How does a copycat or lookalike website scam work?
Copycat websites mirror legitimate government, banking, or retail sites to harvest login credentials, collect payment for services available free elsewhere, or sell counterfeit goods under a credible brand.
Last reviewed: 10 June 2026
Explanation
A copycat site is built to visually replicate a trusted original. The operator registers a domain name that is one character different from the real one, uses a lookalike top-level domain (e.g. .org instead of .gov), or inserts additional words (e.g. 'official-service-renew.com'). The page design, logos, and content are copied directly. Search engine advertisements may place the fake site above the genuine one for relevant queries.
Government service copycats are particularly effective because many people are uncertain what official government websites look like. These sites charge fees to process applications for passports, driving licences, visa forms, or benefit claims that are either free or much cheaper through official channels. The application itself may be submitted — or may never be.
Banking copycats harvest login credentials and two-factor codes. Retail copycats take payment for goods that arrive as cheap counterfeits, do not arrive at all, or harvest card details for further fraud. In all cases the victim believes they are on a legitimate site.
Some copycat operations target victims after other frauds: fake courts, fake law firms, and fake asset recovery agencies use professional-looking websites to add legitimacy to their demands.
Common red flags
- The URL contains extra words, hyphens, or a different domain extension from the real site
- You arrived via a paid search advertisement rather than by typing the address directly
- A government or bank service that is normally free charges a fee on this site
- The SSL certificate is present but issued to a company name different from the expected one
- The page design is identical to a well-known site but the URL does not match
- Contact information or terms of service are thin or absent
What to do now
- Always type government or bank website addresses directly rather than clicking search result links
- Check the URL bar carefully before entering any credentials or payment information
- Verify government service fees on official guidance pages before paying any site
- If you entered credentials on a copycat site, change your password immediately
- Report copycat sites to the brand they impersonate and to your national cybercrime agency
- Contact your bank if payment details were entered on a site you now suspect was fraudulent
Frequently asked questions
Does a padlock icon in the browser mean the site is safe?
No. The padlock means the connection is encrypted, not that the site is legitimate. Fraudulent sites routinely use HTTPS and display the padlock. Check the URL, not the padlock.
How do copycat sites appear above real ones in search results?
By purchasing paid search advertisements. The organic search algorithm may rank the real site higher, but paid ads appear first. Always look critically at the URL of top search results.
Can I report a copycat site to have it removed?
Yes. Report to the registrar of the fraudulent domain, the hosting provider, the search engine displaying ads for it, and your national cybercrime agency. Removal speed varies but reports help.