What is the appropriate action to take?
The type of fraudulent activity involved will dictate the appropriate course of action to take in reaction to the fraud:
"My website has been copied"
You may consider contacting the fraudulent company, or the Internet Service Provider (ISP) that hosts the website, directly to request that the the fraudulent website or the copied material is taken down. You should provide evidence of the copying when making this request, eg screen shots of both websites. An advantage of contacting the ISP first, is that it may be possible to have the website taken down without the owner's input.
If your website or its contents have been completely or partially copied and you have been unsuccessful in removing the fraudulent website by contacting the responsible company/its ISP directly, legal remedies for the protection of your trade marks or copyright may be the best course of action. The legal remedies available will vary depending upon the jurisdiction. Short-term solutions may include applying to the court for an interim injunction to put an immediate stop to the fraudulent activity. In certain cases, this can be done without the other party being present (an ex parte injunction). In certain jurisdictions, applications for interim injunctions must be brought quickly otherwise a court may deny injunctive relief on the basis of unnecessary delay.
Securing an interim injunction will limit the fraudulent activity quickly, allowing you time to build a more extensive body of evidence for court actions specifically designed to give longer-term protection to your reputation, trade marks or copyrighted material.
"Someone has registered a domain name which is identical or similar to one I have already registered"
If your domain name has been copied (so-called "cyber squatting") or if someone has registered a very similar domain name to your website, there are certain non-legal remedies available to you which could result in the infringing domain name being suspended or transferred to you. For example, under the Uniform Domain-Name Dispute-Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) used by ICANN, you may engage in a dispute resolution procedure overseen by an approved neutral third party with expertise in the field of IT Intellectual Property issues. This is only an option for domain names that could be registered with ICANN (ie generic top level domains, including .com; .net; and .org).
Different jurisdictions may have their own dispute resolution service for jurisdiction-specific addresses. For example, Nominet (the body responsible for .uk top level domains) has its own dispute resolution service, offering mediation advice and decision by an impartial expert.
Before pursuing a dispute resolution procedure, you should consider contacting the owner of the domain name, informing them of your rights and requesting that the domain name is transferred to you. However, the benefits and risks of this approach will vary depending on the jurisdiction.
You should also consider requesting that the fraudulent company or individual's ISP removes any fraudulent website built up around the fraudulent domain name.
"My website has been hacked"
Your primary concern will likely be the recovery of your website. The process and time for recovery will be informed by the extent of the damage.
You may need third party assistance, eg from your website host or developer, to identify the full extent of the damage caused, and its source (the vulnerability), as well as to assist you with the recovery. You will likely need to shut down your website during this process.
Once your website has been restored, and the vulnerability that was exploited by the hacker is fixed, you should review your policies/procedures for keeping your website secure in the future.
You should also consider at the outset:
- whether a crime has been committed under the Computer Misuse Act 1990
- whether you are under any obligation to notify any regulatory or other authority, eg the police, of the hack
- whether you need to inform any individuals of the hack. If personal data has been lost or stolen, see A loss or theft of personal data
- whether any of your intellectual property rights have been infringed