IMHO you should take action ASAP - at the cost of sacrificing all traffic coming from them. Regardless of their endgame, I'd just detect the HTTP referer and redirect back to them: crawlers and browsers will detect the redirect loop and happily complain about their domain. This will render their redirects ineffective, eg. any phishing attempt will have broken links.
This is preferable rather than returning 404, 403, or warning users something fishy is going on - since anything you return from your site will have browsers and crawlers complaining about your site, and your URL/contents might suffer penalties or deindexing as a result.
Edit: as others have noted, the HTTP referer is not really useful most of the time - if at all (though legitimate, known good referrers may exist).
So what's left is 1) filing a DMCA request with their registrar and 2) hosting provider, 3) checking offending inbound links and using Google’s Disavow Links tool. And if they're plagiarizing some contents, also 4) asking Google to remove infringing pages from their index. I had to do the latter a few years ago.
This is preferable rather than returning 404, 403, or warning users something fishy is going on - since anything you return from your site will have browsers and crawlers complaining about your site, and your URL/contents might suffer penalties or deindexing as a result.