Legal Guide Against Fake Hotel Sites: TCK 158, 244, 245, and Law No. 5651

In one client's experience, a fake booking site using their hotel's name remained active for three weeks. During this period, it was determined that at least 40 guests made payments but never received a booking confirmation. The hotel management had to fight on multiple fronts simultaneously—both to remove the fake site and to support the victimized guests.

In such cases, the answer to the question "what should I do?" may not seem clear. Which authority to apply to, how to collect evidence, how to remove the domain—these are all separate processes, and each has different channels. This guide explains the legal and technical processes against fake hotel sites step-by-step.

Fake hotel site issues don't fit perfectly into a single legal regulation or a single institution. From the perspective of Turkish law, because it falls under multiple crime definitions, it's necessary to apply to multiple authorities. On the other hand, domain removal and site blocking processes also involve technical and administrative channels. When the international dimension is added (most fake sites are hosted on overseas servers), the process becomes even more complicated.

The good news is this: when every stage is carried out systematically, results can be achieved. In our research, we've seen that most hotels using the correct channels manage to have fake sites removed within 2-4 weeks.

This article covers fraud carried out through information systems. Taking money from guests through fake hotel sites can be evaluated under this article.

Penalty: 3 to 10 years of imprisonment and a judicial fine.

Industry experts state that crimes under this article can be investigated by the prosecutor's office ex officio (without the need for a complaint). However, the complaint from the hotel management opens the way for the investigation and concretizes the evidence.

Fake site operators cloning the hotel's web infrastructure or redirecting users may fall under this article.

Penalty: 1 to 5 years of imprisonment.

If real credit card information is collected on the fake site, this article also comes into play.

Penalty: 3 to 7 years of imprisonment.

In cases where the fake site operation is carried out coordinately by more than one person, an additional crime element may arise.

Additional penalty: 2 to 6 years.

If your hotel's logo, photos, and written content are used without permission on the fake site, copyright infringement comes into question. This serves as strong supporting evidence in domain removal processes.

The most critical stage in the legal process is collecting evidence. All your applications will be based on this evidence; therefore, systematic and complete documentation must be done.

• Screenshots: The homepage of the fake site, the booking form, the payment page, contact information, and all sections where the hotel name and logo are used. Ensure that the date and URL are visible.
• WHOIS Record: Can be queried via who.is or whois.domaintools.com. It contains domain owner, registration date, and registrar company information. Save this information because it may be hidden later.
• SSL Certificate Information: Certificate details via the browser (by whom, when obtained, for which domain).
• DNS Records: Can be queried with MXToolbox or similar tools. IP address, nameserver information.
• Archive Records: If there is a record of the fake site in the Wayback Machine (web.archive.org), this can also be documented.
• Payment Proof: If payment receipts can be collected from victimized guests, they create strong supporting evidence.

In one client's experience, when they applied to the prosecutor's office, they had forgotten to save the WHOIS information. Within a few days after the application, the attacker activated the domain privacy service, and the registrant information became invisible. Therefore, evidence collection should be done as soon as possible.

A written criminal complaint can be filed with the nearest Chief Public Prosecutor's Office along with the collected evidence. The petition should include:

• Your hotel's identity and trade name
• The URL of the fake site and the detection date
• The TCK articles used (158/1-f, 244, 245)
• All digital evidence (screenshots, WHOIS record, etc.)
• Statements from victimized guests, if any
• Your request: initiation of an investigation and identification of the suspect

Applying particularly to prosecutor's offices that have a Cybercrime Bureau in large cities can speed up the process. These bureaus are active in Istanbul, Ankara, Antalya, and Izmir.

Two different paths exist under Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications for blocking access from Turkey or removing content.

Access from Turkey can be blocked by a court or BTK decision for content within certain crime categories. The process works as follows:

• Application is made to the Criminal Court of Peace
• The judge can decide within 24 hours
• If the decision is approved, the BTK implements the access block

This path doesn't completely remove the site; it only blocks access from Turkey. Attackers can continue to access the site with a VPN, and guests might face the same situation if they use one. Therefore, it is not sufficient on its own.

A removal request can be sent to the content owner (site operator) and the hosting service provider. If no response is received, a mandatory removal decision is requested via the court.

Besides legal applications, there are also parallel channels that will speed up the technical removal of fake sites.

The vast majority of fake sites are hosted behind the Cloudflare CDN. An abuse report can be made via Cloudflare's "abuse.cloudflare.com" address. Classify the reports as phishing and brand infringement and add your evidence.

Report the fake site to Google's Safe Browsing system. When the site is marked as "dangerous", warnings begin to show in Chrome and other browsers. This is one of the most effective ways to effectively restrict users' access to the site.

It's the equivalent mechanism for Bing and Internet Explorer/Edge users. A notification should also be made to Microsoft.

Send an abuse report to the abuse email address of the registrar determined in the WHOIS query. According to ICANN policy, registrars must evaluate these reports.

USOM, under the BTK, coordinately monitors cyber threats in Turkey. A notification can be made to [email protected].

You can apply directly via the BTK's notification form (ihbar.btk.gov.tr).

If the fake site operator is using a domain that contains your hotel's trade name or brand name, ICANN's Uniform Domain-Name Dispute-Resolution Policy (UDRP) process can be operated.

Three conditions must be met in a UDRP application:

1. The domain name is confusingly similar to the complainant's trademark.
2. The domain owner has no legitimate rights or interests in this name.
3. The domain was registered and/or is being used in bad faith.

The process is conducted through authorized arbitration institutions like WIPO or Forum and takes an average of 45-60 days. In successful applications, the domain is taken from the fake operator and transferred to the complainant or cancelled.

Industry experts state that the UDRP process gives extremely effective results in cases with legally strong evidence. Especially the success rate of hotel brands with registered trademarks is quite high.

In our research, we've seen that hotels using all channels simultaneously get results within these time frames:

• Google Safe Browsing marking: 24-72 hours
• Registrar removal decision: 3-14 days (varies by registrar)
• BTK/5651 access blocking: 1-7 days
• Cloudflare service disruption: 3-10 days
• UDRP process: 45-60 days
• Prosecutor's investigation: Several months (long-term process)

Practically, the ones that create the fastest impact are Google Safe Browsing and registrar notifications. UDRP gives the most definite result for those who want to get the domain back permanently.

One element that is critically important but not often addressed is trademark registration. If your hotel name has a registered trademark with the Turkish Patent and Trademark Office (TÜRKPATENT), you are in a much stronger position both in the UDRP process and in court stages.

A registered trademark provides several practical advantages:

Strong Ground in UDRP: In the arbitration process, the complainant's rights are based on a concrete document. The attacker cannot make a defense like "I can use this name too."

Fast Injunction: When requesting an interim injunction for a temporary access block during the court stage, being a registered trademark owner significantly increases the probability of the request being accepted.

Stronger Notification to the Registrar: Many international registrars respond much faster to registered trademark infringement notifications within the scope of the non-complaint domain registration agreement.

If your hotel name is not yet registered, this process takes an average of 12-18 months in Turkey. Although the process is long, it's important to start it; even having made a registration application serves as a supporting document in some procedures.

Correctly guiding your guests who have been victimized by a fake site is both an ethical responsibility and a practical step toward protecting your reputation. Guests who hear about complaints but aren't guided can sometimes portray the situation on social media as if it's the hotel's responsibility.

1. Contact with the Bank or Credit Card Company: If the victimized guest made the payment by credit card, suggest they request a chargeback (payment cancellation). This request can generally be made within 60-120 days from the transaction date, and the success rate for payments made to fake sites is quite high.
2. Individual Complaint to the Police Department: Victims individually filing a complaint with the Cybercrime branch or via e-government strengthens the prosecutor's investigation.
3. Consumer Arbitration Committee: An administrative channel that can be applied to for the purpose of compensating financial losses.

In our client's experience: a resort hotel sent a detailed information email to victims of a fake site; it included a chargeback guide and complaint form links. The vast majority of guests got their payments back, and the hotel protected guest satisfaction during this process. Some guests even shared positive reviews for the hotel for managing the process honestly.

There is a cost to these processes, which shouldn't be ignored. However, compared to the reputational loss and guest losses caused by fake sites, these costs are usually justified.

Lawyer's Fee: A lawyer experienced in the field of cybercrime requests between 3,000-8,000 TL for criminal complaints and 5651 applications. An additional fee is required for a UDRP application. UDRP Application Fee: Varies by arbitration institution; approximately $1,500 for a single panelist at WIPO. Time Cost: Managing all channels coordinately requires 3-5 hours of time per week from the hotel manager or communications officer.

In our research, it was revealed that hotels that know the process and take quick action both get faster results and see total costs drop significantly compared to hotels that don't know the process. Actions initiated within the first 48-72 hours often make long-term legal processes unnecessary.

To learn step-by-step what needs to be done when your hotel site is copied after the fake site is detected, you can refer to our guide on what to do when your hotel site is copied. You can benefit from the WIPO UDRP portal and the ICANN WHOIS database to access institutions that can be applied to in international arbitration processes.

Do I definitely need a lawyer to close the fake site? A lawyer is not mandatory for registrar notification and BTK/USOM application; you can carry out these steps yourself. However, working with a lawyer experienced in cyber law in prosecutor criminal complaints and UDRP processes significantly increases the effectiveness and speed of the process. In complex cases (large number of victims, overseas server), legal support is definitely recommended.

Can I also close fake sites hosted abroad? Yes; however, the process may take longer. Abuse notifications to international hosting providers, URL notifications to Google Safe Browsing, and WIPO UDRP applications are the most effective tools in this case. Courts in Turkey cannot apply direct sanctions to overseas servers; however, results can be obtained at the domain level through UDRP and CDN providers like Cloudflare.

The fake site was removed; what should I do if it opens again? It's common for the same attacker to register a new domain. Therefore, it's important to set up the process not as a one-time thing but as a continuous monitoring routine. If a domain is closed and there's an arbitration decision, it sets a precedent for subsequent applications and speeds up the process.

What is the penalty in cases opened under the TCK? In aggravated cyber fraud under TCK Article 158/1-f, imprisonment from 3 years to 10 years is foreseen. In the crime of damaging information systems under Article 244, imprisonment from 1 year to 5 years is foreseen. Conviction rates depend on the strength of the evidence and whether the suspect is accessible in Turkey.

Detect your fake hotel site, collect the necessary evidence, and start the legal process. The RuuSafe platform offers takedown petition templates, BTK/USOM notification forms, and a UDRP application guide ready to use. Detect your fake sites today with a free scan.