Table of Contents:
Online credibility is very difficult and time-consuming to establish, and yet it can take only minutes to ruin.
Online scammers and fraudsters are always lurking and seeking opportunities to exploit your brand in one way or another, and out of the different cybercrimes performed every day, domain name squatting is one of the oldest types of crimes available.
Despite being as old as probably the internet itself, domain name squatting, or cybersquatting, is still a very dangerous threat, and the number of domain name squatting attacks has also shown a rapid increase in recent years.
As the name domain name squatting suggests, in this type of attack, a cybercriminal registered a domain name that is related to your trademarked brand name.
This allows the cybercriminal to monetize the domain name ownership in several different ways, including but not limited to:
Domain name squatting can hurt a business’s online reputation and credibility, and in this post, we will learn how to protect your business from such attacks.
We can’t properly understand what domain name squatting is and how cybercriminals can take advantage of owning a domain name without first understanding what a domain name is.
A domain name is a string of characters that is paired with a physical IP address on the internet. An IP address like 192.168.0.1 is hard to remember, but a domain name like “Google.com” is much easier to memorize and pronounce.
In practice, a domain name acts as a complete address for a website. For us, “redpoints.com” is our domain name, and for Instagram, “instagram.com” is the domain name.
Domain names are also often used in email addresses after the @ symbol, like “email@example.com.” This is important because many businesses use their domain names in their corporate email addresses, and when receiving an email, people will often check the sender’s address’s domain name to verify their identity.
The thing is, due to them being in a hurry or simply being too trustful, people can be tricked by domain names that look similar to legitimate businesses’ names. For example, an email address with “go0gle.com” or “google.biz” as the domain name may mislead users into thinking that the email address comes from Google.
This is the basis of a type of cybercriminal called a similar domain name attack or look-alike domain attack, which is rooted in domain name squatting.
Domain name squatting, also often called ‘cybersquatting,’ is a type of cybercriminal in which a perpetrator registers a domain name that is similar to an existing trademark, a business name, or in some cases, a well-known individual’s name with malicious intent.
Typically, these malicious intents are driven by financial motivations (i.e., cybercriminals looking to monetize the squatted domain name.) However, in rare cases, the motivation can be non-financial, typically personal vendetta or political.
Cybercriminals can monetize the squatted domain name in many different ways, for example:
This is a non-exhaustive list, and cybercriminals may attempt various other ways to exploit and monetize the domain name.
Nevertheless, we can see that these schemes and scams using squatted domain names can ruin the trademark owner’s reputation, sometimes permanently.
If you are currently struggling with domain name squatting, the fact that domain name squatting is considered illegal in the US and many other countries and that you are legally protected may give you some relief.
The Internet Corporation for Assigned Names and Numbers (ICANN) and the US Federal government have established special legislation acts and policies to protect trademark owners from domain name squatting/cybersquatting, mainly with the ACPA (Anticybersquatting Consumer Protection Act).
ACPA, as the name suggests, is Federal legislation regulating the registration of domain names to prevent people from registering domain names that are identical or unmistakably similar to trademarked brand names (and, to some extent, individual names). Besides ACPA, there are also other legislation acts like Uniform Domain Name Dispute Resolution Policy (UDNDRP) that can provide protection for trademark and service mark owners from being attacked by domain name squatting practices.
With these legislations in place, when someone owns a domain name that is substantially related or similar to a trademarked name, they have to prove their legal intent in owning this domain name, or else it will be considered bad faith registration with malicious intent, and may be forced to transfer or forfeit this domain name.
Under ACPA and other legislative acts controlling the practice of cybersquatting, an alleged domain squatting/cybersquatting act must fulfill these two main criteria before it can be legally considered cybersquatting:
To be legally considered domain squatting, the domain name must be either completely identical or unmistakably similar to a registered trademark.
However, there’s no fixed definition of what’s considered similar, so in practice, the evaluation can be subjective. During a domain name squatting case, the court will conduct a professional evaluation as to whether the domain in question can confuse or deceive the general public and especially the trademark owner’s customers, clients, or other stakeholders.
It is possible that someone that is not the trademark owner registers a domain name that is unmistakably similar to a registered trademark or famous people’s name without any malicious intent.
It’s also worth noting that a trademarked name in one country may mean a totally different thing in another.
For instance, let’s say “example.com” in Singapore is owned by a mining company, while “example.biz” in Brazil is owned by a restaurant business. This specific example cannot be considered a legitimate domain name squatting case.
Below are examples of malicious intent that may legitimize a domain name squatting/cybersquatting case:
If you are currently looking to get a domain name for yourself or your business and are not sure whether the domain name is currently cybersquatted, you can start by typing the domain name you’re looking to get in your browser’s address bar, then hit enter.
You’ll then get a few possible scenarios:
While it’s understandable that it might be disappointing not to be able to get the domain name you’re looking for, don’t panic and assess your options:
If you happen to find the domain name owned by someone else (squatted or otherwise), then you can use websites like ICANN’s lookup, whois.com, or other websites providingWHOIS lookup features to identify the registered owner of the domain name.
Then, before anything else, attempt to contact the registered owner. Mention that you are the legitimate trademark owner of the domain name, and provide adequate proof when needed.
Start by asking nicely whether they are willing to forfeit the domain name and transfer ownership to you.
If you are lucky and the domain owner happens to not have any malicious intent against you, then they might be open to simply transfer ownership of the domain name to you.
Of course, some of these domain owners might be looking to make some money by selling the domain name to you, and if the price is right, we’d recommend simply purchasing the domain name rather than going for the litigation process or arbitration, which will be more time-consuming and expensive.
If you are a trademark owner that currently resides in the US, the Anticybersquatting Consumer Protection Act (ACPA) provides you with the legal option to sue an alleged domain squatter in federal court.
If you happen to win the case under ACPA, you can force the transfer or cancellation of a disputed domain name to the trademark owner, and in some cases, you may also be able to get the squatter to pay monetary damages.
If you decide to sue under ACPA, you should be able to prove:
Typically, if you decide to pursue litigation under the ACPA, you will need to get professional legal assistance from a qualified attorney. Keep in mind that the litigation process can be quite long and can be relatively expensive, so prepare everything accordingly.
ICANN’s Uniform Domain Name Dispute Resolution Policy (UDNDRP) provides trademark and service mark owners that reside in the US with a legal option to resolve disputes related to domain names.
Similar to litigation under ACPA, when deciding to file a complaint to the ICANN, you will need to prove the following:
Arbitration under ICANN is typically faster and relatively inexpensive than the ACPA procedure, and you can take this option without the assistance of an attorney.
Although you do have the legal options to force the domain owner to transfer ownership to you or cancel the registered domain names impersonating your brand, the process can be lengthy and expensive, and it’s always better to prevent the problem from occurring in the first place.
Here is how you can prevent domain name squatting from affecting your business or brand.
While you may be eligible to seek legal help against domain squatting affecting your business, it will help to register your trademarks, service marks, copyrights, patents, and all your other Intellectual Properties (IPs) to provide you with adequate legal footing in the event of domain squatting or other brand abuse/infringement attacks.
Besides, if your brand name or IPs are claimed by others before you register your trademarks, it can create a whole lot of problems on top of the domain squatting issue, so it’s always better to be safe than sorry later.
Consider the fact that registering for a domain name shouldn’t cost you much, only between $10 and $10 per year for a domain name, which is obviously much more affordable than the reputational damage and legal battles you’d otherwise need to handle in domain name squatting situations.
Keep in mind that cybersquatters often register for recently searched domains with the hope that they can sell the domain to the searcher for a higher premium later. So, act fast, and if you find a domain name you feel is relevant/important, register it as soon as possible rather than being sorry later.
A common domain squatting technique involves the perpetrator registering expired domain names that are not (yet) renewed, so you’d want to renew them before their expiry dates.
First, check with your hosting provider or domain name registrar whether they offer domain ownership protection. With protected registration, you can retain ownership even if the domain is expired or if there are attempts to transfer.
Even if your hosting provider doesn’t offer ownership protection, typically, a reliable hosting provider will send you multiple reminders before the domain is actually expired, so this might not be a major issue.
Yet, we’d recommend writing down your domains’ expiry dates somewhere just to be safe.
A common scenario often exploited by squatters is when a business is not 100% sure whether to continue the business next year, which is common for struggling smaller companies and startups.
In such cases, if you are still not sure, it’s best to renew the domain name anyway (which, again, shouldn’t cost you a lot). This is to avoid having to spend more re-acquiring the domain name later on.
Unfortunately, claiming your domain names won’t stop malicious cybercriminals from impersonating your squatting similar domain names and exploiting your brand identity.
Ideally, you should conduct a 24/7 monitoring of all your brand assets, but obviously, this will be too difficult and time-consuming to do.
Red Points make the entire process easier. With Red Points’ Impersonation Removal Software solution, you can automate the process of finding and removing fake accounts, apps, websites, and domains, allowing you to continuously protect your brand identity and reputation in real-time.
Red Points’ solution uses AI-powered search technology to scan the internet 24/7 for any kind of brand impersonation and stops these impersonations through automatic enforcement, reporting, and takedown.
Domain name squatting can be a major threat to any business in this digital age and can cause significant financial, reputational, and potentially legal damages.
In this guide, we’ve shared all you need to know about domain name squatting and how to prevent it from affecting your brand. However, without a clear strategy, 100% prevention of domain name squatting can be very challenging in practice.
Proactive prevention and protection of your brand by implementing real-time anti-cybersquatting protection like Red Points’ Brand Protection Solution remains the best bet to protect your IPs and domain names.