As the internet is decentralized, there is no single authority that can help us make sure that every mention of a brand or content is legitimate. Criminals can create fake web pages and promote them through email, social networks, or advertising channels that can reach thousands or even millions of users in a matter of minutes.
This malicious activity can be very damaging to the brands being impersonated. When users get tricked, they can associate the brand with the unpleasant consequences of the scam, or even attempt to request customer service for counterfeit products or inquire about offers and orders that never truly existed. They may even suspect that a legitimate company is scamming them for not honoring an offer they saw online.
Businesses can avoid many of these situations and protect their consumers by employing brand protection solutions that find and remove illegitimate web content.
This effort is made possible by a takedown – the processing of correctly requesting the removal of content that infringes on trademarks, copyright, the law, and service terms.
What is a takedown, and how does it work?
In the context of online services cybersecurity, a takedown request is an extrajudicial process, a report to an operator of internet infrastructure or digital platform to ensure they become aware of potentially inappropriate content being hosted there. This allows them to take down the infringing content.
One of the most well-known forms of takedown is the Digital Millennium Copyright Act (DMCA) takedown, which can be used to fight piracy. However, most takedown requests do not need to be tied to any specific law.
That's because almost all internet service providers (ISPs), including web hosting and cloud providers, have usage agreements that limit the type of content that can be hosted or the activities that are allowed. If a customer does anything that is outside the allowed boundaries, that activity is deemed network abuse and their account can be suspended, putting a stop to the infringing activity and taking any associated content offline.
Thanks to these agreements, it's possible to send an abuse report and request a takedown even when that service provider is in a different jurisdiction or when local laws don't specifically cover the scam or malicious activity that has been found.
Some examples include:
- Sending bulk email not authorized by the recipient (spam)
- Distributing malware (including trojan horses disguised as legitimate software)
- Hosting web pages that are violating trademarks (for phishing or SEO purposes)
- Creating profiles or messaging accounts that use someone else's identity (including brand identities) without making it clear that the account is meant to be a parody
- Serving advertisements that use images or text that could deceive users into believing the advertisement was made by a different brand or person
- Storing or distributing stolen corporate data or private information
As brand impersonation is very common in phishing and other scams, many of these cases can warrant takedown requests. Before reporting a violation, however, it's essential to gather enough supporting evidence. Otherwise, the service provider cannot investigate the matter and take action.
While the service provider will often be able to suspend the account and take the content offline very quickly based on their service agreements, not all accounts reported for network abuse are malicious themselves. Since criminals can steal the access credentials of ordinary account owners, the infringing content could be hosted alongside a legitimate website.
In such cases, the provider might forward the request to the account administrator. If their customer can't understand the message, that can cause another delay, rendering the request much less effective.
Providers are not legally required to comply with every takedown request, but criminals often need to abuse at least some infrastructure from reputable companies to improve the reach of their campaigns. Otherwise, their malicious websites might be blocked by firewalls and anti-virus software, or all their fraudulent emails will be sent to spam folders.
Reputable providers are more likely to take reports seriously, as they don't want to be complicit with online crime. That's why takedown requests can be very effective for brand protection: there's usually a reputable company somewhere in the chain for each scam, and that provider is an unwilling participant.
Can anyone make a takedown request?
In general, anyone can report a violation of service agreements. They can be somewhat comparable to the content reporting functions available in social networks that many users are familiar with. The difference is in the amount of detail that can be shared and the technical aspects of the report.
For certain types of violations – such as copyright or trademark violations – the service provider might ask for proof that the sender is allowed to represent the brand or copyright holder.
That said, businesses that want to fight brand impersonation and help their customers avoid digital fraud will face several challenges:
- Visibility. To send a report about a violation, you first need to find the violation. This requires a brand protection solution capable of scanning content at scale and automatically prioritizing the most serious incidents.
- Scale. While monitoring efforts already require a certain scale, the reports also must be made at scale. A malicious campaign can have several stages, each involving a different provider — an email, an ad, a social network profile, and a web page, for example. Ideally, a report should be sent to all providers at the same time, as this means the campaign will be disrupted if any of them can put a stop to that activity.
Furthermore, by employing automation to send the reports quickly and with all the necessary evidence, the report is more likely to receive a swift response. This means that the content will be taken down more quickly, and fewer users will be exposed to the threat.
- Expertise. While it's essential to send all the relevant evidence about a violation, it's also a good idea to not send irrelevant information, as this can delay the response. Using concise language and writing clearly in the right tone is important. Service providers receive thousands of reports daily, and they also want to enforce their agreements efficiently — wading through unclear, verbose, or rude messages to extract just a tiny bit of useful information won't make for an efficient process.
A business that tries to send takedowns while lacking in any of these three points may think that this strategy does not yield significant results, but that's not the case at all. If you can find the content you need to report and send notifications quickly without compromising on assertiveness, it is a very effective strategy.
What types of content can be taken down?
Content that is clearly malicious or harmful, such as phishing pages, malware, counterfeit goods, unauthorized use of copyrighted material, fake profiles, fraudulent advertisements, or misuse of a brand’s name or logo, typically qualifies for removal. These cases involve clear violations of policies, laws, or terms of service and pose direct risks to individuals or organizations.
However, issues like negative reviews, personal opinions, or legally protected content, such as free speech, generally cannot be taken down unless they explicitly violate specific regulations or platform guidelines. Understanding these boundaries helps set realistic expectations and prioritize actionable cases to reduce potential harm effectively.
How long does it take to complete a takedown?
Manual takedowns, particularly when performed by someone without the necessary expertise, tend to be significantly slower and less efficient compared to streamlined processes. The time required for each step can vary greatly, but it often involves delays in analysis, evidence collection, and communication with hosting providers or other entities.
Without automations, analyzing and gathering the necessary evidence for a takedown request can take hours. This step often requires manual effort, such as identifying the responsible hosting provider, collecting proof of malicious activity, and ensuring compliance with the appropriate legal or technical standards. The complexity increases when dealing with incidents that span multiple jurisdictions or involve ambiguous terms of service.
Once evidence has been collected, preparing and submitting an abuse report is another time-intensive process. This typically involves drafting the report in a format acceptable to the hosting provider or domain registrar, which can vary widely. Identifying the right contact points and ensuring the request contains all the necessary details to prompt action adds further delays. As a result, manual takedowns can take days or even weeks to see results, leaving malicious content active for a longer period.
In contrast, automated systems like Axur’s streamline this process significantly, not only reducing the time required but also increasing precision and consistency.
What is the difference between automated and manual takedowns?
While manual takedowns rely on individuals to analyze, report, and follow up on malicious activities, automated takedowns streamline these steps using technology to ensure faster and more consistent results.
Axur has decades of experience in abuse reports and takedowns, and we send hundreds of thousands of notifications every year. We've worked tirelessly to create a process that is highly automated and precise, gathering the necessary evidence according to the type of scam that is being reported.
86% of all our takedown requests were fully automated. In many cases, the initial report is sent in a median of 5 minutes after the incident is detected. Sometimes, even faster.
Events history displaying the automated detection of threats and notifications sent to entities, followed by takedown requests and resolution.
What can be done while the takedown is in progress?
The time it takes to complete a takedown can vary depending on the entity being notified, such as hosting providers or domain registrars. While the takedown process is underway, fraud exposure remains a risk, as consumers might still encounter malicious content like phishing pages or malware. To address this, additional proactive measures can be implemented to minimize the likelihood of someone falling victim before the takedown is finalized.
Axur’s Web Safe Reporting plays a critical role in this scenario. This mechanism automatically sends notifications to various global entities, including antivirus software and browsers. These notifications trigger protective actions, such as displaying a "red warning screen" or pop-up alerts when users attempt to access the fraudulent page.
Red warning screen alerting users to a potentially malicious page, triggered by Axur's Web Safe Reporting to mitigate fraud risks proactively.
These interventions significantly reduce the chances of individuals interacting with malicious content, effectively mitigating the impact of the fraud even before the hosting provider removes the page.
What happens if the hosting provider does not comply with the takedown request?
If the hosting provider does not comply with the takedown request, the process typically requires renotification to push for action. In manual processes, this step often involves significant delays as individuals need to identify the appropriate contacts, craft a new request, and attempt alternative approaches—all without guaranteed success.
Axur's automated process and extensive expertise allows us to identify the most effective path forward: we know exactly who to notify, how to notify them, and the best messaging to use. This tailored approach dramatically increases the likelihood of compliance, contributing to our current 98.9% takedown success rate.
Additionally, if the entity delays responding or outright refuses, our system can initiate alternative notifications using different strategies and messages to achieve the desired outcome. The accuracy of our process has gained the trust of several providers, allowing us to use faster channels for reporting when available, such as dedicated APIs.
Get to know the world’s best takedown solution
The Axur Platform is powered by a comprehensive monitoring system that inspects over 15 million websites daily to uncover malicious URLs and activities. With AI-enhanced algorithms, detections are quickly analyzed and prioritized, ensuring precise and efficient takedown requests.
Reach out to us if you'd like to learn more about how our platform works and how our leading takedown solution can help your business take back control of your brands in the online world.
See why Axur has the world's best Takedown
Experts in creating relevant external cybersecurity content to make the internet a safer place.