Incident Response

Reporting Brand Abuse: Taking Down Fake Shopify Stores

A complete guide to reporting and removing websites, domains, and social accounts impersonating your Shopify brand.

brand abuse takedown reporting legal action
Last updated

Types of Brand Abuse to Report

Brand abuse against Shopify merchants takes many forms:

  • Fake storefronts: Websites impersonating your store to steal customers
  • Phishing sites: Pages designed to capture customer login or payment info
  • Counterfeit sellers: Unauthorized sites selling knockoffs of your products
  • Trademark infringement: Domains or sites using your brand name illegally
  • Social media impersonation: Fake accounts pretending to be your brand
  • Malicious ads: Advertising using your brand to redirect traffic

Each requires different reporting approaches.

Gathering Evidence

Before reporting, document everything:

Website Evidence

  • Full URL of the infringing site
  • Screenshots of every page (with timestamps)
  • WHOIS information for the domain
  • Hosting provider details
  • Any payment processor logos visible

Content Evidence

  • Specific examples of copied content
  • Your original content for comparison
  • Product images that match yours
  • Trademark usage screenshots

Impact Evidence

  • Customer complaints received
  • Sales lost to the fake site
  • Support tickets about confusion
  • Any phishing attempts reported

Store everything in a folder with dates. You’ll need this for formal complaints.

Reporting to Domain Registrars

Find the Registrar

Use WHOIS lookup (whois.com, who.is) to identify where the domain is registered.

Locate Abuse Contact

Most registrars have an abuse email (abuse@registrar.com) or web form.

Submit Complaint

Include:

  • The infringing domain
  • Your trademark information
  • Specific violations (impersonation, trademark, phishing)
  • Evidence (attach screenshots)
  • Requested action (domain suspension/transfer)

Follow Up

If no response in 72 hours, follow up. Escalate to ICANN if the registrar is unresponsive.

Reporting to Hosting Providers

Identify the Host

Use tools like BuiltWith or SecurityTrails to find where the site is hosted.

Common Provider Abuse Contacts

What to Include

  • URL of the infringing site
  • Explanation of the infringement
  • Evidence of trademark ownership
  • Screenshots of the abuse
  • Any customer impact

Reporting to Search Engines

Get fake sites removed from search results:

Google

  1. Use Google’s Legal Removal Request form
  2. Select “Web Search”
  3. Choose appropriate category (trademark, phishing)
  4. Provide URLs and evidence
  5. Submit trademark documentation

Bing

  1. Visit Bing’s Content Removal page
  2. Follow the trademark infringement process
  3. Provide documentation

Results

Search engine removal doesn’t take down the site but makes it much harder to find. This limits damage while you work on other takedowns.

Social Media Impersonation Reports

Facebook/Instagram

  1. Go to the fake page/account
  2. Click ”…” menu > Report
  3. Select “Pretending to be someone”
  4. Choose “A business or organization”
  5. Follow prompts to submit

Twitter/X

  1. Report via the Help Center
  2. Select trademark infringement
  3. Provide trademark documentation
  4. Submit fake account details

TikTok

  1. Report the account directly
  2. Select “Impersonation”
  3. Provide your brand documentation

Consider an attorney when:

  • Registrar/host is unresponsive
  • The infringer is in a different country
  • Significant revenue is being lost
  • Customer data may be exposed
  • You need to pursue UDRP
  • Criminal activity is involved

An attorney can send cease-and-desist letters, file UDRP complaints, and pursue litigation if needed.

Creating a Takedown Process

For ongoing protection:

Regular Monitoring

Check for new brand abuse weekly or use automated monitoring tools.

Template Responses

Prepare template takedown request letters you can customize quickly.

Tracking System

Log all reports, responses, and outcomes. Some infringers operate multiple sites.

Escalation Path

Know when to escalate from self-service reporting to legal involvement.

How Recon Helps

Recon supports your brand protection by:

  • Monitoring for domain registrations impersonating your brand
  • Detecting fake sites using your content
  • Alerting you when brand abuse is detected
  • Providing takedown request templates and guidance
  • Tracking your takedown request status

FAQ

Q: How long do takedowns typically take?

A: Phishing sites hosted by major providers often come down within 24-48 hours. Trademark-based takedowns may take 1-2 weeks. Uncooperative hosts or offshore registrations can take much longer.

Q: What if the fake site is in another country?

A: International enforcement is harder but not impossible. Focus on the hosting provider (often US/EU-based even if the registrant isn’t). UDRP works internationally for domain disputes.

Q: Should I contact the person running the fake site directly?

A: Generally, no. Direct contact tips them off to monitor enforcement efforts. Focus on reporting to registrars, hosts, and platforms instead. Let authorities make contact if needed.

Want us to monitor this for you?

Run a free brand security audit with Recon and see your vulnerabilities in minutes.

Run Free Audit

Related Articles

Your Domain is Compromised: Emergency Response Guide

Immediate steps to take if you suspect your Shopify domain has been hijacked or compromised.

Back to Knowledge Base