Was Your Website Copied? How To Prevent Website Cloning

Summary: Hackers can clone or “pagejack” your website to redirect customers to a duplicate website that appears identical. Unknowing victims visiting the site can be tricked into entering credit card numbers or downloading malware. There are several ways to check if your website has been cloned, and strategies to remove the cloned site.

On the dark side of the IT world, cybercriminals work day and night to find new ways to steal data and money. Hackers will target anything that they can use to their advantage and compromising the integrity and security of websites is on their short “hit list.” The most common method of attacking websites is called cloning, also known as pagejacking.

What is Pagejacking?

Pagejacking is the duplication of an existing website to create a new identical website, often for theft purposes. Every website has three components: design, content and programming code. When all three of a website’s components are copied, the resulting page will look identical to the original one.

Website cloning is not necessarily illegal. The legality rests on the purpose for which a website is copied. For example, it is perfectly legal for the owner of a website to replicate the site as a backup. Also, a software developer might copy a website as a template for building another site. Sometimes, a legitimate competitor of the target website’s brand will copy certain parts of a site to dilute the impact of the website owner’s brand.

However, cyberthieves can use cloned websites to reroute web traffic from the legitimate website. Once rerouted to the copied website, the unsuspecting users can fall victim to cyberattacks such as phishing and other malicious threats. In addition, hackers often use an attack known as mousetrapping to stop website visitors from leaving their bogus sites.

What Is Mousetrapping?

Mousetrapping is “a technique used by some websites (often tech support scam sites) to keep visitors from leaving their website, either by launching an endless series of pop-up ads, redirects or by re-launching their website in a window that cannot be easily closed; sometimes this window runs like a stand-alone application, and the taskbar and the browser's menu become inaccessible. Many such websites also employ browser hijackers to reset the user's default homepage.”

Mousetrapping and pagejacking are just two methods cyber thieves use to steal information. Hackers perform malicious website cloning as a first step in stealing traffic from the original site to perform additional attacks on the hijacked users. One of the worst versions of these website attacks created by cyberthieves automatically copies a website and continues to update the clone as changes are made to the legitimate site.

Once users visit the fake website, hackers find ways to trick them into divulging private information, buying counterfeit products and becoming infected with various forms of malware.

Over time, a cloned website can do severe damage to the owner of the original site. Here are some of the most dangerous potential risks of website cloning that you should consider:

• Competing SEO – Duplicate website content will harm the SEO (search engine optimization) performance of the original legitimate website because exact copies will compete against each other, thereby confusing search engines which will penalize the site in rankings.
• Damage To Your Brand – When visitors are redirected to the cloned website, they will still believe they are dealing with a trusted source. Therefore, if a site visitor is scammed, they will blame the owner of the original website, which damages the legitimate brand. They may unsubscribe from or avoid your brand.
• Loss of Competitive Edge – Businesses spend significant time and money planning their sales strategies, pricing and marketing image. Any duplication of these elements can unfairly undermine and dilute a business’s marketing plan.

The easiest way to confirm that your website has been cloned is by running a copyright protection program such as Copyscape. These programs check the copy against the vast online copy universe for plagiarism and other copyright infringements. Routinely running anti-plagiarism software should become part of your regular IT maintenance and network cyber security.

Once you have confirmed that your website has been cloned, immediate steps should be taken to:

• Stop the Hacker from Accessing Your Website – Blocking the cloning process is a priority. If the clone is updated when your website is updated, you will know it is a dynamic clone (one that updates automatically). You can test to see if it is dynamic by making small, insignificant changes to your website. If the clone changes, it is a dynamic clone. To stop the clone, you must check for IP addresses most frequently visiting your website and then block them. If the clone is static (unchanging), then this approach will not work.
• Remove the Clone – The first step to taking down a website clone is to send a cease-and-desist letter to the clone’s domain provider and website host. Include as much information as possible and include screenshots to support your request. Reputable providers will investigate and, if the website in question is proven to be a clone, will remove it.
• Use Clone Management Software – Software platforms are available that automatically scan for copyright infringements.
• Standardize Best Practices for Clone Prevention –
  • Focus On Your Brand – Unique and distinctive branding will make it more difficult for hackers to clone your website.
  • Target Your Audience – Make your website and brand immediately recognizable to your visitors.
  • Use Google Analytics – Using analytics to monitor all your website’s incoming traffic will help you identify malicious bots and potentially fake domain names.
  • Include Internal Links – Most hackers will not comb through your site for internal links contained within your copy. If a visitor is on the fake site and clicks on an internal link, it will take them back to your legitimate website.

Your website functions as your online brand ambassador. For many small businesses, a website clone can have devastating consequences, even disrupting sales enough to cause bankruptcy. Being vigilant and having robust protection to prevent website cloning is well worth the investment of time and money.

Contact your IT technician to assess your network, especially if you notice changes to the number of site visitors or changes to network performance.