What is Cybersquatting and How to Prevent It?

Brand protection is now more critical than ever before for your business.  

WIPO, the World Intellectual Property Organization, reports that "The covid-19 pandemic appears to have fueled an increase in cybercrime." There are multiple reasons for this, but your primary concern should be how to prevent cybersquatting from happening to you. 

And that, of course, begs the question, "What is cybersquatting?" So, stick around as we discover what cybersquatting is and how to protect your business from it. 


Understanding Cybersquatting and Domain Typosquatting 

Cybersquatting, or "domain typosquatting" as it's sometimes called, is a specific kind of cybercrime. It refers to the registration, use, or sale of domain names in bad faith.  

Cybersquatters register domain names that are nearly identical or very similar to legitimate trademarks, company names, personal brands, and more.   

What is a cybersquatter's goal in registering these domain names? 

They intend to profit off the reputation and goodwill of the actual domain name, business, or trademark owner. Often, a cybersquatter will register a domain name and hold it hostage — offering it up to the trademark owner in exchange for a sizeable sum of money. Others use the domain names to create copycat websites to sell fake or imaginary items. That takes money directly from the consumer and damages the trademark owner's brand in the process. 

Cybersquatting during the pandemic

As Covid-19 surged, the number of cybersquatting cases appearing before WIPO arbitration climbed over 50,000.  

Think about it: As the pandemic brought the world of physical retail to its knees, many businesses pivoted their models to include eCommerce. And those malicious cybersquatters? They took note, and they began to register domain names in droves.

Whatever your business models, understand that eCommerce and online businesses are here to stay. As we continue to invest in the digital and virtual world that the Internet enables, like the Metaverse, cybersquatters will continue to identify trends and opportunities for mischief.  

As a business owner, it's your responsibility to keep your business as secure as possible and protect your brand. Your trademark is valuable and must be protected. And this attention to security isn't just for your benefit; it also benefits your customers.


Different types of cybersquatting

Cybersquatters have various tactics and forms of squatting, some of which we're reviewing below. 

  • TLD exploitation squatting: As an example, think of a popular website, like google.com. A cybercriminal exploiting TLDs might register a domain like google.co or google.ca to mislead site visitors and get traffic to their fraudulent and potentially harmful sites. 
  • Domain name typosquatting: Domain name typosquatters register domains very similar to the original trademark, except theirs have popular or common misspellings.  
  • Pornsquatting: This type of squatting occurs when bad actors try to register your trademark with TLDs like .xxx or.sex.
  • Reputational harm squatting: Some cybercriminals aren't trying to claim your site traffic as their own. No, instead, they want to see your brand reputation in the toilet, so they might spread rumors and harmful ideas about your business on their cybersquatted domain. 
  • Subdomain squatting: Cybercriminals sometimes break a domain name into different parts (called subdomains) to register. This could look like go.ogle.com instead of google.com, or amazon.shop.com instead of amazon.com. These domains look so similar to legitimate trademarks that they can confuse website visitors.


What do I do if I'm the victim of cybersquatting?

Prevention is better than cure. We repeat: Prevention is better than cure. 

The best thing you can do for your business and your trademark is to not become a victim.  

However, we understand that it isn't always within your control. So, after discussing some prevention strategies, we'll explore what recourse you have should you become a victim of cybersquatting. 

Prevent cybersquatting with proactive security management

Your domain name is an invaluable asset, making online brand protection essential. 

If you haven't trademarked your domain name, you should consider doing so. Trademarking your domain helps protect it from your competition and cybercriminals. The United States Patent and Trademark Office (USPTO) writes that "Your domain name could function and qualify as a trademark if it is clearly and prominently displayed on your website (not just in your URL) in such a way that potential purchasers will perceive it as a symbol of origin in direct connect with the goods and services advertised."

A trademark isn't going to guarantee your business exclusive rights to similar domain names, especially if it's comprised of generic terms. Still, it will help you protect yourself from those who want to use similar names to impersonate or damage your brand. 

You must monitor your domain name to prevent the misuse of it by domain typosquatters and other cybercriminals. If you have your hands full and can't dedicate time to continuous monitoring, don't fret. There are many online domain monitoring services that detect any suspicious or fraudulent use of your domain name.


Resolving a cybersquatting issue

What should you do if your trademarked domain falls victim to cybersquatting?

If you've partnered with a domain management or monitoring service, you could work with them to resolve the issues. If you haven't, you may need to seek outside legal advice to help with the following processes. 

For U.S. residents, you have ACPA, the Anticybersquatting Consumer Protection Act, as a recourse. You have to meet specific requirements as a trademark to fall under the protection of this act. However, if the alleged cybersquatter is found guilty, then the court can order the forfeit, cancelation, or transfer of the domain that's under dispute.

WIPO is the organization that settles international cybersquatting and domain name disputes. In this scenario, an expert panel reviews the case through the UDRP lens. UDRP stands for "Uniform Domain Name Dispute Resolution Policy"