In the early years of the internet, many businesses and individuals lacked a comprehensive understanding of the commercial opportunities available online. During this time, certain cybercriminals would take advantage of this by registering domains in the name of established companies and profiting from this. This was the beginning of cybersquatting.
Because nowadays most people are much more advanced when it comes to technology and savvy enough to understand the importance of controlling domains related to their names of businesses, cybersquatting is less common than it used to be. Nevertheless, it does still occur, and such issues can surprise its victims, so it is therefore important that high-profile companies and individuals understand how it works and how it can affect them.
The meaning of cybersquatting
Cybersquatting is a form of cybercrime where the perpetrator buys or registers a domain name that is identical or similar to existing domain with the intention of profiting from a recognizable trademark, company name, or personal name. Crucially, the act is illegal because of the bad faith intent of the squatter. Due to its nature, domain squatting can be considered a form of trademark infringement, though there are differences between the two. There are several types of cybersquatting, and attacks may be carried out with different goals in mind.
In many cases, squatters register domains with the intention of later selling them to established businesses or brand owners for a significant profit. However, some cybersquatters are more malicious and engage in web squatting with more nefarious intent. For example, they may use similar domains to create phishing page, scams, or even fake surveys to collect user data.
Convinces visitors to download and launch malware on their computers.
Cybersquatting can have wide-ranging implications for legitimate businesses. It can result in fraud, data breaches, and damage to their public reputations.
What is cybersquatting and when is it illegal?
In its simplest form, cybersquatting is the act of buying or registering domain names with the specific intent of profiting off a trademark owned by another person. Technically, all types of cybersquatting are illegal. However, there are some cases in which the alleged crime is unintentional and therefore, not illegal. For example, if there is an existing website with the domain SmithConsulting.com that specializes in image consulting and someone registers a new domain with the name SmythConsulting.com which focuses on financial consulting, this is unlikely to be a case of cybersquatting since the similarity in names is likely accidental, and the latter is probably not profiting from the use of the former’s name.
To deal with a case of cybersquatting, a company or trademark owner may choose to engage with the squatter and pay them off to take control of the domain name. However, because there are now also certain legislative instruments in place, it is also possible to build a case against the squatter and prosecute the crime.
To build a case, the onus is on the claimant to prove that a case of illegal web squatting has occurred. To do this, they would generally have to offer evidence that:
- The name—or trademark—is well-known and diluted by the domain squatting.
- The squatter created the domain name with the intent of infringing on the rights of—and profiting off—the existing company, individual, or trademark owner.
- The domain of the web squatting site must be identical or similar to an existing name or trademark.
Anti-cybersquatting legislation
There are several legislations that protect businesses and individuals against web squatting. Although many of them only offer protection within the United States, some are internationally applicable.
- Anticybersquatting Consumer Protection Act (ACPA) of 1999: This is an American federal law that protects trademark owners and private citizens from all types of cybersquatting. Under the ACPA, it is illegal to buy or register a trademarked or personal name owned by another individual. The prohibition extends to domain names that are identical or obviously similar to existing URLs.
- Lanham Act of 1946: This American legislation enables the national trademark registration procedure. The Act also shields trademark owners, giving them a potential avenue for recourse against cybersquatters whose URL squatting causes consumer confusion or dilution of their trademark. The Trademark Dilution Revision Act of 2006 furthers this by providing that claimants only need to show the likelihood of trademark dilution, rather than prove actual dilution.
- World Intellectual Property Organization (WIPO): Based in Geneva, WIPO is a specialized subsidiary agency of the United Nations. It oversees intellectual property rights on an international level and as such, is responsible for arbitrating and mediating a wide range of intellectual property disputes, including cases related to cybersquatting. In considering cases of web squatting, WIPO considers the provisions of the Uniform Domain Name Dispute Resolution Policy (UDRP) that was outlined by the Internet Corporation for Assigned Names and Numbers (ICANN).
If a claimant can prove a case of cybersquatting under these legislative instruments, they will be entitled to some form of restitution. Depending on the details of the case, they might receive injunctive relief, damages in the form of monetary payments and legal fees.
Examples of famous cybersquatting cases
Here are a few of the most famous cases of web squatting:
- Walrmart44.com: Trading off the name of the well-known superstore Walmart, this was a fraudulent website created with malicious intent that persuaded users to install spyware and adware on their computers.
- TikToks.com: This domain was purchased by two men in an attempt to latch onto the social media platform’s burgeoning popularity. Although TikTok’s parent company initially offered to pay them for the domain name, the squatters declined, and the case went to court instead. TikTok won, and the pair had to hand over the URL.
- Nissan.com: A company called Nissan Computer Corporation registered this domain in 1994. A few years later, car company Nissan Motors claimed that the domain was a case of cybersquatting when they decided they wanted it for themselves. But, because the domain owner’s name was Uzi Nissan, the courts ruled that this was not a case of web squatting and Nissan Motors had to register a different domain.
- MikeRoweSoft.com: A man named Mike Rowe registered this domain in 2003 for his web design company. Because of the phonetic similarities between the names, computing company Microsoft decided they wanted the domain and offered to pay Rowe a token sum for it. When Rowe declined, Microsoft accused him of cybersquatting. The case resulted in a public outcry and was eventually settled out of court.
Types of cybersquatting
Although cybersquatting is an umbrella term for one type of cybercrime, there are several different variations—all of which are illegal. These are some of the types of cybersquatting to be aware of.
Typosquatting
Perhaps one of the most common forms of web squatting, this refers to intentionally misspelled domain names that mimic well-known sites or brand names. The fraudulent address may be a subtle variation of the original, such as one different letter or the addition of a hyphen. The name derives from the fact that the cybersquatter takes advantage of potential typos people can make. One example of this might be Googgle.com instead of Google.com.
Identity Theft
In this type of cybersquatting, a cybercriminal will steal a company’s digital identity by creating a similar domain. When internet users try and access the company’s website, they may click the wrong link and end up on the fraudulent site instead. Another example of identity theft domain squatting could be if the cybersquatter buys an existing domain whose domain registration has lapsed. The original owner would then have to take legal action to regain control of the domain.
Name Jacking
Name jacking, one of the most popular types of cybersquatting, occurs when a squatter uses the personal name of someone of significance to create a fake website. This is often seen, for example, in the case of celebrities, when cybersquatters register domains—or more nefariously, social media profiles—in their names. Name jacking can be difficult to prosecute because it might not always be possible to prove that it was done intentionally. However, in the United States, people can trademark personal names, which can help build a case against a cybersquatter.
Reverse Cybersquatting
Also known as reverse domain name hijacking, this refers to a technique where cybercriminals take advantage of the existing legal framework to facilitate their domain squatting. To perpetrate this, the cybersquatter will first choose a specific existing website to target, for example, InfinityFinance.com. Then, they will register a business with the same name, such as Infinity Finance Ltd. Once all of this is in order, they will then claim that the legitimate owner is web squatting using the business name that they own and use the law—like the ACPA—to try and gain control of the website in question.
How to prevent cybersquatting
Business owners—and domain owners—can take steps to minimize the potential for cybersquatting. And if it does happen, understanding how to mitigate the damage is crucial for taking back control of the website. Here are some suggestions for avoiding and dealing with domain squatting:
- Register the business name as a trademark. The ACPA and the UDRP only protect trademark owners. As such, by registering and owning the trademark of a business or personal name, if a website falls victim to web squatting, the owner can potentially find recourse under both legal frameworks
- Buy variations of the website’s address, such as those with different domain suffixes like .com or .net, with slightly different spellings, or with added articles like “the”. By doing this, squatters will not be able to purchase these website addresses, and visitors be redirected to the official site.
- Communicate with the owner of the cybersquatting site. Sometimes, a domain name will have inadvertently been registered with a similar name without the owner realizing this. In this case, they may be willing to transfer or sell it.
How can website visitors avoid cybersquatters?
Website visitors can also succumb to domain squatting, so it is critical to always be vigilant while online. Here are a few tips to avoid falling victim to web squatting while on the internet:
- Verify the web address by checking the address bar. Ensure that the website spelling is as expected and that there are no unusual characters.
- Type the URL when visiting specific websites to ensure that it is the correct one. Make sure to check for any spelling errors or mistakes that might bring up a cybersquatting site instead.
- Check the website’s appearance and functionality for anything that seems out of place. Many URL squatting sites have abundant pop-ups and advertisements, automatic downloads, and frequent—unnecessary—redirects.
- Look for indications of weak security in the browser’s address bar. For example, some cybersquatting examples have the phrase “not secure” in front of the web address or no padlock sign. Most official websites these days have SSL certificates, in which case there should be a padlock icon in the browser address bar, just before the domain name.
- Avoid opening suspicious emails or links, which could be phishing emails that lead to domain squatting sites. If necessary, open a new window and go directly to the site in question by typing in the URL directly.
- Keep operating systems and applications up to date to help prevent potential malware on a URL squatting site from exploiting vulnerabilities in outdated systems.
- Install internet security software and keep it up to date. An effective antivirus solution blocks malicious domains and includes web-protection which can block malicious and phishing web-resources.
Cybersquatting: A latent threat for businesses
Although it is becoming less common, cybersquatting is still something to be wary of. Understanding how it works, the different types of squatting, and when it is illegal is important for protecting the interests and reputations of high-profile businesses and individuals. Companies can protect themselves by proactively buying related domain names and registering their business name as a trademark, for example. In addition, internet users can avoid falling victim to web squatters by following simple internet security tips while online.
Kaspersky Endpoint Security received three AV-TEST awards for the best performance, protection, and usability for a corporate endpoint security product in 2021. In all tests, Kaspersky Endpoint Security showed outstanding performance, protection, and usability for businesses.
Related Articles and Links:
- What is Typosquatting? Definition and Explanation
- Top cyber security threats for businesses – and how to protect yourself
Related Products and Services: