Picture this:

You’re the Managing Director of a successful mid-market private equity group. Your computer beeps to let you know you have a new email message and you smile when you see the name of a potential investor you’ve been pursuing in your inbox. You get confused as you’re reading, however:

“Was visiting your anycapital.com website, and was wondering why you didn’t mention your Hong Kong office at dinner last week? Can you give me more details?”

The message doesn’t make any sense—your website is anycapitalgroup.com, and you don’t have a Hong Kong office. You click on to “anycapital.com,” and what you find there is shocking: there’s your logo, your press clippings, client testimonials, even photos and biographical information of YOU and your employees…all prominently displayed on someone else’s site. The contact page lists your name with a phony email address and a post office box in Hong Kong.

Think this can’t happen to you? Think again.

Unfortunately, in the past year we’ve seen multiple clients fall victim to this type of online fraud—a form of “spoofing” or “phishing”—which is designed to dupe innocent consumers into purchasing counterfeit goods or investing in non-existent companies. Website “spoofers” operate by knocking off the intellectual property and brand equity of reputable businesses. Although they can do so in any number of ways (including by hacking, hijacking or redirecting websites), by far the easiest and most popular way is to set up a “copycat” website at a domain name that is similar to a legitimate business site, and then illegally copy and republish enough of the real site’s content to make the counterfeit website appear legitimate.

Most consumer products companies recognize the importance of branding, and are therefore very proactive when it comes to identifying and stopping sales of counterfeit products. Financial services companies understandably tend to pay less attention to copyright and trademark rights, because historically infringement has been less of a threat. But private equity firms, investment banks, and other organizations in the financial sector are especially attractive targets for modern online scammers—they steal your credentials, good name and brand equity to lend themselves a gloss of credibility, which they then use to coerce unsuspecting investors into parting with their money. As such, there are steps you can—and should—take now to properly prepare yourself for these online threats.

First, do what you can to prevent becoming a victim. Make sure that you are using appropriate trademark and copyright notices on your site to let visitors know that your content belongs to you and copying is not allowed. Talk to your IT department to explore whether you can disable right-click copying or use other forms of technology to make it harder to lift your site content.

Second, set up an informal monitoring system so that you can identify a scam involving your IP before one of your clients or contacts comes across it. Many Fortune 100 companies find themselves targeted by spoofers and other online scammers so often that they have no choice but to pay big dollars to round-the-clock monitoring services that immediately identify and respond to each new threat. For smaller companies, for whom these threats are a rarer occurrence, a more measured approach is appropriate. This can be as simple as having one of your employees do a quick “Google check” on a weekly or monthly basis to make sure that the search results, photos and links showing up when your business name is entered into the major search engines are all legitimate.

Finally, make sure that you can prove you own everything you already think of as “yours”–business name, logo, trade identities, and the content on your website and other electronic marketing materials, including photos, graphics and text. The quickest and cheapest means of stopping an online infringer is to send a “takedown notice” to the Internet Service Provider hosting the site. Although each ISP will have its own takedown policies, all of them require that you prove who you are and what your rights are—i.e., that you are the true owner of the intellectual property that has been knocked off. Most businesses today outsource web design and development work, but we find that all too often, companies fail to make clear that they, and not the vendor, are the owner of the intellectual property rights in the final product. To avoid unnecessary delays in the event your site is spoofed, take steps now to confirm you own or have appropriate licenses to all of the copyrightable content on your site and in your marketing materials, and obtain federal trademark registrations to the extent appropriate.