What Is Cybersquatting?
What is cybersquatting? Cybersquatting refers to the act of registering or using a domain name to profit from a trademark, corporate name, or personal name of an individual.
In the context of this cybersquatting definition, domain squatting takes place as either a form of extortion or as an attempt to steal business from a rival. It is possible, however, that a domain was registered in good faith. In this case, it would not be cybersquatting. In other words, domain squatting does not occur when a valid business name is registered without any ill intention—even if the name is already in use.
Is Cybersquatting Ilegal?
Yes, cybersquatting is illegal. Passed in 1999, the Anticybersquatting Consumer Protection Act (ACPA) enables aggrieved parties to use the court system to go after people for “registering, trafficking in, or using a domain name confusingly similar to, or dilutive of, a trademark or personal name.”
Cybersquatters can be sued in federal court by trademark owners using the ACPA law. If the trademark owner prevails, they may be granted monetary damages as well as a court order compelling the cybersquatter to hand over the domain name.
For cybersquatting cases to be successful under ACPA, the following requirements must be satisfied.
1. The Mark Has to Be Recognizable
For the trademark to be “diluted” by the domain name, the mark must have been well-known when the domain name was registered. “Dilution” happens when the trademark infringement weakens the identity of a brand, particularly through copying or imitation.
2. The "Squatter" Is Engaged in Illegal Activity, with the Aim of Benefiting
As mentioned above, accidentally having the same domain name as another company is not necessarily illegal, primarily if there is no intent to infringe on the other company's rights.
To illustrate, if someone goes to their town hall and searches through the names of newly registered businesses with the intention of registering domain names they can then sell to these businesses, that would be cybersquatting.
On the other hand, say you started a new business called Jones Consulting, and you register the domain jonesconsulting.com. If a woman named Joan in your area has a company with the domain joansconsulting.com, you most likely will not be found guilty of cybersquatting. The similarity in the names would have been accidental.
Types of Cybersquatting
There are several different kinds of cybersquatting, all of which are illegal.
One of the most prevalent forms of cybersquatting is typosquatting. In this case, the cybersquatter purchases misspelled domain names for well-known brands on purpose. The objective is to take users to a fraudulent website if they type a domain name incorrectly.
Typosquatting focuses on altering a domain's original spelling by introducing or deleting numbers, letters, or periods. It also entails changing the sequence of the letters or words inside a domain. In essence, typosquatting refers to taking advantage of potential typos.
For instance, the following can be considered typosquatting:
Cybersquatting can also be used for identity theft because someone can take a company’s identity and use it to create a similar Uniform Resource Locator (URL). If a user goes to that company’s website, they may end up on the fake site instead. At that point, the cybersquatter has, in effect, stolen the digital identity of their target.
For example, suppose your company just announced a joint venture with another organization and you have not purchased a URL yet. Your company’s name is Sky Computing, and the company you are joining forces with is Reach Digital. You send out a press release, stating that the name of the joint venture will be Sky Reach.
A cybersquatter wanting to take advantage of this “opportunity” can then hop online and register “skyreach.com.” When you register the URL you want, you see that it is already taken. This is illegal, and through the legal process, you can have the domain “skyreach.com” transferred to either your company, the partner company, or the joint venture.
In the United States, personal names can be trademarked. This usually only happens if the names have developed a secondary significance in the marketplace (such as Prince or Shakira). The ACPA may not always apply to name jacking because someone may have the same name as a celebrity, making it very hard to prove the domain registration was done in bad faith.
Name jacking can also occur on social media. Even without a registered domain name, creating a profile that represents a celebrity or well-known person may be considered cybersquatting. Given the abundance of fan sites now online, this is a gray area. However, if the website starts selling goods that violate the victim’s trademark or without proper licensing, that can help build the case for cybersquatting.
Reverse domain name hijacking (RDNH), also known as reverse cybersquatting, is a technique that is, in some ways, the opposite of cybersquatting. While purchasing a domain name that contains a trademark with the goal of making money off that trademark is cybersquatting, reverse domain hijacking is a little different. It happens when a person or business makes a false claim that she, he, or it owns a trademark and then takes unjustified steps to take your legitimate domain name away.
For example, suppose you registered a URL, IndustrialChemicals.com. Someone can start a business, name it Industrial Chemicals, and then claim that you are cybersquatting using their business name. In reality, they are trying to use ACPA to enable their own cybersquatting.
Here are some real-life cybersquatting examples:
- Walrmart44.com: This site was designed to spread spyware and adware.
- Facebookwinners2020.com: Users who went to this site were greeted with fake prizes and products that appeared to be free. They were also asked to fill out a form, providing their personal data, including date of birth, how much money they made, email address, and phone number.
- Xofnews.com: The cybercriminal that created this website copied the name and branding of Fox News. They then used the site to try to sell weight loss supplements.
- TikTok: Two men, thinking that the app TikTok would become a household name, bought this URL. In this case, their cybersquatting attempt worked, and TikTok’s parent company offered to pay $145,000 for the domain name. But the men refused the offer. TikTok filed a complaint and won.
- FoxWorldNews.today: Meant to trick people trying to visit the Fox News website, this site contains fake articles that promote a drug called Neuro Blast. It even claims that Bill Gates gets his cognitive power from the supposedly intelligence-enhancing pill.
- Android.co.in: A man named Jing Ren registered this domain and then put it up for sale. He was then sued by Google and lost the case.
- TikTok.in: This was another attempt by Jing Ren at cybersquatting. Following an arbitration, he was ordered to turn over the domain to ByteDance, TikTok’s parent company.
Impact of Cybersquatting on Businesses
Cybersquatting can result in a legitimate company's customers becoming the victims of fraud, data theft, or other forms of harm. This puts the business at risk of liability—or at the very least, losing the confidence of the public and investors.
Because cybersquatters emulate a company's URL, they can set up a similar-looking site to interact with the company's target audiences—without even having to hack its Domain Name System (DNS) to hijack the site.
And perhaps more concerning is the potential for an employee to click on a link contained in an email that looks as though it came from within the firm. This can result in the employee opening the company’s systems up to viruses or intrusion by a bad actor.
How To Prevent Cybersquatting
Here are some of the best ways to prevent cybersquatters from taking advantage of your organization:
- Register the name of your business right away.
- When buying a domain name, also opt for other common top-level domains, such as .net, .biz, or .org.
- Get familiar with the ACPA and how you can use it to protect your domain.
- Reach out to the cybersquatter and see if they are willing to sell you the domain at a good price.
How Fortinet Can Help?
As your company grows and becomes more established online, cybersquatters and other criminals are more likely to target it. With the Fortinet Security Fabric, you can close various security gaps using a central, simplified system. You can identify threats and enforce security policies on individual endpoints, clouds, and networks. If impacted by a threat, regardless of the source, your organization can more easily mount a response and protect your digital assets.
So if a malicious actor cybersquats on your domain and creates a site that looks a lot like yours, it is possible that employees visiting the fake site may click on a link designed to download malware. The Fortinet Security Fabric does not only prevent the download, but it can also register the fake site on a threat list, blocking employees from accessing it in the future.
What is cybersquatting?
Cybersquatting refers to the act of registering or using a domain name with the aim of profiting from a trademark, corporate name, or personal name of an individual. Some cybersquatting examples include Walrmart44.com, Facebookwinners2020.com, and xofnews.com.
How does cybersquatting happen?
Cybersquatters identify a company whose brand or URL they want to use and then register it. They may then either create their own site using the URL or try to sell the domain to the legitimate company.
Is cybersquatting legal?
No, cybersquatting is not legal because of the Anticybersquatting Consumer Protection Act (ACPA).
How can cybersquatting be prevented?
You can help prevent cybersquatting if you register the name of your business right away or opt for other common top-level domains, such as .net, .biz, or .org.