
Ask HN: How to get this fraudulent copy of our website shut down? - tempestn
I run AutoTempest.com, a car listings search engine.  A few weeks ago, someone registered autoStempest.com, with an extra &#x27;s&#x27;.  They copied our logo and branding, as well as faking other information, such as their team and location.  (For example, their &quot;CEO&quot; is actually the CEO of Edmunds.)  They&#x27;ve taken other steps to appear legitimate, such as creating a fake Yelp profile and reviews.<p>From what we&#x27;ve heard from our users, they&#x27;re creating fake craigslist listings, and when people contact them, they&#x27;re directing them to links on their site, claiming to be &quot;Auto Tempest&quot;.  Then they solicit payments (presumably reservations or down payments, if not complete sight-unseen purchases), while using our name recognition to gain trust.<p>We&#x27;ve determined that their registrar is Namecheap (as is ours, coincidentally), and they are hosted by a company called Quasinetworks, NL.  Interestingly, if you google that company, the first result is someone complaining about how they were unresponsive to abuse notifications; not a great sign.  We did sent a message to their abuse contact, but haven&#x27;t heard back.  We also contacted Namecheap and did get a reply, but it appears they will only take down a domain with a) a court order, b) potentially a request from law enforcement, or c) a UDRP proceeding: https:&#x2F;&#x2F;www.icann.org&#x2F;resources&#x2F;pages&#x2F;help&#x2F;dndr&#x2F;udrp-en<p>The problem with options c or especially a is that they&#x27;re costly, and nothing would stop whoever is behind the site from simply registering a new confusingly similar domain.  So, to start with we&#x27;ve submitted a report to ic3.gov, the FBI&#x27;s Internet Crime Complaint Center.  Hopefully if they confirm the site is fraudulent, they can request that Namecheap yank the domain.  I&#x27;ve never submitted such a complaint before though, so I have no idea how responsive they are.<p>Is there anything else we could do to shut these scammers down?
======
matt_heimer
Report them to Google so that hopefully browsers such as Chrome will warn
users when visiting the fake site.
[https://www.google.com/safebrowsing/report_phish/](https://www.google.com/safebrowsing/report_phish/).
More info at
[https://safebrowsing.google.com/](https://safebrowsing.google.com/)

~~~
happppy
let us report all so legit businesses don't hurt.

~~~
HNLurker2
Sounds evil. I like it.

------
MilnerRoute
Yeah, they're presumably going to be hopping from one hard-to-shut-down host
to another...

[https://badpackets.net/quasi-networks-responds-as-we-
witness...](https://badpackets.net/quasi-networks-responds-as-we-witness-the-
death-of-the-master-needler-80-82-65-66-for-now/)

A couple random thoughts:

I wonder if the FTC could help you? (Since their victims are in the United
States.)

I wonder if there's any way Craigslist could help you? (Theoretically
Craigslist could set up some kind of auto-filter.)

~~~
tempestn
Thanks for the ideas. Looks like the FTC takes complaints about this kind of
thing (someone posing as a representative of a business) directly from
consumers. I've asked the people who reached out to us about these guys to
file complaints.

~~~
metters
place a warning to your customers on your homepage. at least they would not
copy that, and word-of-mouth propaganda could have a major impact.

------
lazyjones
Have you bothered notifying the people who are (fraudulently) listed on their
"about" page (Edmunds CEO etc.)? I'm sure they'll get a bunch of lawyers to
work on this once they find out their names and pictures are used in this way.

~~~
tempestn
We did notify Edmunds, yes. Haven't tracked down the rest of those people.

------
kkarakk
[https://www.yelp.co.uk/support/contact/questions?src_article...](https://www.yelp.co.uk/support/contact/questions?src_article_id=000005271)

yelp support will remove their business from their listings. in the short term
i would immediately start grabbing anything related to their domain(social
pages,emails etc) too so you can atleast retain some business that way.

easiest way would probably be to boost your SEO and do everything to make your
site look more "legit". right now it looks like you've just used some sort of
website template. i'd put some work in to customize your website and
strengthen your brand identity

~~~
tempestn
We did report their fake review page to Yelp. Retaining business isn't the
issue; we've very well established and have a known brand in the automotive
enthusiast community. We've been around for over a decade now. The main issue
is that these guys are using our brand to scam people out of their money, and
we want to put a stop to that.

As far as putting more work into our site, we do have a small, dedicated team
of developers and do put quite a bit of work into it. The site has gone
through a number of design updates over the years, the most recent major
overhaul being three or four years ago, but we're continuously developing
features and making incremental improvements. Yours is the first feedback I
recall that it looks like a generic template, so I would hazard that that
isn't a uniformly held opinion, but design is of course subjective. If you
have any specific thoughts on how the UI could be improved, we're always open
to feedback!

~~~
kkarakk
oh it was just your color design that made me think template driven design. so
much blue for no reason.

------
stephen82
I didn't have to look for long to find they have cloned the actual edmunds
website without their consent:

This is the one you reported:
[https://www.autostempest.com/about](https://www.autostempest.com/about)

This is the one I have found while validating each executive's info:
[https://www.edmunds.com.en-usa.online/about](https://www.edmunds.com.en-
usa.online/about)

And this the actual edmunds website: [https://www.edmunds.com/about/executive-
bios.html](https://www.edmunds.com/about/executive-bios.html)

Let edmunds know about it and they will take care of them.

~~~
stephen82
It seems they are aware of the situation: [https://help.edmunds.com/hc/en-
us/articles/115006027527-Ongo...](https://help.edmunds.com/hc/en-
us/articles/115006027527-Ongoing-scam-Edmunds-escrow-fraud)

~~~
tempestn
Yeah, we reported it to Edmunds and they let us know they've dealt with a
bunch of these, although they normally only deal with the ones that use their
name. (Maybe why these guys switched to using ours.) They've also cribbed from
others. Their tagline for instance comes from Vroom.com.

------
VladimirGolovin
Get a lawyer to file a DMCA complaint to their host, payment provider, and,
most importantly, Google. We used this approach to nuke a Romanian cloner who
copied our app.

~~~
metters
what was the outcome?

~~~
VladimirGolovin
The dude was kicked out of of Google and his e-commerce provider.

------
hazz99
Unrelated, but searchtempest.com is a pretty neat little site. You've
mentioned in your bio that you work on it fulltime - does it generate revenue?

I'm interested in sideprojects that became real projects, and am curious what
your story is.

~~~
tempestn
Thanks! SearchTempest and AutoTempest do generate some revenue, yes. You can
read a bit of the origin story here: [https://www.tempestblog.com/about-
us/](https://www.tempestblog.com/about-us/)

------
companyhen
This happened to me with an e-commerce site I run last year. About 10 exact
clones of our site popped up with slightly different names. We had so many
calls from people who were tricked and had no real solution. They were
targeting via Facebook ads mostly as we asked how they found the site.
Contacted Facebook but they would not do anything. Some of the sites still
exist. Reported them to google as well, but didn’t help.

------
viveksingh
This image is being used in their landing page which clearly says your
company's name, a part from that the logo and landing page title also say your
company's name.

[https://www.autostempest.com/assets/vroom/static-
rebrand/img...](https://www.autostempest.com/assets/vroom/static-
rebrand/img/homepage/homepage-hero-mobile_2.png)

------
toomuchtodo
DMCA takedown notice to their host for your copied digital assets, complaint
to the attorney general(s) for fraud in the state(s) they’re operating in. If
you want to bog them down, hire Mturks of similar to respond to their ads.

Some people will say “just execute better”. Fair. Personally, I think you
occasionally need to punch a bully in the face.

~~~
tempestn
Their host is non-responsive and is apparently based in the Netherlands. The
people behind the site itself are anonymous, but I highly doubt they're in the
US. In order to even attempt to find them we would need a court order against
either Namecheap or Quasinetworks, and I expect all we would find is that they
paid in Bitcoin and gave fake info.

We could report to the AGs in states where their known targets reside though;
perhaps that would be another avenue to potentially get Namecheap to take down
the domain.

Edit: also to clarify, it's not that they're stealing our name to run a
competing business. They're using our name to straight up steal money from
people. Not something we want to try and out-compete them at!

~~~
toomuchtodo
There is always an upstream provider. Can’t get the host or their upstream
ISP? Go after namecheap as you mentioned for the domain.

Good luck.

------
bonestamp2
I'm sure namecheap is no coincidence. Probably another detail to look more
like you. Best of luck.

------
harrisonjackson
It really sucks that all of these tactics can and have been used by bad actors
against legitimate businesses, too. Hope you get it figured out!

------
happppy
I have reported fake one to google.

------
mchannon
You could perform a DDOS, though that's illegal in both the US and EU.

Worth a try, but probably unsuccessful: Try and do a password reset with
Namecheap in an effort to gain control of the domain. You have the credentials
to back up what the site purports to be. Call frequently, because Namecheap
would probably not want to handle something this hot if they knew it was this
hot.

Make a (disingenuous) high offer to buy the domain through the filter on the
whois. That'll give you a point of contact if nothing else.

~~~
AnnoyingSwede
They are using cloudflare, so that would be tough even if it was not illegal.
Whois data is protected, so doubt they would respond if contacted.

~~~
ytNumbers
Perhaps, if you provide links to those who have been scammed, you could get
Cloudflare to drop them. With enough time and effort, you might be able to
stop these scammers who are abusing your company's reputation. Sadly, it's
likely these criminals reside in a country that will never prosecute them.
Until browsers/anti-phishing improves enough to flag/hide scams like this,
there will always be plenty of suckers on the internet, and thus, no way to
force these sorts of bad guys to find something else to do with their time.

~~~
tempestn
Cloudflare gave us the name of the host, but won't act beyond that.

