What is cybersquatting?

Cybersquatting refers to registering, using, or selling a domain name with the intent of profiting from the trademarked name of another entity. The term is derived from ‘squatting,’ where individuals claim digital property, such as domain names that they do not rightfully own. Cybersquatting can disrupt businesses, confuse consumers, and lead to financial and reputational harm.

Prevalence of cybersquatting

Cybersquatting continues to be a problem as businesses expand their online presence. In 2023, the World Intellectual Property Organization (WIPO) handled nearly 6,200 domain name disputes, a more than 7% increase from 2022 and a 68% jump since the start of the COVID pandemic. Trademark owners from around the world filed 6,192 cases under the Uniform Domain-Name Dispute-Resolution Policy (UDRP) and its national variations, with the most filings coming from the United States, France, and the United Kingdom. As case numbers grow, securing domain names and monitoring brand usage remain key measures to prevent fraud and trademark misuse.

Is cybersquatting illegal?

Yes, cybersquatting is illegal in many jurisdictions. The Anticybersquatting Consumer Protection Act (ACPA), enacted in the United States in 1999, combats cybersquatting by allowing trademark owners to take legal action against individuals or entities that register domain names identical or confusingly similar to their trademarks with bad faith intent. Trademark owners who prevail in cybersquatting lawsuits may receive monetary damages and gain control of the disputed domain name.

To successfully pursue a case under ACPA, the following conditions must be met:

• The trademark must be recognizable and well-known at the time of the domain registration.
• The domain was registered with malicious intent, such as extortion or misleading consumers.
• The registrant has no legitimate claim to the domain name beyond attempting to benefit financially from it.

Types of cybersquatting

There are several different kinds of cybersquatting, all of which can harm businesses and consumers:

Typosquatting

Typosquatting occurs when cybersquatters purchase domain names that contain common misspellings of well-known brands. These fraudulent domains often lead unsuspecting users to fake or malicious websites. Examples include:

• Yajoo.com (intended to deceive Yahoo users)
• Googgle.com (a deceptive version of Google)
• ABCnewss.com (imitating ABC News)

Identity theft and brand impersonation

Some cybersquatters create domains that closely resemble legitimate businesses to steal personal data from unsuspecting visitors. Scammers can trick users into entering their login credentials or financial information by creating an identical-looking website.

For example, if a company named Apex Tech partners with another company called Nova Solutions, a cybersquatter could register apexnova.com before the business does. Such a tactic could mislead customers or force the legitimate company to pay a ransom to acquire the domain.

Name jacking

Name jacking involves registering domain names containing the personal names of celebrities, politicians, or public figures. While personal names are not always trademarked, name jacking can still be considered cybersquatting when done in bad faith. Social media impersonation also falls into this category when fake profiles are created to mislead the public.

Reverse cybersquatting

Reverse cybersquatting, also known as reverse domain name hijacking (RDNH), happens when a company falsely claims that an existing domain violates its trademark rights. In some cases, businesses attempt to use ACPA to take over legitimate domains owned by individuals who registered them in good faith. For instance, if a person registers IndustrialChemicals.com, a company might later form under that name and falsely accuse them of cybersquatting to take ownership of the domain.

Go deeper:

• What is an impersonation attack?
• What is domain hijacking? 

Real-world examples of cybersquatting

• Walrmart44.com: Created to imitate Walmart, this fraudulent domain was used to distribute spyware and adware, infecting users’ devices and compromising security. Cybercriminals manipulated the spelling of Walmart to deceive users into visiting the site and unintentionally downloading malicious software.
• Facebookwinners2020.com: A phishing scam designed to trick users into believing they had won prizes from Facebook. Victims were often required to enter personal information, including login credentials and financial details, which could then be used for identity theft, fraud, or unauthorized account access.
• Xofnews.com: A case of brand impersonation targeting Fox News. The cybersquatter made the website appear like an official Fox News platform, likely to promote scams, fraudulent products, or misleading news content. Such tactics are common in misinformation campaigns and deceptive advertising.
• TikTok.in: Registered by an individual attempting to extort ByteDance, TikTok’s parent company, by demanding payment in exchange for the domain’s release. The legal battle ended with the domain being transferred to TikTok, reinforcing the principle that trademark holders have the right to control domains associated with their brand.
• Android.co.in: Registered without authorization, despite "Android" being a well-known trademark owned by Google. Google sued the registrant for trademark infringement, arguing that the domain could mislead users and harm its brand. The court ruled in Google’s favor, leading to the transfer of the domain to Google.

Impact of cybersquatting on businesses

• Customer confusion: Fake websites can mislead users into believing they are interacting with a trusted brand.
• Fraud and data theft: Cybercriminals may use counterfeit domains to steal login credentials, credit card information, and personal data.
• Reputational damage: If a cybersquatter uses a fake domain to promote scams or distribute malware, the legitimate brand may suffer reputational harm.
• Financial losses: Companies may have to spend substantial amounts of money on legal fees or domain acquisition costs to reclaim their brand identity online.

Related: What is malware? 

How to prevent cybersquatting

• Register your business name early: Secure your brand's domain name as soon as possible to prevent unauthorized registrations.
• Purchase multiple top-level domains (TLDs): Consider registering common variations of your domain, such as .com, .net, .org, and country-specific domains.
• Monitor domain registrations: Use trademark watch services and domain monitoring tools to detect and address potential cybersquatting threats.
• Understand ACPA and UDRP: Familiarize yourself with legal frameworks such as the Anticybersquatting Consumer Protection Act and the Uniform Domain-Name Dispute-Resolution Policy to know your rights.
• Negotiate before litigating: If someone registers a domain related to your brand, consider reaching out to negotiate a purchase before pursuing legal action.

FAQs

What is cybersquatting?

Cybersquatting is the act of registering, using, or selling a domain name with the intent of profiting from the trademarked name of another entity.

How does cybersquatting happen?

It occurs when individuals intentionally register domain names that are identical or confusingly similar to existing trademarks or business names, often to extort money or mislead consumers.

Is cybersquatting legal?

No, cybersquatting is illegal under the Anticybersquatting Consumer Protection Act (ACPA) of 1999. Trademark owners can take legal action against cybersquatters to recover domain names and seek damages.

How can cybersquatting be prevented?

Preventive measures include registering domain names early, securing multiple TLDs, monitoring domain activity, and understanding legal protections such as ACPA and UDRP.