Digital adversaries use domain squatting, a flexible and common cyber threat strategy, to impersonate your brand, direct traffic away from your website, and defraud your users, fans, and customers.

We’re delving deeply into the world of domain squatting in this week’s blog post. You’ll discover what domain squatting is, how it operates, and how to defend your business and brands from online criminals who have the ill-intentioned goal of misusing your trademarks, defrauding the public, and harming your reputation.

What is Domain Squatting?

Cybersquatting, also known as domain squatting, occurs when a cyber adversary chooses one of the following:

1. Registers an Internet domain name with your name, business name, or logo in bad faith with the intention of reselling it to you for a high price, or
2. Registers an Internet domain name that is similar to your personal or business domain in bad faith with the intention of stealing visitors from your site and/or defrauding your clients.

How Do Domain Squats Operate?

Opportunistic and malicious domain squatters can generally be divided into two groups.

The aim of opportunistic domain squatters is to register brand-new domains that contain the names of wealthy businesses or famous people, then resell the domains to the targeted entities at exorbitant prices.

As an example, opportunistic domain squatters might:

• Observe listings of domain names that will soon expire to spot opportunities for squatting,
• Register domains with the names of upcoming stars and startup businesses, and
• Attempt to register domains in recently registered corporations’ names by keeping an eye on their listings.

The objective of a malicious domain squatter is to register a domain that will enable the squatter to pose as the targeted company, redirect its web traffic, and conduct cyberattacks against its staff and clients.

Evil domain squatters employ strategies like:

• Typosquatting – The squatter registers a slight typographical error-containing variation of the target domain name. 

• Homograph Squatting – The squatter takes advantage of the Internationalized Domain Name (IDN) registration process by registering a variant of the target domain in which one or more characters are changed for visually comparable characters from a different language.
• Homophone Squatting – By substituting a word or sound in the target domain name with another that has a similar sound, the squatter registers a variation of the target domain name. With the popularity of text-to-speech search engines like Amazon Alexa and Google Assistant rising, homophone squatting is becoming more and more common.
• TLD squatting is the practice of registering a domain with your name or a name that is nearly identical to yours under a different top-level domain (TLD).

• Combo Squatting – A variation of the target domain name with the words “payment,” “verification,” “support,” or “rewards” in the URL is registered by the squatter. For instance, a squatter might try to register a domain like “ACME-support[.]com” in order to pretend to be the customer support team at ACME Bank.
• Level Squatting – The squatter registers a domain with a subdomain that contains the target’s domain name. The address bar on a mobile browser might not be wide enough to display the entire URL, making mobile users particularly vulnerable to level squatting attacks.

Malicious domain squatters use the domains they create to launch cyberattacks, while opportunistic cybersquatters try to sell domains back to businesses for a premium price. Phishing campaigns, malware distribution, command-and-control (C2) attacks, data collection, and fraudulent advertising revenue have all been supported by malicious domains.

Is domain squatting prohibited?

Domain squatting is illegal in the United States under the Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d), passed in 1999.

Under the ACPA, a domain name registrant who registers a domain name that is either identical to or “confusingly similar” to a distinctive trademark and who has a bad faith intention to profit from the mark may be sued by the owner of the distinctive trademark.

If: An ACPA claim frequently succeeds.

1. There is a well-known brand,
2. The registered domain name of the defendant is confusingly similar to the trademark, and
3. With the intention of making money off the trademark, the defendant registered the domain name in bad faith.

The process of winning an ACPA claim can be time-consuming and costly. Extenuating circumstances, such as when the domain registrant resides outside of the United States or when the defendant successfully argues “fair use” of the trademark, can also complicate ACPA claims.

What You Can Do to Prevent Domain Squatting

1. Even before you need them, register the domains you require.

By registering the domains you absolutely need for your company or personal brand, you can defend yourself against a domain squatting attack in the first and most effective way possible. Even if you don’t immediately intend to create a website, simply owning the domain name prevents someone else from snatching it.

In order to prevent someone from holding your domain name hostage against your will, it’s also crucial to list yourself as the owner of record.

It’s likely that an opportunistic squatter will purchase your LLC if you register it before you own the corresponding domain name and may attempt to resell it to you at an exorbitant price.

2. Register Similar Domain Names

Once you have secured the desired domain name or names, you can proceed to register any domain names that are confusingly similar to your own. This will make it more challenging for online criminals to pass as you or direct users away from your website.

In your efforts to have domain names that are similar to yours registered, you might want to:

• Domain names that contain typos in your domain name,
• Similar-looking domain names to yours that only differ by one or two characters,
• Similar or identical domain names registered under different top-level domains (such as.info,.co,.biz, etc.).

3. Join the Trademark Clearinghouse (TMCH) and register your brand.

The Internet Corporation for Assigned Names and Numbers (ICANN) manages the Trademark Clearinghouse (TMCH), a central database of authenticated trademarks.

You have first dibs on registering your trademark domain on newly released TLDs if you register your trademark data with the TMCH. Additionally, it gives you the authority to file a Uniform Rapid Suspension (URS) with the National Arbitration Forum in accordance with the Uniform Domain-Name Dispute-Resolution Policy (UDRP) in response to any domain squatting attacks you notice.

4. Keep an eye on the public attack surface

Malicious domains are frequently hosted by cyber adversaries in the deep web, where they are hidden from search engines but still accessible through standard browsers. Cyber adversaries can use this to conceal their domain squatting infrastructure from cybersecurity experts while using it to launch phishing scams or distribute malware.

The Best Way to Stop a Domain Squatting Attack

What do you do if a domain squatting attack against your company is found by your security team?

It’s time to act when you see a cyber adversary impersonating your brand and defrauding your customers using a fraudulent domain. Here are four actions you can take to stop the attack and safeguard your company’s reputation.

1. Contact the Domain Squatter

You can attempt to get in touch with the domain squatter as a first step. You can ask them to stop, try to buy the phony domain from them, or send them a cease-and-desist letter asserting your IP rights and ordering them to stop using your brand’s name as a parody.

Simple communication is unlikely to stop a determined cyber attacker from causing trouble. Then it’s time to proceed to the following action.

2. Contact the Domain Registrar and Hosting Company

While hosting companies provide the servers that cyber adversaries use to host malicious domains, domain registrars manage the registration of Internet domain names.

When it’s obvious that a domain is being used for malicious intent, domain registrars have the authority to delete or deactivate the domains they’ve registered. Hosting companies are generally happy to remove domain squatting infrastructure from their servers because malicious domains violate their terms of service.

3. File a Complaint under UDRP

If you’ve registered your brand with the trademark clearinghouse (TMCH), you can use the UDRP by bringing a lawsuit against the domain-name holder or bringing a dispute to a provider of dispute-resolution services that has been approved by the Internet Corporation for Assigned Names and Numbers (ICANN).

In accordance with the UDRP, disputes resulting from abusive domain name registrations (such as domain squatting abuses) can be settled through an expedited administrative procedure that is started by the trademark holder. By doing this, trademark owners can combat domain squatters without having to deal with the time, expense, and complexity of filing a lawsuit or succeeding in arbitration.

4. Lawsuit Against Domain Squatter Under the ACPA

You have the option to take legal action against a domain squatter under the ACPA as an alternative to or in addition to making a UDRP complaint. Here’s the distinction:

The domain registrar may be forced to cancel, suspend, or transfer the domain name if your UDRP complaint is successful, but that is the only relief you can expect. You must file a lawsuit under the ACPA in order to pursue statutory damages and hold domain squatters accountable.

For each domain name that the defendant registered in bad faith, the plaintiff can ask for statutory damages of between $1,000 and $100,000 in domain squatter lawsuits in the US.

Conclusion

You should now have a solid understanding of what domain squatting is and the various tactics used by bad actors. Building a thorough threat defense requires an understanding of cybercriminals’ thought processes.

If you discover that a squatter has registered your preferred domain name, weigh all of your options before pursuing costly legal action. Being aware of and ready for a domain squatting attack beforehand is frequently the best form of defense.