Strategy: Brand Protection

Guides discovery, reporting, and prevention of brand impersonation—fake websites, phishing sites, trademark infringement, and domain squatting. See domain-selection for defensive domain registration; trust-badges for official site verification signals; about-page for identity declaration.

When invoking: On first use, if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On subsequent use or when the user asks to skip, go directly to the main output.

Initial Assessment

Check for project context first: If .claude/project-context.md or .cursor/project-context.md exists, read it for brand name, official domain, and key assets.

Identify:

• Impersonation type: Fake website, phishing, trademark misuse, domain squatting

• Evidence available: Screenshots, URLs, WHOIS, hosting info

• Legal assets: Registered trademark, copyright ownership

• Impact: Traffic interception (fake site ranks for brand queries)? Payment fraud (users pay on fake site, then contact official support)?

Evidence Collection Checklist

Item Action

Full URLs Document all key pages of the fake site

Screenshots Homepage, product pages, logo, layout; include date/time

Comparison Side-by-side: official vs fake (layout, logo, copy similarity)

WHOIS Use ICANN Lookup for registrar, creation date, registrant

Hosting IP lookup to identify hosting provider

Reporting Channels (Priority Order)

Channel Entry Use Case

Domain registrar Abuse / Report Misuse on registrar site Brand impersonation, trademark, fraud

Hosting provider Same; submit abuse form Hosting infringing content

Google Safe Browsing Report Phishing Phishing / impersonation risk

Google Trademark Trademark Complaint or trademark@google.com Trademark infringement in search; requires registered trademark

Bing Content Removal Content Moderation Platform Copyright/trademark; content removal from Bing

Payment processors PayPal Resolution Center, Stripe support If fake site accepts payments; report fraud

Social platforms X, Facebook, Instagram abuse forms If fake site is promoted or linked there

Google Ads / Microsoft Ads Platform trademark complaint forms If impersonator runs brand ads

DMCA To hosting provider Copyright infringement; images, copy, design copied

ICANN DNS Abuse complaint If registrar does not respond within reasonable time

Report content: Include full URL, clear description of fraudulent activity, and all evidence (screenshots, logs).

Reporting Best Practices

Registrar vs hosting: Use ICANN Lookup for registrar. For hosting, use IP lookup (HostingCheckerOnline, HostingDetector, ipinfo.io) to find origin server—registrar may be Cloudflare while origin host is elsewhere; report to both.

Cloudflare as registrar: Use abuse.cloudflare.com or abuse form; select "Phishing & Malware" for impersonation. Email complaints are generally not processed; use the online form. Provide specific URLs of infringing pages.

Hosting detection: Sites behind Cloudflare CDN hide origin IP. Use reverse IP lookup or hosting detection tools to identify underlying host; submit abuse to that provider as well.

Parallel reporting: Submit to registrar, host, and Google Safe Browsing simultaneously; do not wait for one before others. Google trademark review takes 1–8 weeks.

Legal Options

Option When Notes

Cease and desist Trademark infringement Lawyer-drafted; often first step

DMCA takedown Copyrighted material copied Images, copy, design; hosting providers typically comply

Consumer protection Scam / fraud FTC ReportFraud.ftc.gov (US)

Law enforcement Financial loss, identity theft IC3 (FBI) for cybercrime

Prevention Measures

Defensive Registration

• Register brand+ai, brand+app, brand+official, etc. See domain-selection for defensive registration.

• Redirect variants to main domain; do not deploy separate sites.

Official Site Verification

Place "Official website: [domain]" prominently:

• Homepage (above fold or hero)

• Sign-in / Sign-up pages

• Pricing / Payment pages: "Only pay at [official-domain]. Do not enter payment on other domains."

• Footer: "© [Brand]. Official site: [domain]"

• FAQ: "How do I verify I'm on the official site?" → "The only official URL is [domain]. Any other domain is not affiliated."

Use trust-badges for verification signals. See about-page for identity declaration.

Customer Support (Payment Fraud)

When users report "can't use after payment" but no record exists—likely paid on fake site:

• Verify source: Ask which URL they used (request screenshot or URL).

• Response template: Explain that the only official site is [official-domain]; if they paid elsewhere, that site is not affiliated. Recommend: (a) dispute charge with payment provider, (b) use only [official-domain] going forward.

• Roll out template to support team; ensure consistent messaging.

User Education

• Social media pinned post / announcement: "Only use [official-domain]"

• Email signatures, support replies: link to official domain only

Traffic Recovery (When Impersonation Intercepts Search)

Tactic Purpose

Brand search ads Run Google Ads and Microsoft Ads on brand terms; ensure official site appears first for brand queries

SEO Strengthen official site for branded queries; Organization schema, clear H1, meta tags. See schema-markup, title-tag

Social Pinned post: "Only use [official-domain]. Beware of impersonation."

Monitoring (Ongoing)

• Periodic search: brand name + common variants (e.g., brand+ai, brand+app)

• See brand-monitoring for monitoring setup, tool selection, and cadence

Timeline (Typical)

Phase Focus

Immediate (Days 1–3) Support template; site declaration; evidence collection

Short-term (Week 1–2) Abuse reports; Google Safe Browsing; DMCA if applicable

Traffic (Week 2+) Brand ads; SEO; social announcement

Ongoing Monitoring; defensive registration if feasible

Implementation Checklist

Short-term (1–2 weeks): Evidence collection; abuse reports to registrar and host; Google Safe Browsing report; DMCA if applicable; add "Official website" on site.

Medium-term: Add impersonation guidance to domain-selection; official verification to trust-badges, about-page.

Long-term: Periodic search (brand + variants); brand monitoring (BrandShield, Doppel); defensive registration of variants.

Output Format

• Evidence package (checklist, evidence list)

• Report templates (registrar, hosting, Google)

• Timeline (immediate vs medium vs long-term actions)

• Prevention (defensive registration, site verification, user education)

References

• How to Report and Take Down a Fake Website - LegalClarity

• Website Spoofing: Detection and Take Down - BrandShield

• ICANN DNS Abuse Complaints Guide

• Google Safe Browsing - Report Phishing

• Cloudflare Abuse Reporting — use online form; select Phishing & Malware

• Google Trademark Complaint

• Bing Content Removal

Related Skills

• domain-selection: Defensive domain registration; brand variants

• rebranding-strategy: When rebranding, sync brand protection checks

• brand-monitoring: Proactive monitoring setup; tool selection; this skill = reactive takedown

• branding: Brand asset protection; consistency

• trust-badges: Official site verification signals

• about-page: Official identity and domain declaration

• homepage-generator: "Official website" placement

• google-ads, paid-ads-strategy: Brand search ads for traffic recovery

• schema-markup, title-tag: SEO for branded queries