What is cybersquatting?
Make sure your domain name can't be abused
Make sure your domain name can't be abused
Cybersquatting, also known as ‘domain squatting’ or ‘domain name hijacking’, is a form of cybercrime where someone registers a domain name deliberately chosen because it’s very similar or identical to an established brand or trading name. Cybersquatters can often make a lot of money by exploiting the popularity of other people’s and businesses’ names.
A cybersquatter’s main motive is to use the domain name for an inappropriate purpose. One thing squatters often do is offer the brand owner the chance to buy the name at an inflated price. Another is to create a lookalike website, then lure or divert data traffic to the site with the aim of harvesting personal or other data (‘phishing’).
One of the best-known cases in this field is the Mike Rowe case. While still a student, Canadian Rowe registered the domain name MikeRoweSoft.com in 2003 with the aim of marketing web design services. He thought it was fun that the name sounded quite like ‘Microsoft’. Microsoft was less enthusiastic, however. The software giant thought that the name could cause confusion for people looking for the company’s site, microsoft.com. Microsoft therefore offered to buy MikeRoweSoft.com, but Rowe turned them down. That led Microsoft to accuse Rowe of cybersquatting before an amicable settlement was ultimately reached.
In the Mike Rowe case, the domain name wasn’t registered with malicious intent. Rowe wasn’t a crook who wanted to do Microsoft any harm. Sometimes, however, domain names are registered specifically for abusive purposes, as with walrmart44.com (resembling walmart.com) and xofnews.com (resembling foxnews.com). Those domain names were quite deliberately registered to exploit the familiar trading names Walmart and Fox News.
Registering a domain name that’s similar to another domain name is not necessarily against the law. Cybersquatting only becomes unlawful if the registration infringes someone else’s copyright. It’s also illegal for a cybersquatter to use a domain name for a fraudulent or abusive purpose, such as CEO fraud, phishing or spamming.
Cybersquatting can involve various methodologies, each with its own characteristics and objectives.
One of the most familiar forms of cybersquatting is typosquatting: registering a domain name that’s almost the same as a popular legitimate domain name, except for one or two characters. Examples include variations on google.com, such as goggle.com and gooogle.com. This type of cybersquatting takes advantage of the fact that people often make slips when typing domain names, or fail to notice small differences when reading them. Another common trick is to register a domain name that’s exactly like a legitimate one, but with another extension. For instance, a squatter might register Rabobank.ml, which looks like a popular Dutch bank’s real domain name, but uses the extension .ml (for Mali) instead of .nl (for the Netherlands).
In this type of cybersquatting, a criminal assumes the electronic identity of another person or business by registering a domain name similar to the one used by that person or organisation. Then internet users who make a slip when typing the name of the legitimate site, or click a link without noticing that the URL isn’t quite right, land on a fake website made to look like the one they’re expecting to see. When they try to log in, they give their login details to the scammers. The squatted domain name may also be used in e-mail correspondence, to trick people into believing they’re corresponding with someone else. That counts as identity theft, and is nearly always illegal.
A domain name or website is always registered for a particular period of time, typically one or more years. At the end of that period, the contract needs to be renewed if the registrant wants to keep the name. Sometimes, however, a business forgets to renew, so the registration expires. That’s when domain name hijackers or domain name fraudsters are liable to step in. They snap up desirable lapsed domain names the moment they become available, before the previous registrant realises that they’ve forgotten to renew. The former registrant then has no choice but to take legal action to get their domain back.
Although the term ‘fraud’ suggests that this practice is illegal, it’s often very hard to demonstrate that anything dishonest has been done. After all, anyone is free to register a lapsed domain name. In such cases, the cybersquatter often offers to sell the domain name back to its old registrant for a sum that’s slightly less than the cost of going to court to get it back. As well as costing the business whose name is taken a lot of money, cybersquatting can harm the business’s reputation. All organisations therefore need to manage their domain name portfolios well.
A closely related trick involves monitoring the registration of new businesses with the Chamber of Commerce. When the squatter sees that the domain name corresponding to the name of a new business hasn’t been created, the cybersquatter gets in first and registers the domain name before the relevant business does, then offers to sell it to the business. We therefore advise anyone who is setting up a business to register the domain name before or at the same time as registering their brand name or trademark.
Name jacking is using the name of a famous person, such as a celebrity or public figure, as the domain name for a website. The registrant is then able to cash in on the popularity of the person whose name is used. Doing that kind of thing is totally against the principles of intellectual property law, which doesn’t permit the use of the name of a famous person who actually has no connection with your activities.
In reverse cybersquatting, also known as reverse domain name hijacking, the squatters begin by adopting a trading name that matches a registered domain name. They then falsely accuse the domain name’s registrant of trademark infringement in order to get hold of the name. As well as being deprived of the name – their lawful property – the accused registrant can face legal costs and reputation damage.
Register your domain name before you start using your trading name.
It’s important to register your domain name before you start using your trading name, and preferably before you register your business with the Chamber of Commerce. Otherwise, there’s a risk that someone else will claim your domain name before you do.
Register the name of your business as a trademark and/or brand name.
The owner of a registered trademark or brand name has a lot of protection under the law. Also, in a dispute, it’s usually easier to demonstrate that your rights have been infringed if you have a registered brand name or trademark. If a name is targeted by cybersquatters, the rights holder can more easily seek redress. For guidance on defending yourself against abuse of your brand name, see for example the website of the
Register obvious variants of your domain name. If you don’t want cybersquatters to register domain names that look like yours, it’s important to register some obvious variants yourself. For example:
Variants with extensions that are popular in your market, e.g. .com, .nl and .eu in the Netherlands
Variants with alternative spellings (including common typo-variants)
Plural versions and variants with/without words such as 'the' and 'and'
If your name is based on 2 or more words: variants with and without hyphens
Set your domain names to renew automatically where possible.
Under some TLDs, domain names are available for renewal for a fixed period. By opting for autorenewal, you ensure that your domain name won’t lapse in the event of an oversight. Irrespective of the autorenewal status, it pays to keep proper, consistent records of the domain names in your portfolio including expiry and renewal dates.
Think twice about cancelling domain names.
Are you sure it’s a good idea to cancel an unused or disused domain name? Once it’s released onto the open market, it could be picked up by cybersquatters and used for scams where they pretend to be from your organisation. Never cancel a domain name that’s still used for any business e-mail addresses. Otherwise, those addresses could be used to get hold of confidential information or login details.
Arrange continuous domain name monitoring.
Subscribe to a monitoring service, such as SIDN BrandGuard, so that you know if any similar or fraudulent domain names are registered.
SIDN BrandGuard is a monitoring service featuring a personalised dashboard. As a BrandGuard subscriber, you’re alerted immediately whenever a domain name similar to your brand name is registered. Getting early warnings enables you to respond promptly to prevent cybersquatting, domain name fraud, mail fraud, CEO fraud and identity fraud. And thus avoid the high cost and reputational damage caused by such scams. With its personalised interface, SIDN BrandGuard is a service that can help you protect your business. As a subscriber, you’re alerted immediately whenever a domain name similar to your brand name is registered. So you can respond promptly and effectively to prevent typosquatting, domain name fraud, invoice fraud and CEO fraud. Saving you the cost and reputational damage of a scam.