6 Things to Know About Domain Squatting in 2024

Stolen identities don’t just happen in the real world.

It can also happen online, when someone takes your business name and domain extensions and creates fake search results and scams associated with it.

This redirects online traffic from your brand to cybercriminals with bad-faith intent. And your brand will pay a high price for it.

Domain squatting and cybersquatting hugely damage your online presence, especially when they send people to malware, phishing schemes, or illicit content.

Here’s everything you need to know about domain squatting and cybersquatting, from the legal action you can take, to common trends, to how to stop hackers from misrepresenting your company name in the first place.

1. Domain squatting and cybersquatting: The facts

First off, you might here the terms “domain squatting” and “cybersquatting” interchangeably, but it’s important to understand the difference between the two. When we define cybersquatting, it isn’t exactly the same as domain squatting.

Let’s break them down.

TL; DR—Domain squatting is generally focused on securing or reselling desirable domain names, whereas cybersquatting will exploit trademarks and brands to make money.

What is domain squatting, with examples?

Domain squatting is when people register desirable domains, usually in order to sell them.

There may not be a criminal intent behind this; people are simply looking for similar names and similar domains that match popular brands, products, and phrases.

However, while they generally sell them to legitimate businesses, this isn’t always the case since the main priority is to make a profit from reselling the registered domain name.

Other types of domain squatting:

There are two other types of domain squatting to be aware of.

1. Protective domain squatting: This legal, proactive form of domain squatting is when companies register multiple top-level domain (TLD) versions to protect their brand name.  The company does not intend to use these domains, but registering them prevents criminals from doing so.
2. Unintentional domain squatting: This is when someone registers a domain that they did not know was similar to a trademarked name. When this happens, the registered trademark owners may try to buy the domain from them or take them to court to obtain the domain name. 

Examples of domain squatting:

Here are some quick examples of what domain squatting could look like.

1. Registering a domain such as “buyiphonescheap” and selling it to Apple or other retailers at a higher price.
2. Taking a domain called “cryptoexpert” and selling it to relevant businesses or individuals in the cryptocurrency industry.
3. Saving multiple domain extensions and generic top-level domains (gTLDs), such as ‘.fr,’ ‘.com,’ and ‘.co’, to prevent anyone else from using the same brand name.

What is cybersquatting, with examples?

Cybersquatting describes the practice of targeting trademarks and established brand names.

They will aim for domains which are identical, or confusingly similar to popular brands—and profit from the goodwill of a trademark belonging to someone else. 

Often, cybercriminals purchase the domain to sell counterfeit goods, display pay-per-click ads, or redirect traffic to their own websites. They might also use the domain to push malware, pornography, or other unexpected content.

Let’s look at some cybersquatting examples and types.

The main types of cybersquatting:

Here are four types of cybersquatting that you should be aware of.

1. Typosquatting: Also known as URL hijacking, a string site, and fake URL, typosquatters take advantage of typical misspellings used in search. Typosquatters will use misspellings, different phrasing, variations of the target domain, and fake websites.
2. Identity theft:  Cybersquatters monitor when a domain owner does not renew a domain, and will swoop in and surreptitiously register that domain.  Next, the hacker may try to sell the domain to the original owner or link the domain to whatever site they want, including potentially a copy of the original website.
3. Name jacking: This is when someone registers a domain name associated with a famous individual.  Celebrities are often targeted for this kind of cybersquatting. There is no trademark protection or trademark rights for people who are not famous. If someone registers a domain in your name and you are not famous, it is difficult to force that person to release the domain.
4. Reverse cybersquatting: This is when someone tries to pressure the domain owner into transferring legitimate ownership to another person or organization that has registered a trademark that is reflected in the domain name.

Examples of cybersquatting:

What is an example of cybersquatting? It can take on many different forms, but to illustrate this, here are some quick cybersquatting examples.

1. Registering a domain name such as “microsoftsupport” to trick people into thinking it’s an official Microsoft website.
2. Take a domain name like “cococola-official” to sell counterfeit products.
3. Registering a famous person’s name, such as “elonmusk.net” and using it to extort money from them or damage their online reputation.

2. Is domain squatting illegal?

Is cybersquatting illegal? Well, unless you’re engaging in protective domain squatting, which is legal, all other forms of squatted domains and cybersquatting can have legal consequences.

This is because any unwitting domain squatting or bad-faith registration can be viewed as unethical and/or a trademark infringement, and it is hugely damaging to the brands affected.

Domain squatting and cybersquatting laws:

Here is a list of relevant domain and cyber squatting laws, protocols, and corporations.

• Anticybersquatting Consumer Protection Act (ACPA): A law that made domain squatting illegal
• Uniform Domain Name Dispute Resolution Policy (UDRP): Requires all domain-name disputes to be resolved by agreement, court action, or arbitration
• Internet Corporation for Assigned Names and Numbers (ICANN): A non-government, non-profit corporation coordinating Internet processes, including domain name system management (DNS)
• National Arbitration Forum: A dispute resolution provider, including in domain name disputes
• WHOIS: An Internet database that identifies domain name registrants, and how to get in touch with them

3. Why does domain squatting matter to brands in 2024?

Now that you understand the different types and examples of domain squatting and cybersquatting, let’s talk about why it matters.

1. Your reputation is at stake: When fake search results reflect negatively on your enterprise, it damages your reputation and business, regardless of whether it’s your site. Customer confusion could reduce trust in your brand.
2. You need to maintain full control: If someone else has a domain name with your trademark, then you cannot establish a cohesive online presence, or control your digital identity.
3. Recovery is costly and time-consuming: Resolving domain name disputes can be a lengthy and expensive process; time and money that would be far better invested in growing your brand.
4. You don’t want to miss any opportunities: Traffic that is being driven to the wrong website is a lost opportunity for marketing, growth, communication, and sales.

Enterprises must ensure there are no fake domains associated with their business. When domain squatters register an internet domain associated with the domain of your company, they may try to sell that domain to your company, or use it for malicious intentions of their own.

4. Trends in domain squatting and cybersquatting

Let’s take a look at the scope of domain squatting and cybersquatting this year. From the long-lasting impacts of the pandemic to the rise of AI and automation, here are four trends to be aware of.

1. Domain squatting is here to stay

Hijacked web domains are not new, and their incidence is up. According to the World Intellectual Property Organization (WIPO), cases have risen by 68% since the pandemic, and by 7% in the past year alone. In the chart below, you can see the statistics recorded by the WIPO for case filings for cybersquatting in the past year alone.

[INSERT THIS GRAPH]

2. AI and automation are fuelling the fire

With AI and automation, cybercriminals can identify high-value domains before businesses have a chance to secure them. This means that it’s easier than ever to run a domain squatting or cybersquatting operation at scale.

3. Filing a complaint can cost up to $3,000

When it comes to average recovery costs for domain name disputes, the fees and expenses for filing a complaint can cost in the region of $750—$3000. And, of course, this does not count the loss of revenue from e-commerce, marketing, and communication during this time.

4. Resolving a domain dispute can take 60 days after filing

According to Harvard.edu, it can take two months for a domain name dispute to be resolved. This means that for almost a whole quarter of the year, trademarks and businesses have to face the consequences of customer confusion, tarnished online reputation, and loss of earnings.

5. 4 domain squatting incidents

Now, let’s look at some famous domain squatting and cybersquatting cases that have occurred in the past few years.

1. Microsoft

For a good story about unintentional domain squatting, you can see what happened with teenager Mike Rowe registered MikeRoweSoft.com and Microsoft sent him a 25-page order to cease and desist. The case was eventually settled out of court, and Mike negotiated an Xbox and some training in exchange.

2. Madonna

When businessman Dan Parisi purchased the domain www.madonna.com, Madonna filed a complaint that he did not have rights to the business name and that he was acting in bad faith. She won the case and took over ownership of the domain.

3. Bruce Springsteen

When a fan club site took the domain brucespringsteen.com, the singer could not claim it back, as he did not register the domain. Even today, he is still unable to use this domain, despite it being no longer active.

4. Google

When Google forgot to renew its Google.com domain in 2015, an ex-employee managed to register it, and Google bought it back from him for $6,006.13 (which spells “Google”). They doubled this amount when he donated it to charity.

Other big names that have been hijacked:

There are countless stories of brands suffering squatted domains. Here are a few of the most famous trademarks that have been affected in the past.

• Chevron
• The Red Cross
• UNESCO
• 3M
• Getty Images
• Hawaiian Airlines
• Warner Brothers
• Toshiba
• Xerox
• The NHS
• Siemens
• Volvo

6. Best practices to sidestep domain squatters

So, with cybersquatting cases on the rise, what can brands do to protect themselves?

The short answer: Invest in domain ownership protection.

At CybelAngel, we focus on hijacked domains, so you don’t have to.

We use augmented machine learning to identify and track domain squatters and sensitive data leaks—all the way through remediation (as requested).

It works by:

1. Monitoring your domain: Identifying any fake sites or look-alike domains that are leading to phishing malware.
2. Detecting threats: Helping you to proactively block any dormant domains and detect any alternate versions of your domain.
3. Removing risks: 95% of malicious domains can be removed by our remediation team, without you having to lift a finger.

So now, you can enjoy peace of mind about your domain name, and focus on growing your online reputation in total security.

Wrapping up

If you want to protect yourself from domain and cybersquatting, the key is to find out where your data is vulnerable—before cybercriminals do.

With its domain protection services, CybelAngel is armed with advanced machine learning and cybersecurity analysts to keep your domain names and online presence safe. 

If you have any concerns about cybersquatting on your domain, get in touch.

And if you’re curious about the wider world of cybersecurity in 2024, why not check out our annual report? We’ve analysed 192 trillion data points to break down all the latest trends and insights—so that you’re equipped for the year ahead.