brand-protection
Strategy: Brand Protection
Guides discovery, reporting, and prevention of brand impersonation—fake websites, phishing sites, trademark infringement, and domain squatting. See domain-selection for defensive domain registration; trust-badges for official site verification signals; about-page for identity declaration.
When invoking: On first use, if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On subsequent use or when the user asks to skip, go directly to the main output.
Initial Assessment
Check for project context first: If .claude/project-context.md or .cursor/project-context.md exists, read it for brand name, official domain, and key assets.
Identify:
- Impersonation type: Fake website, phishing, trademark misuse, domain squatting
- Evidence available: Screenshots, URLs, WHOIS, hosting info
- Legal assets: Registered trademark, copyright ownership
- Impact: Traffic interception (fake site ranks for brand queries)? Payment fraud (users pay on fake site, then contact official support)?
Evidence Collection Checklist
| Item | Action |
|---|---|
| Full URLs | Document all key pages of the fake site |
| Screenshots | Homepage, product pages, logo, layout; include date/time |
| Comparison | Side-by-side: official vs fake (layout, logo, copy similarity) |
| WHOIS | Use ICANN Lookup for registrar, creation date, registrant |
| Hosting | IP lookup to identify hosting provider |
Reporting Channels (Priority Order)
| Channel | Entry | Use Case |
|---|---|---|
| Domain registrar | Abuse / Report Misuse on registrar site | Brand impersonation, trademark, fraud |
| Hosting provider | Same; submit abuse form | Hosting infringing content |
| Google Safe Browsing | Report Phishing | Phishing / impersonation risk |
| Google Trademark | Trademark Complaint or trademark@google.com | Trademark infringement in search; requires registered trademark |
| Bing Content Removal | Content Moderation Platform | Copyright/trademark; content removal from Bing |
| Payment processors | PayPal Resolution Center, Stripe support | If fake site accepts payments; report fraud |
| Social platforms | X, Facebook, Instagram abuse forms | If fake site is promoted or linked there |
| Google Ads / Microsoft Ads | Platform trademark complaint forms | If impersonator runs brand ads |
| DMCA | To hosting provider | Copyright infringement; images, copy, design copied |
| ICANN | DNS Abuse complaint | If registrar does not respond within reasonable time |
Report content: Include full URL, clear description of fraudulent activity, and all evidence (screenshots, logs).
Reporting Best Practices
Registrar vs hosting: Use ICANN Lookup for registrar. For hosting, use IP lookup (HostingCheckerOnline, HostingDetector, ipinfo.io) to find origin server—registrar may be Cloudflare while origin host is elsewhere; report to both.
Cloudflare as registrar: Use abuse.cloudflare.com or abuse form; select "Phishing & Malware" for impersonation. Email complaints are generally not processed; use the online form. Provide specific URLs of infringing pages.
Hosting detection: Sites behind Cloudflare CDN hide origin IP. Use reverse IP lookup or hosting detection tools to identify underlying host; submit abuse to that provider as well.
Parallel reporting: Submit to registrar, host, and Google Safe Browsing simultaneously; do not wait for one before others. Google trademark review takes 1–8 weeks.
Legal Options
| Option | When | Notes |
|---|---|---|
| Cease and desist | Trademark infringement | Lawyer-drafted; often first step |
| DMCA takedown | Copyrighted material copied | Images, copy, design; hosting providers typically comply |
| Consumer protection | Scam / fraud | FTC ReportFraud.ftc.gov (US) |
| Law enforcement | Financial loss, identity theft | IC3 (FBI) for cybercrime |
Prevention Measures
Defensive Registration
- Register brand+ai, brand+app, brand+official, etc. See domain-selection for defensive registration.
- Redirect variants to main domain; do not deploy separate sites.
Official Site Verification
Place "Official website: [domain]" prominently:
- Homepage (above fold or hero)
- Sign-in / Sign-up pages
- Pricing / Payment pages: "Only pay at [official-domain]. Do not enter payment on other domains."
- Footer: "© [Brand]. Official site: [domain]"
- FAQ: "How do I verify I'm on the official site?" → "The only official URL is [domain]. Any other domain is not affiliated."
Use trust-badges for verification signals. See about-page for identity declaration.
Customer Support (Payment Fraud)
When users report "can't use after payment" but no record exists—likely paid on fake site:
- Verify source: Ask which URL they used (request screenshot or URL).
- Response template: Explain that the only official site is [official-domain]; if they paid elsewhere, that site is not affiliated. Recommend: (a) dispute charge with payment provider, (b) use only [official-domain] going forward.
- Roll out template to support team; ensure consistent messaging.
User Education
- Social media pinned post / announcement: "Only use [official-domain]"
- Email signatures, support replies: link to official domain only
Traffic Recovery (When Impersonation Intercepts Search)
| Tactic | Purpose |
|---|---|
| Brand search ads | Run Google Ads and Microsoft Ads on brand terms; ensure official site appears first for brand queries |
| SEO | Strengthen official site for branded queries; Organization schema, clear H1, meta tags. See schema-markup, title-tag |
| Social | Pinned post: "Only use [official-domain]. Beware of impersonation." |
Monitoring (Ongoing)
- Periodic search: brand name + common variants (e.g., brand+ai, brand+app)
- See brand-monitoring for monitoring setup, tool selection, and cadence
Timeline (Typical)
| Phase | Focus |
|---|---|
| Immediate (Days 1–3) | Support template; site declaration; evidence collection |
| Short-term (Week 1–2) | Abuse reports; Google Safe Browsing; DMCA if applicable |
| Traffic (Week 2+) | Brand ads; SEO; social announcement |
| Ongoing | Monitoring; defensive registration if feasible |
Implementation Checklist
Short-term (1–2 weeks): Evidence collection; abuse reports to registrar and host; Google Safe Browsing report; DMCA if applicable; add "Official website" on site.
Medium-term: Add impersonation guidance to domain-selection; official verification to trust-badges, about-page.
Long-term: Periodic search (brand + variants); brand monitoring (BrandShield, Doppel); defensive registration of variants.
Output Format
- Evidence package (checklist, evidence list)
- Report templates (registrar, hosting, Google)
- Timeline (immediate vs medium vs long-term actions)
- Prevention (defensive registration, site verification, user education)
References
- How to Report and Take Down a Fake Website - LegalClarity
- Website Spoofing: Detection and Take Down - BrandShield
- ICANN DNS Abuse Complaints Guide
- Google Safe Browsing - Report Phishing
- Cloudflare Abuse Reporting — use online form; select Phishing & Malware
- Google Trademark Complaint
- Bing Content Removal
Related Skills
- domain-selection: Defensive domain registration; brand variants
- rebranding-strategy: When rebranding, sync brand protection checks
- brand-monitoring: Proactive monitoring setup; tool selection; this skill = reactive takedown
- branding: Brand asset protection; consistency
- trust-badges: Official site verification signals
- about-page: Official identity and domain declaration
- homepage-generator: "Official website" placement
- google-ads, paid-ads-strategy: Brand search ads for traffic recovery
- schema-markup, title-tag: SEO for branded queries