Protecting intellectual property includes understanding cybersquatting. Learn about why people resort to this cybercrime and how it can affect your business.
How many times have you searched for a website but landed on a completely different one after missing a letter or two in the name? These types of misspellings are a common occurrence, but there’s sometimes a nefarious reason behind why it happens.
There’s no shortage of bad actors and hackers ready to use a brand, organization, or individual’s reputation for monetary gain, and plenty of people will go to great lengths to ruin reputations online. When these practices occur, authorities refer to them as cybersquatting. You can be a victim of a cybersquatted domain and not even realize it. So, here’s what you need to know about this type of cybercrime.
The common practice of cybersquatting, or domain squatting, involves the practice of registering a domain confusingly similar to the trademark of an organization or person without their express consent. Essentially, cybersquatters do this in bad faith to profit from a well-known brand’s recognition and success. Although financial gain is often the primary goal, cybersquatting can also tarnish the reputation of an organization, business owner, or person.
There are many methods to cybersquatting, but let’s break down the practice into three elements:
Defining what is acceptable for a confusing or identical name is challenging. The cybersquatting definition contains the term “confusingly similar,” but this is a somewhat subjective terminology requiring determination on a case-by-case basis.
Another term found in the cybersquatting definition is “trademark.” This encompasses both registered and unregistered trademarks.
A brand can become famous long before registering a trademark. This may prompt a cybersquatter to buy a domain name in advance to get the brand owner to pay a premium price for it in the future. Although people and organizations can seek compensation or legal action for cybersquatting involving an unregistered trademark, they must prove that they owned the trademark before the domain was registered.
The intent of the registrant can play a crucial role in cybersquatting cases. If they’re “operating in bad faith,” they contain some of the following action intents:
Gaining traffic to generate money from affiliate marketing and advertisements.
Implementing phishing scams or spreading malware.
Ruining an individual’s or company’s reputation.
Making the rightful trademark owner pay a premium to own the domain.
Tarnishing or competing with the original domain’s mission.
Selling the domain to the original trademark owner’s direct competitors.
Building a similar business to trick customers and leverage a brand’s goodwill for financial gain.
In some instances, two domains are unintentionally similar or confusingly similar without bad intent. This is where the hearing authority determines if there isn’t an apparent interest to compete or cause harm to other trademark owners.
Princeton is an excellent example of when confusingly similar domains can’t claim cybersquatting. The prestigious American university holds the Princeton.edu domain name, but a similar domain name, Princeton.in, can be tracked to a club in India with no affiliation to the university. Since the two organizations operate in different fields and have legitimate interests in their domains, it isn’t cybersquatting.
Cybersquatting comes in many forms. That’s why the definition leaves room for interpretation and why cybersquatting cases can drag on for long periods of time.
A Top-Level-Domain (TLD) is the final element of a domain name, such as “.com,” “.org,” and “.co.uk.” There are thousands of TLDs on the market, making it difficult for small to medium-sized companies to register multiple variants of their brand names. It’s even more challenging for famous individuals.
One way cybersquatters operate is by registering matching domains and using different TLDs. Creative cybersquatters might create offensive and inappropriate websites with matching or confusingly similar domains on different TLDs. They’ll then ask the original trademark owners to pay them to take those websites down. Others may use these websites to gain customers’ trust and make them susceptible to phishing attacks.
Typosquatting is a popular form of cybersquatting where the registrant intentionally goes after misspelled domain names. The typosquatter slightly changes the characters of the original spelling or their order.
If you take Twitter.com, for example, here’s how a cybersquatter might buy their domain:
People make typos every day, so misspelled domains can generate a lot of traffic.
Similar-looking domains don’t have to be confusingly similar all the time. Sometimes cybersquatters can add common words to mislead the original brand’s customers.
For example, let’s try it with Amazon.com and Microsoft.com:
These shouldn’t trick people too easily, but it can happen.
A gripe site is a website used by cybersquatters to ruin the original brand’s reputation, take revenge, or mock someone’s values and mission. For instance, if someone were to mock Microsoft, they could buy a domain name like microsoftisbad.com.
There are many instances where cybersquatters beat celebrities to the punch and buy domain names they would use.
A famous case involves soccer player Wayne Rooney and a man from the Liverpool area who bought waynerooney.com and waynerooney.co.uk while Wayne Rooney was a young prospect. The courts decided that the man saw the rising star’s potential and wanted to cash in on his trademark, so the domains were transferred to Wayne Rooney.
Celebrity cybersquatting also includes selling illegal merchandise, tarnishing someone’s reputation, or creating phishing attacks on unsuspecting fans.
A subdomain is another commonly used form of cybersquatting despite being less effective. The method involves splitting a domain name and creating a subdomain using one of the parts. For example, taking Britannica.com and making a website called britan.nica.com can be cybersquatting.
People rarely buy domains for a lifetime. Most, if not all, have expiration dates, meaning that original trademark owners have to renew the domain names. Cybersquatters might use this to snag the domain name from its rightful owner and sell it back at a premium price.
Homograph attacks are one of the most dangerous forms of cybersquatting. This method uses something called Punycode, which can enable a cybersquatter to register a domain name that, when converted, looks virtually the same in the URL bar as the original domain name. This is an issue because not all web browsers have security mechanisms to prevent and protect users from accessing Punycode websites.
You can avoid being a cybersquatting victim by taking preemptive measures. Even if you can’t get official protection, there are plenty of ways to ensure you can take legal action against cybersquatters.
You should register your organization’s trademark as early as possible to benefit from the full protection of the Anti-Cybersquatting Consumer Protection Act (ACPA) and Uniform Domain Name Dispute Resolution Policy (UDRP). These regulations still apply if a cybersquatter registers a domain name and you have an unregistered trademark, but you’ll need to prove you owned the trademark before the domain was registered. You don’t have to prove this with a registered trademark, and it will also help you decrease the chances of trademark infringement.
One of the best ways to protect yourself against cybersquatting is to buy domain names on more popular TLDs. Of course, this can get a bit expensive, especially before you start generating money from those websites. However, registering your trademark and becoming the domain owner on TLDs like .net, .com, and .org, among others, can make you a less attractive target for cybersquatters.
You can buy country-specific TLDs if you have an international brand or business to limit the cybersquatters’ choices even more. You can also purchase similar domain names, but this method can get even more expensive and is unnecessary if you’ve already registered your trademark domain name.
Another way to protect yourself is to learn how to spot instances of cybersquatting. For example, you can learn to identify websites that might be using your preferred domain name before you register it.
Since not all similar domain names are cybersquatting, it helps to test each site by simply accessing a website similar to yours. Addresses that redirect to functioning websites are much less likely to indicate cybersquatting. On the other hand, a domain name for sale, a lost server, or a website with only advertisements related to your registered trademark could be cybersquatting.
Of course, you can’t spend all your time browsing the internet for potential cybersquatters. But, if you constantly communicate with your audience, you could check their feedback and reports on similar websites.
You can sue cybersquatters under the two acts previously mentioned — the ACPA and UDRP. You’ll need to seek legal counsel, and an experienced lawyer can identify valid complaints to determine if you have a case.
If you quickly act on cybersquatting, you can prevent more damage to your reputation. Winning a cybersquatting dispute could also entitle you to financial compensation and the ownership of confusingly similar domains.
In cases where the squatter isn’t operating with bad faith intent, try reaching out first to save yourself expensive legal fees. You might be able to find a resolution through arbitration or without involving the authorities.
If good-faith negotiations aren’t possible, it might be best to take legal action. This will help protect you, your brand, and your customers or followers.
Unfortunately, cybersquatting is one of the easiest cybercrimes to commit and among the hardest to prove. The more prepared you are before you sue a cybersquatter, the higher the chances of the dispute going in your favor.
It’s recommended that you prioritize your trademark and copyright registration before building a website for your brand, yourself, or your organization to avoid being a victim of cybersquatting. Trademark Engine’s trademark and copyright registration services can simplify this process for you and put your brand in a position to mop the floor with cybercriminals in court.
Domains and trademarks are NOT the same, and Trademark Engine can not help with cybersquatting cases. Trademark Engine is not a law firm and none of the information on this website constitutes or is intended to convey legal advice. General information about the law is not the same as advice about the application of the law in a particular factual or legal situation. Individual facts and circumstances as well as legal principles including but not limited to the ones referenced on this website can affect the outcome of any given situation.
Trademark Engine cannot and does not guarantee that an application will be approved by the USPTO, that a mark will be protected from infringement under common US trademark law, or that any ensuing litigation or dispute will lead to a favorable outcome. If you want or have an interest in obtaining legal advice with respect to a specific situation or set of circumstances, you should consult with the lawyer of your choice.