Cybersquatting Definition
Cybersquatting (or domain squatting) is an unauthorized registration of domain names that are the same or similar to a trademark, service mark, or a company or personal brand. It’s a form of cybercrime made to exploit the goodwill of a trademark or brand that someone else owns.
Cybersquatting is illegal, and there are laws in place to protect businesses from it. A report from 2019 shows that 85% of retail brands found domains selling counterfeit products, while 76% found “lookalike” domains pretending to be the same brand.
In this article, we’ll show you exactly what cybersquatting is, what types of it exist, and how you can protect yourself from it.
Types of Cybersquatting
There are different types of cybersquatting, and they are as follows:
- Generic cybersquatting,
- Typosquatting,
- Name jacking,
- Identity theft,
- Reverse cybersquatting.
1. Generic Cybersquatting
Generic cybersquatting refers to the practice of registering a domain name with generic terms, such as computer.net, and looking to sell it later on. On its own, generic cybersquatting is not a crime, and many companies buy multiple domain names to sell them for a profit – it’s called domain flipping.
It becomes an issue only if it causes trademark infringement. For example, polkadot.com became a cybersquatting issue as the owner of the trademark proved that the domain name owner had no connection to the ordinary meaning of the word.
2. Typosquatting
Typosquatting is perhaps the most common type. It revolves around choosing a domain name with a similar spelling or using the same name with a different domain type. For example, if you have a shoe-selling website, SnazzySandals.com, typosquatting would be if someone registered SnazzySandals.co or SnazySandals.com.
In these cases, the cybersquatter usually mimics the company’s website or commits phishing and malware scams.
A subtype of typosquatting is an internationalized domain name homograph attack. It involves using symbols from non-Latin scripts that look the same but have a different Unicode. For example, the Latin letter a (Unicode: U+0061) looks the same as the Cyrillic letter a (Unicode: U+0430). As a user, when you see SnazzySandals.com, you can’t know whether those are Cyrillic or Latin letters.
3. Name Jacking
Registering a domain with someone else’s name (usually a celebrity) falls under domain name jacking. This type of cybersquatting is difficult to prove unless you trademark your name as a personal brand.
This happened to Jennifer Lopez in 2009, when jenniferlopez.net and jenniferlopez.org were set up to direct users to a website littered with ads. The singer sued domain owners and won the case. As a result, the cybersquatters had to transfer usage rights within ten days of the verdict.
4. Identity Theft
Cybersquatters can use special software to track popular domain names and their registration statuses. If someone forgets to renew their domain name subscription or does it too late, a cybersquatter will swoop in and re-register it.
This is considered identity theft. People do it to demand money from the previous owner, conduct phishing scams, or redirect it to another website.
5. Reverse Cybersquatting
In this type of cybercrime, scammers try to present legitimate domain name owners as cybersquatters.
For example, let’s say you start a business and create a website called SnugSocks.com. As a shady individual, I can see your success and trademark the phrase “snug socks” within the fashion industry. Then, I’d sue you for cybersquatting me, and if I prove you’re infringing on my trademark, you’d have to hand over the usage rights. That’s reverse cybersquatting.
MORE: How to buy a domain name
Is Cybersquatting Illegal?
Yes, cybersquatting is a form of cybercrime, and it’s illegal. However, that doesn’t mean that any domain name registration is now subject to a cybersquatting claim. Essentially, cybersquatting means registering a domain name in bad faith, with the key thing being able to prove they had done it in bad faith.
How to Prove Cybersquatting
According to the Internet Corporation of Assigned Names and Numbers (ICANN) Uniform Domain Name Dispute Resolution Policy, for cybersquatting to be proven, the complainant needs to prove the following:
- The domain name matches or is confusingly similar to a registered trademark,
- The domain name owner has no rights to the domain name,
- The registrant uses the domain name in bad faith.
The main thing here is to prove trademark infringement. If someone uses a domain name similar to your business’s, but the website’s purpose is completely unrelated to your products or services, they are not cybersquatting. They just happened to register the name before you.
MORE: Trademarking your domain name
How Could Cybersquatting Impact My Business?
- Data theft,
- Customers being victims of fraud,
- Brand liability and reputation damage,
- Domain hijacking,
- Lost sales and leads.
Cybersquatting Examples
Let’s go through some famous cybersquatting cases.
Cybersquatting Case | What Happened |
---|---|
Nissan.com | The Japanese car manufacturer accused the domain name owner, Nissan Computer Corporation, of cybersquatting and tried to get ownership. However, the computer company was named after its owner, Uzi Nissan, and kept the website for itself. |
Walmart44.com | A malicious website that spread spyware, adware, and malicious extensions. The association with the famous corporation was obvious, and the website was shut down. |
MikeRoweSoft.com | The cybersquatting case with perhaps the most press coverage was the one from 2004, when Microsoft went against a Canadian high school student, Mike Rowe. The giant corporation initially offered Rowe $10 to take down his website MikeRoweSoft.com. When he declined, the company sued him, which eventually ended up with a settlement. The domain name now belongs to Microsoft. |
How to Protect Your Business From Cybersquatting
There are ways to protect yourself from cybersquatting and prevent it from happening in the first place:
- Consider trademarks: When you start a business, try to take out a trademark as soon as you have something unique and distinguishable. This will help you protect your products even beyond cybersquatters.
- Look out for misspellings: If you notice that users often misspell your domain name, you can register aliases. Domain aliases aim to redirect users to the original website and not allow them to fall victim to malicious websites. For instance, Facebook has thousands of alias websites, such as:
- Facbebook.com,
- Gacebook.com,
- Facebooc.com,
- Faceboock.com.
MORE: How to secure a domain name
What If Cybersquatting Already Happened?
Sometimes, someone is just unaware of your business and not a cybercriminal. The first step should always be to reach out to the owner to try to get a deal and transfer the domain name.
If that’s not the case, you have policies and laws to fall back on, such as:
- The Uniform Domain-Name Dispute Resolution Policy (UDRP): If you win the complaint, the domain name registration will be canceled or transferred to you.
- The Anticybersquatting Consumer Protection Act (ACPA): U.S. businesses can protect their trademarks using this act. ACPA lawsuits are more expensive but can result in financial remedies from the defendant.
According to the World Intellectual Property Organization (WIPO), it received over 6,000 cybersquatting disputes in 2023, while that number is already at 1,371 in 2024.
*As of April 2024
How to Report Cybersquatting
The first thing you need to do is make sure that the website is illegally impersonating your business. After that, you need to gather clear evidence they’re doing so in bad faith and not out of ignorance or if they registered the domain prior to your company’s success.
When you have the evidence, you should contact the domain owner and try to settle the situation before getting anyone else involved. If they’re not cooperative, you can file with ICANN under the UDRP policy, report to your registrar, or file an ACPA lawsuit.
One of the key aspects of winning a cybersquatting case is to prove that it’s in bad faith.
We talked with Abraham Cohn, managing partner of Cohn Legal, PLLC, to provide us with some legal insight. He had this to say: “Undoubtedly, one of the most challenging features of a UDRP petition, in particular, is demonstrating that ‘the domain name was registered and is being used in bad faith.’ This allegation can be very difficult or easy to prove, depending on the facts of the case. In the end, each respective party must understand the strength of their case before committing to engaging in any UDRP proceeding.”
Should You Hire an Attorney?
Cybersquatting cases are complex, with complicated legal standards. If you’re not familiar with them and have no legal expertise, we strongly recommend you hire an attorney.
Expert Opinion
Increase Your Odds of Winning
Having a trademark issued by the USPTO (or your country’s governing body) would make your cybersquatting claim much easier to prove. Without proof of the domain name infringing on your intellectual property, it’s impossible to win a UDRP complaint.
Expert Opinion
Takeaway Points
Cybersquatting can damage your brand identity, take advantage of your business’s success, and lead customers to fall for a scam. You can prevent cybersquatting by registering domain names in advance, but you can also sue domain name owners who infringe on your trademark with their domains.
However, you need to prove there was malintent in their registration if you want to get the domain name via a cybersquatting claim. Your first course of action should be to try and settle with the registrant, which may save you both time and money.
If you need help creating a unique name of your own, use our AI-powered domain name generator tool to come up with thousands of domain name ideas.