimate websites—including branding, contact details, and even login pages—to trick your customers into sharing sensitive information or wiring funds directly into scammers’ accounts.

This is happening to businesses every day. Even worse, these fake sites often go unnoticed for weeks or even months before they're taken down. By that point, the damage is already done.

So, how can you protect your business?

Who is most at risk for domain spoofing?

Any business can become a victim. But if you're in real estate, lending, or title services, you're particularly vulnerable.

Recently, CertifID’s Fraud Recovery Services saw a sharp increase in spoofed domains targeting lenders, law firms, and title companies.

Why? Because complex real estate transactions offer perfect opportunities for scammers. Fraudsters understand your clients trust your website to complete transactions—and they exploit this trust by creating lookalike sites.

How domain spoofing actually works

While domain spoofing might seem sophisticated, fraudsters can easily clone an entire site in just seconds.

CertifID’s Peter Marsh, Head of Security, Compliance & IT, explains how alarmingly simple this can be:

“It only takes a few commands," Marsh said.

Free and open-source software lets scammers quickly copy your site's images, code, and functionality. Once compiled, they register a domain similar to yours—perhaps just one letter off or with a different extension like ".net"—and upload the cloned content there. Then it's just a matter of pushing people to the fraudlent domain.

Watch Peter demonstrate just how quickly this can happen.

What is SEO poisoning, and how does it relate to domain spoofing?

SEO poisoning is when scammers use search engine strategies—like keywords or ads—to lead people to fake websites. For example, if you search "Bank of America," you might accidentally click on a deceptive ad or link, ending up on a spoofed website.

SEO poisoning pairs effectively with domain spoofing because it makes fake sites easier to find, dramatically increasing the risk to unsuspecting users.

Lately, we've seen an uptick in SEO poisoning, especially in real estate transactions. Scammers are even pretending to be specialized lenders, demonstrating their growing sophistication and understanding of industry specifics.

How to spot a spoofed domain

Spotting fake domains early can save your business from serious trouble, especially if you handle sensitive information or funds. Here are some quick red flags to watch for:

• Fresh domains: Fake websites are usually brand new—registered just days or hours ago. Marsh emphasizes, "The registration date is a concrete indicator scammers can't easily hide."
• Small changes, big problems: Ever glance quickly at a URL and miss tiny changes like swapped letters or an extra dash? These subtle differences are common tricks.
• Fake addresses and ghost reviews: Marsh suggests a quick check: "Use Google Street View to confirm the legitimacy of business addresses."

Recognizing these signs is crucial—but there’s one security measure many people misunderstand: SSL certificates.

Common myths about SSL certificates

Many people assume a site with the "lock" icon next to its URL is always safe. However, scammers can easily get SSL certificates for spoofed domains.

As Marsh clarifies, SSL certificates "won’t protect you from these attacks because fraudsters own the spoofed domain and can register SSL certificates for it."

Never rely solely on SSL certificates. Always verify the full domain carefully.

How to keep your business safe from spoofed domains tactics

Combating spoofed sites and SEO poisoning requires proactive measures. Here's how you can stay one step ahead:

• Stay alert: Regularly use tools like DNSTwister to check for lookalike domains.
• Act fast: If you spot a spoofed site, immediately contact the hosting provider to request a takedown. (You can identify the hosting provider through ICANN Lookup.)
• Educate clients: Regularly inform your clients about domain spoofing and phishing risks.
• Boost your security: Implement multi-factor authentication (MFA). Marsh explains, "MFA protects you even if someone steals your username and password."

Site spoofing is a serious business threat and requires action to stop or prevent. Use the strategies above can help protect your reputation, your clients, and your bottom line.

For more insights and tips, subscribe to our weekly newsletter, The Wire.

‍