đź“Ś Get the latest strategies to protect your revenue in your inbox

What is domain name squatting?
Brand Protection
9 mins

What is domain name squatting?

Table of Contents:


    Online credibility is very difficult and time-consuming to establish, and yet it can take only minutes to ruin.

    Online scammers and fraudsters are always lurking and seeking opportunities to exploit your brand in one way or another, and out of the different cybercrimes performed every day, domain name squatting is one of the oldest types of crimes available.

    Despite being as old as probably the internet itself, domain name squatting, or cybersquatting, is still a very dangerous threat, and the number of domain name squatting attacks has also shown a rapid increase in recent years.

    As the name domain name squatting suggests, in this type of attack, a cybercriminal registered a domain name that is related to your trademarked brand name. 

    This allows the cybercriminal to monetize the domain name ownership in several different ways, including but not limited to:

    • Extorting you to purchase the domain name at a scalped price
    • Creating a fake website with the squatted domain name, tricking your audience into visiting the fake website, and launching a phishing scheme
    • Selling counterfeit/non-existent products on a fake ecommerce website using the squatted domain name.

    Domain name squatting can hurt a business’s online reputation and credibility, and in this post, we will learn how to protect your business from such attacks.

    Red Points' Domain Protection

    What is a domain name?

    We can’t properly understand what domain name squatting is and how cybercriminals can take advantage of owning a domain name without first understanding what a domain name is.

    A domain name is a string of characters that is paired with a physical IP address on the internet. An IP address like is hard to remember, but a domain name like “Google.com” is much easier to memorize and pronounce.

    In practice, a domain name acts as a complete address for a website. For us, “redpoints.com” is our domain name, and for Instagram, “instagram.com” is the domain name.

    Domain names are also often used in email addresses after the @ symbol, like “john@redpoints.com.” This is important because many businesses use their domain names in their corporate email addresses, and when receiving an email, people will often check the sender’s address’s domain name to verify their identity.

    The thing is, due to them being in a hurry or simply being too trustful, people can be tricked by domain names that look similar to legitimate businesses’ names. For example, an email address with “go0gle.com” or “google.biz” as the domain name may mislead users into thinking that the email address comes from Google.

    This is the basis of a type of cybercriminal called a similar domain name attack or look-alike domain attack, which is rooted in domain name squatting.

    The anatomy of domain name squatting

    Domain name squatting, also often called ‘cybersquatting,’ is a type of cybercriminal in which a perpetrator registers a domain name that is similar to an existing trademark, a business name, or in some cases, a well-known individual’s name with malicious intent

    Typically, these malicious intents are driven by financial motivations (i.e., cybercriminals looking to monetize the squatted domain name.) However, in rare cases, the motivation can be non-financial, typically personal vendetta or political.

    Cybercriminals can monetize the squatted domain name in many different ways, for example:

    • Selling the domain name to the original trademark owner at a premium price.
    • Selling the domain name to the trademark owner’s competitor.
    • The perpetrator starts a similar business, leveraging the trademark owner’s reputation to deceive their customers or clients into purchasing fake/non-existent goods.
    • Creating a fake website using the domain name to spread ransomware, then extorting its victims
    • Creating a fake website using the domain name to attract visitors and launch

    This is a non-exhaustive list, and cybercriminals may attempt various other ways to exploit and monetize the domain name.

    Nevertheless, we can see that these schemes and scams using squatted domain names can ruin the trademark owner’s reputation, sometimes permanently.

    Is domain name squatting legal?

    If you are currently struggling with domain name squatting, the fact that domain name squatting is considered illegal in the US and many other countries and that you are legally protected may give you some relief.

    The Internet Corporation for Assigned Names and Numbers (ICANN) and the US Federal government have established special legislation acts and policies to protect trademark owners from domain name squatting/cybersquatting, mainly with the ACPA (Anticybersquatting Consumer Protection Act).

    ACPA, as the name suggests, is Federal legislation regulating the registration of domain names to prevent people from registering domain names that are identical or unmistakably similar to trademarked brand names (and, to some extent, individual names). Besides ACPA, there are also other legislation acts like Uniform Domain Name Dispute Resolution Policy (UDNDRP) that can provide protection for trademark and service mark owners from being attacked by domain name squatting practices.

    With these legislations in place, when someone owns a domain name that is substantially related or similar to a trademarked name, they have to prove their legal intent in owning this domain name, or else it will be considered bad faith registration with malicious intent, and may be forced to transfer or forfeit this domain name.

    What practices are considered domain name squatting?

    Under ACPA and other legislative acts controlling the practice of cybersquatting, an alleged domain squatting/cybersquatting act must fulfill these two main criteria before it can be legally considered cybersquatting:

    1. Unmistakable similarity

    To be legally considered domain squatting, the domain name must be either completely identical or unmistakably similar to a registered trademark.

    However, there’s no fixed definition of what’s considered similar, so in practice, the evaluation can be subjective. During a domain name squatting case, the court will conduct a professional evaluation as to whether the domain in question can confuse or deceive the general public and especially the trademark owner’s customers, clients, or other stakeholders.

    2. Malicious intent behind the registration

    It is possible that someone that is not the trademark owner registers a domain name that is unmistakably similar to a registered trademark or famous people’s name without any malicious intent. 

    It’s also worth noting that a trademarked name in one country may mean a totally different thing in another.

    For instance, let’s say “example.com” in Singapore is owned by a mining company, while “example.biz” in Brazil is owned by a restaurant business. This specific example cannot be considered a legitimate domain name squatting case. 

    Below are examples of malicious intent that may legitimize a domain name squatting/cybersquatting case:

    • Extortion: The domain name is purchased with the sole intention of selling it at a higher price to the trademark owner.
    • Malware infection: The domain name is used to spread malware infection, including ransomware.
    • Phishing: creating a fake website to steal the victim’s personal and/or sensitive information like credit card information and banking details. 
    • Selling counterfeit goods: create a fake ecommerce site and sell counterfeit products on the site. This can damage the trademark owner’s reputation.
    • Affiliate marketing: redirecting website visitors to another eCommerce store, and the cybersquatter can receive affiliate marketing commissions on each sale.
    • Redirecting traffic: redirecting website visitors to other websites. The perpetrator might be paid by the trademark owner’s competitors to redirect traffic to their websites.

    Are you a victim of domain name squatting?

    If you are currently looking to get a domain name for yourself or your business and are not sure whether the domain name is currently cybersquatted, you can start by typing the domain name you’re looking to get in your browser’s address bar, then hit enter.

    You’ll then get a few possible scenarios:

    • You get the official “this site can’t be reached” error message from your browser. This means the site is not squatted and is available for registration.
    • You land on a website (typically poorly designed) that displays “this domain is for sale,” “under construction,” or sometimes “can’t find server,” among other similar messages. In such scenarios, it’s clear that the domain is squatted and that the owner aims to get a profit by selling the domain name to you.
    • You land on a website that sells products and services similar to what you sell under your trademark. The domain is squatted, and the owner aims to exploit your trade name to gain traffic. This is a clear domain name squatting/cybersquatting case. 
    • You land on a website with the intended domain name, but it doesn’t compete with your products or services. This is not a domain name squatting case but may be eligible as a trademark infringement case.

    If you are a victim of domain squatting: Your options

    While it’s understandable that it might be disappointing not to be able to get the domain name you’re looking for, don’t panic and assess your options:

    1. Contacting the registered owner

    If you happen to find the domain name owned by someone else (squatted or otherwise), then you can use websites like ICANN’s lookup, whois.com, or other websites providingWHOIS lookup features to identify the registered owner of the domain name. 

    Then, before anything else, attempt to contact the registered owner. Mention that you are the legitimate trademark owner of the domain name, and provide adequate proof when needed.

    Start by asking nicely whether they are willing to forfeit the domain name and transfer ownership to you.

    If you are lucky and the domain owner happens to not have any malicious intent against you, then they might be open to simply transfer ownership of the domain name to you.

    Of course, some of these domain owners might be looking to make some money by selling the domain name to you, and if the price is right, we’d recommend simply purchasing the domain name rather than going for the litigation process or arbitration, which will be more time-consuming and expensive. 

    2. Legal litigation under the ACPA

    If you are a trademark owner that currently resides in the US, the Anticybersquatting Consumer Protection Act (ACPA) provides you with the legal option to sue an alleged domain squatter in federal court. 

    If you happen to win the case under ACPA, you can force the transfer or cancellation of a disputed domain name to the trademark owner, and in some cases, you may also be able to get the squatter to pay monetary damages.

    If you decide to sue under ACPA, you should be able to prove:

    • The domain name is either identical or confusingly similar to your trademark or service mark
    • The domain owner’s malicious intent in registering and using the domain name
    • That you have registered your trademark or business name at the time this domain name was registered
    • You were the first one to use the trademark for business, and the trademark is qualified under the existing trademark laws.

    Typically, if you decide to pursue litigation under the ACPA, you will need to get professional legal assistance from a qualified attorney. Keep in mind that the litigation process can be quite long and can be relatively expensive, so prepare everything accordingly.

    3. Legal arbitration through ICANN

    ICANN’s Uniform Domain Name Dispute Resolution Policy (UDNDRP) provides trademark and service mark owners that reside in the US with a legal option to resolve disputes related to domain names.

    Similar to litigation under ACPA, when deciding to file a complaint to the ICANN, you will need to prove the following:

    • The domain name is either identical or confusingly similar to your trademark or service mark
    • The domain owner does not have rights to the trademarked name and/or hasn’t expressed any legal interest in the domain name
    • The domain owner’s malicious intent in registering and using the domain name

    Arbitration under ICANN is typically faster and relatively inexpensive than the ACPA procedure, and you can take this option without the assistance of an attorney.

    How to prevent domain name squatting and scams

    Although you do have the legal options to force the domain owner to transfer ownership to you or cancel the registered domain names impersonating your brand, the process can be lengthy and expensive, and it’s always better to prevent the problem from occurring in the first place.

    Here is how you can prevent domain name squatting from affecting your business or brand.

    1. Register your trademarks and IPs

    While you may be eligible to seek legal help against domain squatting affecting your business, it will help to register your trademarks, service marks, copyrights, patents, and all your other Intellectual Properties (IPs) to provide you with adequate legal footing in the event of domain squatting or other brand abuse/infringement attacks. 

    Besides, if your brand name or IPs are claimed by others before you register your trademarks, it can create a whole lot of problems on top of the domain squatting issue, so it’s always better to be safe than sorry later.

    3. Register your domain name variations

    Consider the fact that registering for a domain name shouldn’t cost you much, only between $10 and $10 per year for a domain name, which is obviously much more affordable than the reputational damage and legal battles you’d otherwise need to handle in domain name squatting situations. 


    • Variations of your trademarked name, including common misspellings
    • Registering more top-level domains (.com, .org, .net, .biz), at least the common ones. Also, if you are planning to run your business in multiple countries, register the country-specific top-level domains associated with these countries (i.e., .us, .uk)

    Keep in mind that cybersquatters often register for recently searched domains with the hope that they can sell the domain to the searcher for a higher premium later. So,  act fast, and if you find a domain name you feel is relevant/important, register it as soon as possible rather than being sorry later.

    4. Pay attention to domain expiry dates

    A common domain squatting technique involves the perpetrator registering expired domain names that are not (yet) renewed, so you’d want to renew them before their expiry dates.

    First, check with your hosting provider or domain name registrar whether they offer domain ownership protection. With protected registration, you can retain ownership even if the domain is expired or if there are attempts to transfer.

    Even if your hosting provider doesn’t offer ownership protection, typically, a reliable hosting provider will send you multiple reminders before the domain is actually expired, so this might not be a major issue. 

    Yet, we’d recommend writing down your domains’ expiry dates somewhere just to be safe.

    A common scenario often exploited by squatters is when a business is not 100% sure whether to continue the business next year, which is common for struggling smaller companies and startups. 

    In such cases, if you are still not sure, it’s best to renew the domain name anyway (which, again, shouldn’t cost you a lot). This is to avoid having to spend more re-acquiring the domain name later on.

    5. Invest in an active and automated brand monitoring solution

    Unfortunately, claiming your domain names won’t stop malicious cybercriminals from impersonating your squatting similar domain names and exploiting your brand identity.

    Ideally, you should conduct a 24/7 monitoring of all your brand assets, but obviously, this will be too difficult and time-consuming to do. 

    Red Points make the entire process easier. With Red Points’ Impersonation Removal Software solution, you can automate the process of finding and removing fake accounts, apps, websites, and domains, allowing you to continuously protect your brand identity and reputation in real-time.

    Red Points’ solution uses AI-powered search technology to scan the internet 24/7 for any kind of brand impersonation and stops these impersonations through automatic enforcement, reporting, and takedown.

    What’s next

    Domain name squatting can be a major threat to any business in this digital age and can cause significant financial, reputational, and potentially legal damages.

    In this guide, we’ve shared all you need to know about domain name squatting and how to prevent it from affecting your brand. However, without a clear strategy, 100% prevention of domain name squatting can be very challenging in practice.

    Proactive prevention and protection of your brand by implementing real-time anti-cybersquatting protection like Red Points’ Brand Protection Solution remains the best bet to protect your IPs and domain names. 


    You may like...

    How to prevent and protect from typosquatting
    How to detect duplicate websites
    Domain management: What is it? Why should you care?