Brand Protection
Respond to fake sites, phishing, and trademark abuse with evidence collection, reporting steps, and prevention aligned to your official brand assets.
Overview
Brand Protection is an agent skill most often used in Launch (also Operate, Grow) that guides discovery, reporting, and prevention when your brand is impersonated online.
Install
npx skills add https://github.com/kostja94/marketing-skills --skill brand-protectionWhat is this skill?
- Triages impersonation types: fake websites, phishing, trademark misuse, and domain squatting
- Reads project context from .claude/project-context.md or .cursor/project-context.md for brand name and official domain
- Structures evidence collection: screenshots, URLs, WHOIS, and hosting details for takedowns
- Connects to domain-selection, trust-badges, about-page, and brand-monitoring for defense in depth
- Frames impact: traffic interception vs payment fraud on clone checkout pages
- 4 impersonation types in initial assessment (fake site, phishing, trademark misuse, domain squatting)
Adoption & trust: 736 installs on skills.sh; 586 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
A copycat site or squatted domain is intercepting branded search or stealing payments and you need an actionable takedown path without guessing legal steps.
Who is it for?
Founders who see SERP clones, suspicious domains, or customer reports of paying the wrong site and need a first response playbook.
Skip if: Routine brand sentiment tracking without active abuse—use brand-monitoring—or choosing primary domains before launch without an impersonation incident.
When should I use this skill?
User faces brand impersonation, fake websites, phishing sites, or trademark infringement, or mentions fake site, impersonation, phishing site, trademark infringement, domain squatting, or brand abuse.
What do I get? / Deliverables
You get a structured assessment, evidence checklist, and reporting/prevention plan tied to your official domain and trademark posture.
- Impersonation assessment and impact classification
- Evidence collection checklist
- Reporting and prevention action plan
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Brand impersonation directly harms distribution and trust at go-to-market; Launch/distribution is the canonical shelf for protecting how customers find and pay the real product. Distribution covers search interception, official domain presence, and stopping fraudulent channels that steal launch traffic.
Where it fits
A typosquat domain appears in ads the week you announce—gather evidence before paid launch spend compounds losses.
Support tickets mention a phishing checkout that mirrors your UI—classify payment-fraud impact and escalate to host/registrar.
Publish an official warning post and trust badges after a takedown to steer searchers to the real domain.
Strengthen about-page identity declarations referenced by the skill after resolving a clone incident.
How it compares
Use instead of ad-hoc DMCA emails without WHOIS, hosting, and impact classification.
Common Questions / FAQ
Who is brand-protection for?
Solo builders and small teams with a public brand, marketing site, or checkout flow who discover impersonation, phishing, or trademark misuse targeting their customers.
When should I use brand-protection?
Use at Launch when branded queries show fakes, during Grow if scams scale with traffic, and in Operate when fraud spikes; also when users say fake site, domain squatting, or brand abuse.
Is brand-protection safe to install?
The skill may guide you to collect public URLs and WHOIS data; review the Security Audits panel on this page and avoid pasting live credentials or private customer data into chats.
SKILL.md
READMESKILL.md - Brand Protection
# Strategy: Brand Protection Guides discovery, reporting, and prevention of brand impersonation—fake websites, phishing sites, trademark infringement, and domain squatting. See **domain-selection** for defensive domain registration; **trust-badges** for official site verification signals; **about-page** for identity declaration. **When invoking**: On **first use**, if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On **subsequent use** or when the user asks to skip, go directly to the main output. ## Initial Assessment **Check for project context first:** If `.claude/project-context.md` or `.cursor/project-context.md` exists, read it for brand name, official domain, and key assets. Identify: 1. **Impersonation type**: Fake website, phishing, trademark misuse, domain squatting 2. **Evidence available**: Screenshots, URLs, WHOIS, hosting info 3. **Legal assets**: Registered trademark, copyright ownership 4. **Impact**: Traffic interception (fake site ranks for brand queries)? Payment fraud (users pay on fake site, then contact official support)? ## Evidence Collection Checklist | Item | Action | |------|--------| | **Full URLs** | Document all key pages of the fake site | | **Screenshots** | Homepage, product pages, logo, layout; include date/time | | **Comparison** | Side-by-side: official vs fake (layout, logo, copy similarity) | | **WHOIS** | Use [ICANN Lookup](https://lookup.icann.org/) for registrar, creation date, registrant | | **Hosting** | IP lookup to identify hosting provider | ## Reporting Channels (Priority Order) | Channel | Entry | Use Case | |---------|-------|----------| | **Domain registrar** | Abuse / Report Misuse on registrar site | Brand impersonation, trademark, fraud | | **Hosting provider** | Same; submit abuse form | Hosting infringing content | | **Google Safe Browsing** | [Report Phishing](https://safebrowsing.google.com/safebrowsing/report_phish/) | Phishing / impersonation risk | | **Google Trademark** | [Trademark Complaint](https://services.google.com/inquiry/aw_tmcomplaint) or trademark@google.com | Trademark infringement in search; requires registered trademark | | **Bing Content Removal** | [Content Moderation Platform](https://www.bing.com/webmaster/contentremovalform/showanonymouspage) | Copyright/trademark; content removal from Bing | | **Payment processors** | PayPal Resolution Center, Stripe support | If fake site accepts payments; report fraud | | **Social platforms** | X, Facebook, Instagram abuse forms | If fake site is promoted or linked there | | **Google Ads / Microsoft Ads** | Platform trademark complaint forms | If impersonator runs brand ads | | **DMCA** | To hosting provider | Copyright infringement; images, copy, design copied | | **ICANN** | [DNS Abuse complaint](https://www.icann.org/en/system/files/files/submitting-dns-abuse-complaints-icann-guide-17nov25-en.pdf) | If registrar does not respond within reasonable time | **Report content**: Include full URL, clear description of fraudulent activity, and all evidence (screenshots, logs). ## Reporting Best Practices **Registrar vs hosting**: Use [ICANN Lookup](https://lookup.icann.org/) for registrar. For hosting, use IP lookup (HostingCheckerOnline, HostingDetector, ipinfo.io) to find origin server—registrar may be Cloudflare while origin host is elsewhere; report to both. **Cloudflare as registrar**: Use [abuse.cloudflare.com](https://abuse.cloudflare.com/) or [abuse form](https://abuse.cloudflare.com/phishing); select "Phishing & Malware" for impersonation. Email complaints are generally not processed; use t