What is cybersquatting?

Cybersquatting is the illegal practice of registering a domain name to profit from a similar trademark, brand name, or personal name used in an existing website address. Also known as typosquatting or domain squatting, this form of cybercrime involves individuals using a domain name with the bad-faith intent to take advantage of any goodwill the true trademark owner has. 

How does cybersquatting work, and how can you protect yourself from it?

Keep reading for an in-depth look at cybersquatting, its different forms, and ways to prevent it.

Cybersquatting meaning

Cybersquatting websites often imitate real brands to draw unsuspecting visitors, spread malicious software, or steal personal information. At first glance, a cybersquatting site might look like the official page you were after, but a closer look could reveal fake products, ads, and requests for payment.

Cybersquatters are trying to stake a claim on an online property that isn’t theirs. They’re using trademark infringement to squeeze a payday from the original domain registrant.  

What is an example of cybersquatting?

Let’s say you’re an enterprising Sith Lord tired of all that galactic grime. You launch vadersvacuums.com, a site dedicated to making the Empire a little cleaner. To no one’s surprise, your business is an instant hit.

But faster than you can make the jump to hyperspace, some rebel scum sets up an imposter site, vaderzvacuumz.com, that mimics your design and confuses loyal customers. Soon, complaints about fake products and fraudulent payment requests flood in. Your reputation hangs in the balance, legal troubles loom, and shoppers show a disturbing lack of faith in your brand.

That’s cybersquatting — and its consequences — in a nutshell. And while it’s as old as the internet itself, web squatting is on the rise. In 2023, the World Intellectual Property Organization (WIPO) received a record 6,000+ domain name cases.

Stop cybersquatters in their tracks

Make a VPN your first line of defense

Get Surfshark

How does cybersquatting work?

Cybersquatters thrive by exploiting similarities between their fake domain names and official websites. After selecting the company or personal names they want to target, they register a URL with the same name or one that’s deceptively similar. With this fake website, these phony domain registrants usually do one of two things:

Domain hoarding

Domain hoarding refers to cybersquatters holding onto a domain name and preventing others from using it. 

The most harmless form of hoarding involves taking an internet domain that others want, posing a minor inconvenience, and potentially stealing web traffic or confusing visitors. In more dangerous cases, scammers can target company names and set up fake sites to steal money or personal data.

Holding domains hostage

Holding domains hostage specifically involves acquiring a web address with the goal of demanding a high price from any legitimate domain name owner in exchange for its return. 

This practice is often characterized by aggressive tactics, with the domain registrant actively seeking to profit by trying to sell it to the original trademark owner at an inflated price. To force you to pay their high fees, cybersquatters may threaten to dilute your brand or engage in criminal activities in your name.  

Types of cybersquatting

Cybersquatting takes various forms, each with unique tactics for luring unsuspecting website visitors or profiting from a registered domain name. Here are the top types, along with common cybersquatting examples.

Typosquatting

Typosquatting involves registering domains with slight misspellings to prey on users’ typing mistakes. The goal? Draw in visitors who accidentally type the wrong URL in the browser address bar and profit from ad revenue or phishing scams. 

An example of typosquatting is snatching the domain name goggle.com to nab internet users looking for Google.   

Brand squatting

In brand squatting, criminals register internet domain names that are confusingly similar to official brand websites. By adding a simple word, suffix, or prefix to a domain owner’s name, URL squatting sites can create fake web addresses that look authentic, only to redirect visitors to spammy or malicious content.

For instance, users might click on links to netflix.tv or nikeshoes.com, thinking they’re the true blue Netflix and Nike internet domain names. Spoiler alert — they aren’t.

Geographic squatting

Geographic web squatting happens when a scammer gets a domain name linked to a city, landmark, or other place that’s attracting a lot of internet traffic. They might try to exploit the place’s popularity to either trick visitors or resell the name for profit.

Typical examples include posting as official tourism pages or established businesses like visitparis.org or newyorkhotels.com.

Reverse domain squatting

Reverse cybersquatting happens when a person or company with a valid trademark tries to take over a domain name owned by someone else, even if it was initially acquired legally and in good faith. This is often done by larger companies claiming trademark rights to force the current owner to give up the domain name, frequently by filing a legal complaint or leveraging larger financial resources.

For example, let’s say a small business owns the domain yodayoga.com. One day, a larger company called Yoda Corp decides it wants this domain name and claims trademark infringement, even though the owner did nothing wrong legally. These cybersquatting practices are generally seen as an abuse of intellectual property law to seize web domains unfairly.

What do cybersquatters want?

Cybersquatting may seem like a minor annoyance, but it’s a severe problem that’s often motivated by one or more of the following:

1. Financial gain: many cybersquatters hope to sell their fake domain name back to the legitimate website owner for a high price, taking advantage of a brand’s popularity or expired domain names;
2. Phishing scams: by mimicking well-known brands or personal names, web squatting sites can trick visitors into providing sensitive information, like passwords or payment details, that can then be used to commit identity theft and other kinds of fraud;
3. Ad revenue: registering domain names is a typical internet hack for squatters trying to generate revenue passively through ads. These domain squatting sites may have content that’s misleading, irrelevant, or blatantly bogus, but as long as they’re bringing in traffic, the trademark owner can still haul in a profit;
4. Brand damage: cybersquatting sites can damage the reputation of any internet corporation. Leading users to fake domains filled with spam, inappropriate material, or malicious software can get respected businesses and individuals into all kinds of hot water. 

Legal protections against cybersquatting

Trademark owners and legitimate companies can turn to numerous legal protections against cybersquatting to address this malicious act.

Anticybersquatting Consumer Protection Act (ACPA)

Passed in 1999, the Anticybersquatting Consumer Protection Act (ACPA) bans the registration of domain names to expressly profit from another’s intellectual property. A trademark owner can file legal action against web squatters and has a path toward recovering their domain name and claiming financial compensation for damages.

Uniform Domain-Name Dispute-Resolution Policy (UDRP)

Developed by the Internet Corporation for Assigned Names and Numbers (ICANN), the UDRP is meant to resolve disputes surrounding the registration of online domain names. ICANN is a global nonprofit that oversees the Domain Name System (DNS) and coordinates domains across the internet. 

While ICANN isn’t a governing body, a legitimate trademark owner can leverage the UDRP to challenge cybersquatters and bypass the lengthy federal court process.   

Trademark Dilution Revision Act (TDRA)

The Trademark Dilution Revision Act (TDRA) of 2006 protects recognized trademarks from dilution or the weakening of their uniqueness or reputation. Unlike earlier anticybersquatting legislation, the TDRA doesn’t require concrete proof of consumer confusion — demonstrating the likelihood of dilution is enough to claim trademark infringement. 

The TDRA offers broad trademark protection and can be used to target domain squatters who may be misleading users or hurting the reputation of a credible internet corporation. The legitimate domain name owner can take legal action against cybersquatters and stop the unauthorized use of protected assigned names.   

How to prevent cybersquatting

If you’re a brand owner, trademark holder, or established business, here are some proactive steps to prevent cybersquatting.

1. Use a Virtual Private Network (VPN): a VPN can help protect your browsing activity and defend against identity theft when visiting URLs you’re unsure about. A reputable VPN provider like Surfshark boosts online privacy by masking your Internet Protocol (IP) address. The risk of malicious actors intercepting your data is lower, making it much harder for potential squatters to catch a whiff of any domain name you want to register.
2. Register all relevant domains: securing similar domains — even those you don’t need immediately — is a strong shield against cybersquatting. Register variations, typos, or other extensions of your official domain name and service marks to reduce the risk of someone else using them in a cybersquatting attack.
3. Monitor domain registrations: use tools that track new domain names to spot if a third party is registering a confusingly similar web address to your assigned names. Take advantage of services that offer alerts if anyone attempts to nab a domain similar to your name or service mark.
4. Trademark your brand: registering your brand as a trademark ensures legal protection if cybersquatting occurs. You’ll strengthen your legal position in any dispute with a cybersquatter who has bad-faith intent.

What to do if you become a victim of cybersquatting

If you find out someone has registered a domain name similar to yours with ill intent, take these steps to reclaim your web address.

1. File a complaint: service mark owners can file a complaint under the APCA, TDRA, or other laws to prove bad-faith intent and reclaim the domain. This is often the quickest way to resolve cybersquatting issues without involving a federal court.
2. Contact domain registrars: some registrars have policies to address cybersquatting. Contact the body managing the offending domain name to see if it can assist you.
3. Work with legal experts: cybersquatting can be a complex issue. Enlist intellectual property lawyers specializing in domain name disputes to get guidance on protecting your personal or company names and recovering financial losses.

Protect your domain name from cybersquatters

Cybersquatting is a persistent problem, but you can greatly reduce the risk of becoming a target with simple, proactive measures. 

And it all starts with a VPN. 

By maintaining your online privacy, a VPN like Surfshark can help you search for the perfect domain name without worrying about scammers seeing what you’re up to. Navigate the web with confidence and keep those cybersquatters at bay.

Squash cybersquatters with a VPN

Enjoy greater privacy and safety online

Get Surfshark