What Is Cybersquatting? Understanding the Digital Threat

Cybersquatting — the use of fraudulent internet domains — is a technique used by criminals mainly to take advantage of the victim’s trademark and brand. It’s also used as a technique for data theft or fraud, and sometimes the aim is to sell the domain back to the company or individual that’s being impersonated. Cybersquatting is less common than it used to be, thanks to greater awareness amongst firms keen to protect their brand, but still happens pretty often: in 2024, the WIPO Arbitration and Mediation Center handled nearly 6,200 cases. We look at the different types of cybersquatting, and how to protect your brand.

What Is Cybersquatting?

Cybersquatting refers to the practice of registering a domain name that’s identical or similar to a genuine domain. The domain name might, for example, be company_name.com, where the real firm uses company-name.com.

Sometimes, though rarely, cybersquatters will find a business that has no registered domain at all, making their job even easier. There are various motivations for cybersquatters, from financial to malicious, and a cybersquatted domain can cause serious reputational loss as well as money. The fake site may, for example, host phishing scams, sell counterfeit products or take payment without fulfilling orders. Victims are usually companies — often well-known brands — but occasionally a high-profile individual may be targeted to cause them reputational damage.

Cybersquatting Examples

There are several types of cybersquatting, with different motivations and techniques. They range from typosquatting — exploiting common misspellings of words or company names — to the impersonation of famous figures.

In some cases, cybersquatters take a bulk approach to their activities, registering dozens of domains, or automatically monitoring numerous companies in case their domain name registrations lapse. In other cases, they hold firms to ransom, demanding money in return for handing over the domain.

Typosquatting

Typosquatting involves buying and registering domain names that are common misspellings of real ones. Sometimes, these involve frequently misspelled words, sometimes they’re common typos.

The aim of typosquatting is usually to collect personal data or download malware onto the victim’s device — for example, when in 2006, typosquatters registered Goggle.com, installing a dodgy antivirus program. The case was settled out of court. In another set of examples, several candidates in the 2020 U.S. presidential election had fake URLs that were close to their names set up, spreading misinformation or hosting fake fundraising pages.

Name Jacking

Some cybersquatters will register domains associated with public figures, celebrities or even sometimes their enemies. The aim may be to piggyback off the victim’s success to, for example, spread spam or malware or to damage their reputation.

It’s one of the most popular types of cybersquatting. In one example, back in 2000, Madonna successfully sued a cybersquatter who had registered madonna.com and used it to host porn, and gained control of the domain.

Identity Theft

Identity theft is the most basic form of cybersquatting: registering a domain that’s a variation of a company’s name to impersonate it.

The website may mimic a legitimate site to harvest personal or financial information for the purposes of fraud. It may also sell counterfeit products. In 2007, Dell took legal action against three website registrar firms, accusing them of unlawfully registering and profiting from 1,100 domain names that were similar to Dell’s own trademarks.

Reverse Cybersquatting

In reverse cybersquatting, the cybersquatters attempot to make sure that their fraudulent website can’t be taken away.

After picking a target, they register a business with the same or a very similar name. They can then register that domain and trademark rights, enabling them to argue that they have a legitimate right to the domain. They may even attempt to argue that the real business is the cybersquatter.

Domain Name Warehousing

In domain name warehousing, would-be cybersquatters monitor domain names that are about to expire — and try to jump in and register them themselves if the owner fails to do it in time.

They can then hold the original owner to ransom, demanding money to reassign the domain name. To increase the pressure, they may threaten to misuse the website in the meantime. In one example last year, a British digital marketing expert was able to buy Reform party leader Nigel Farage’s NigelFarageMEP.co.uk and redirect it to Michel Barnier’s website — just for fun.

Is Cybersquatting Illegal?

Most countries have laws against cybersquatting, allowing organizations to gain control of cybersquatted domain names and seek damages against the registered holder.

In the US., cybersquatting is covered by the Anti-Cybersquatting Consumer Protection Act of 1999, while the European Union Intellectual Property Office (EUIPO) has enforcement powers against domain name infringements. Meanwhile, the World Intellectual Property Organization (WIPO) Arbitration and Mediation Center will transfer or cancel a domain name if it’s identical or confusingly similar to a trademark over which the complainant has rights, and the domain name has been registered and is being used in bad faith.

Cybersecurity Risks Associated With Cybersquatting

There are a number of risks associated with cybersquatting. One of the most obvious is reputational damage. Potential customers taken to sites filled with spam, misinformation or malicious software will lose faith in the brand.

Meanwhile, customers visiting the fake site aren’t visiting the real one, leading to loss of sales. Cybersquatting can also lead to data breaches, tricking visitors into providing sensitive information such as passwords or payment details. This exposes companies to legal fees, fines and the costs of damage control. And with many cybersquatters attempting to sell their fake domain name back to the legitimate website owner, there can also be a high direct price to pay.

How To Protect Your Data From Cybersquatting

The way to avoid cybersquatting is, of course, to make sure you snap up every domain name that could be associated with your organization.

That means not just your main domain, but also all possible variations, including common misspellings. And if, for example, your domain is company.com, you should also register other common top-level domains, such as .net, .biz or .org, along with country-specific extensions. You should also register your business name as a trademark, which will give you clear grounds to file a case. And you should monitor regularly to check whether domains similar to yours have been registered — there are a number of services that do this and will issue alerts. Finally, make sure you renew your genuine domain, along with the alternates, to make sure cybersquatters don’t spot them expiring and snap them up.

Bottom Line

Cybersquatting can have serious implications for its victims, from reputational damage to financial losses and lawsuits. It’s possible to protect your brand from such attacks — and take legal recourse if it happens — but staying safe from cybersquatting takes initial effort and continuous monitoring.