What is cybersquatting, domain squatting and how to prevent it
What is cybersquatting?
Cybersquatting refers to the act of registering or using a domain name that cashes in on another person’s (or business’s) trademark. Also known as domain squatting, cybersquatting is considered a cyber crime, with victims able to take those using their name for profit to court.
Most of the time, a cybersquatter will purchase a domain name that shares a name with a famous brand or celebrity, and either piggyback on their search engine traffic to make money through on-site advertising or offer to sell the domain to the owner of its trademark for an inflated price. This is reflected in the etymology of the term, which originates from traditional ‘squatting’, whereby people would occupy unused or abandoned properties they do not own or have any right to use.
While different variations of cybersquatting exist, the intention is always to profit from someone else’s popularity or trademark. One way cybercriminals achieve this is by registering domain names for people or businesses using a different top-level domain. For example, a business might own the .com version of their brand page, but not a .au one.
However, the opportunity for cybersquatters blooms when a copyright holder neglects to renew their domain registration, leaving cybersquatters open to swoop in and register their already established domain for themselves.
Generic top-level domains
The problem has been exacerbated by the new generic top-level domains (GTLDs) that have become available over the past decade; while the .com homepage of your trademark may be safeguarded, you might not think to check for the .ninja, .biz or .clothing versions (you can imagine how quickly adidas.clothing got snapped up). Today, there are thousands of GTLDs available on the market, making keeping up with them no simple feat, not to mention expensive if businesses want to buy back their brand piecemeal.
Typosquatting is another common form of cybersquatting. In this case, cybersquatters register domains that are common misspellings of popular sites (for example, linkdein.com rather than linkedin.com) and use them to host phishing scams, thereby taking advantage of people who make a typo. A famous example of this took place in the early 2000s when a Russian man registered the domains ghoogle.com and googkle.com and used these pages to place malware on the computers of people landing on his pages. Google won the rights to both domains in 2005.
Cybersquatting on social media
The act of cybersquatting is also common to social media, causing most platforms to list the act as a violation of their terms of service.
Twitter’s policies threaten account suspension if a user is seen to be attempting to sell usernames or otherwise extort money from fellow members, as well as forbidding non-parody impersonation of celebrities or brands. To help users distinguish parody and fan accounts from the real deal, Twitter also instigated a ‘blue tick’ policy. Verified usernames of famous people and brands are accompanied by a ‘verified account’ insignia as a token of authenticity. Instagram does the same thing, while Facebook requires mobile phone authentication to create a username and reserves the right for trademark holders to claim usernames attempting to cash in on their name.
Notable cybersquatting cases
Cybersquatting is an ongoing problem for brands and celebrities, necessitating constant vigilance to spot fake accounts and websites popping up, and requiring prompt renewal of any domain names already held. Here are just a few of the most infamous cybersquatting cases in internet history.
Back in 2015, online auction platform eBay won back a staggering 1,153 domain names that it claimed had been registered in bad faith. The domains all included the word “ebay” and three numbers followed by a .net or .com suffix. The case is one of the biggest settled by the World Intellectual Property Organization’s Arbitration and Mediation Centre to date.
Famed singer, actress and retailer Jennifer Lopez fell prey to a cybersquatting scam in 2009, with sites jenniferlopez.org and jenniferlopez.net popping up to swindle money from the star’s fans by bombarding them with ads and affiliate links. Following a lengthy lawsuit, the star won back both domains, which were returned to the Jennifer Lopez Foundation.
Cybersquatting laws in Australia
If you are an Australian business or organisation that’s fallen prey to cybersquatting or typosquatting, you may be able to gain control over the domain by taking the matter up with .au Domain Administration Ltd (auDA). The auDA is the authority for the .au (Australian) domain space and will be able to dispense legal advice for your situation.
Your first port of call for any domain name disputes is to consult the .au Dispute Resolution Policy (auDRP). This is an independent arbitration process that’s designed to be more cost-effective than launching fully-fledged litigation proceedings against a cybersquatter. However, it can still cost between $2,000 and $4,500 depending on how many people you want to review your case.
Alternatively, you can raise a complaint with the auDA for free by using its official complaints form. With this option, it is important to note that if the domain in question is found to be guilty of cybersquatting, it will be deregistered completely rather than being moved into your possession, meaning that it will be available to the next person who attempts to register it.
Complaints relating to the auDRP can be lodged with any auDRP Provider, who will be able to appoint an independent arbitrator to investigate your complaint. One of the better known auDRP Providers is the World Intellectual Property Organization (WIPO), which has been a leading international arbiter of cybersquatting trademark disputes since 1999.
For details of the process and costs relating to dealing with cybersquatting in Australia, see the .au Dispute Resolution Policy.
The definition of a cybersquatter is that they act in deliberate bad faith in order to incur personal gain. So, if you suspect a website of cybersquatting, it’s important that you can identify what its intentions really are, which isn’t always as easy as it sounds.
If you are a celebrity, it can be even trickier to tell whether a site is cybersquatting or if it is just paying homage to your work. The main giveaway is if there are advertisements present on the page. If there are, that means the owner of the site is making money from people visiting and viewing your content, which can be grounds for a cybersquatting allegation.
Here is an at a glance checklist to help you tell whether the website you’re looking at is engaged in cybersquatting:
- Does the site have a clear ‘for sale’ holding page?
- Are the products on the site related to your brand or industry?
- Does the webpage prompt you to download anything? (If so, never consent to this as many cybersquatting sites exist to spread phishing malware)
Some people might even be cybersquatting without realising simply by neglecting to research their domain name before they make the purchase. In this case, it is sensible to contact the domain name registrant before jumping to any conclusions.
You can find the name and address of any domain name owner using WHOIS Lookup. This will allow you to get in direct contact with the owner of the domain, find out whether their use of your brand is intentional, and even see whether they would be willing to sell you the domain at a reasonable price. This gives you both the opportunity to avoid any legal issues – and their associated costs.
To avoid becoming an accidental cybersquatter yourself, be sure to use freely available tools, like Google and the Australian Business Name (ABN) registry, to make sure you aren’t stepping on someone else’s toes – it will save you a lot of hassle in the long run.
What can be done to stop a cybersquatter?
There is little you can do to safeguard completely against cybersquatting, short of buying up all conceivable domain iterations of your brand name and its potential misspellings. The most you can do is follow the best practice of checking regularly to see if a copycat website has popped up, and know what to do should it occur.
Since many cybersquatting sites will attempt to trick your computer into sending over your private details or try to instal malicious software on your device, it’s vital that you have the appropriate vulnerability management in place before you go investigating. A managed security service can help you safeguard your personal information and your business against phishing software and other threats.
If you’re operating a business, you may want to look into investing in some CASB solutions. Cloud access security brokers (CASBs) are software tools that act as gatekeepers between your business’s local infrastructure and that of your cloud provider, ensuring that any traffic reaching your business complies with your security policies.
Once you’ve carried out the checks mentioned above and have come to the conclusion that you’re dealing with a case of deliberate cyberstalking, you can:
- Raise a free complaint with the auDA through its official complaints form – just remember, if found guilty, the domain name will be deregistered completely and so may be bought up again by another cybersquatter.
- Consult the .au Dispute Resolution Policy and launch an independent arbitration process at a cost of $2,000 or more
- Report the incident to the Internet Corporation of Assigned Names and Numbers (ICANN) to enact the Uniform Domain Name Dispute Resolution Policy (UDNDRP), an international policy for the resolution of domain name disputes. If your claim is successful, the domain name will be cancelled or transferred to you, but this will not result in any financial remedies
- Hire a trademark attorney to look into the case for you. While this option is likely to be more pricey, it has the advantage of providing legal advice and dedicated service around your individual circumstances
- Pay the cybersquatter. The idea might leave you with a sour taste in your mouth, but sometimes this is the easiest – and cheapest – option, particularly in the case of accidental cybersquatting.