What is cybersquatting? Preventing domain hijacking and brand misuse
- 2 months ago
- 5 min read
Bad manners, grudges, and name-calling… sounds like playground antics, but this is the online world of cybersquatting. Including domain squatting and typosquatting, this illicit digital activity is usually for malicious, political, or financial gain but is a popular stunt among satirists too. Read on to learn more about cybersquatting and the efforts to combat it.
What is cybersquatting?
Navigating the digital landscape is hard enough, let alone introducing the drama and politics of domain names. Throw in nasty behavior and some lawsuits, and you’ve got an introduction to the world of cybersquatting.
Going beyond just simple domain registration, cybersquatting is a complex and evolving practice in the digital landscape. At its core, it involves the bad faith use or registration of domain names, often with the intent to deprive rightful owners or profit from others' trademarks. This practice has expanded to include username- and handle-squatting across online and social media platforms, extending its reach beyond just domain names.
Modern cybersquatting
Digital troublemakers have developed a range of techniques and forms of cybersquatting over the years. The traditional form, domain squatting, involves the registration of domain names similar to established brands or trademarks—the registration of netflix-movies.com would be an example. The practice has evolved to include username and handle squatting on social media, meaning that bad actors claim the names resembling known brands or public personalities. Typosquatting, another common technique, involves registering domains with common misspellings of popular websites—think netflux.com or netfllix.com. You can see these in action in Figure 1: there are many ways to manipulate a domain name for cybersquatting purposes.
Internationalized Domain Name (IDN) cybersquatting utilizes visually similar characters from different scripts to create deceptive domains—netflíx.com looks just like the true domain until you notice the accent on the ‘i’. In Figure 2 we see several real examples of IDN cybersquatting, extracted from the Dataprovider.com database.
The motivations behind cybersquatting are primarily financial or malicious. Many cybersquatters attempt to sell domains to trademark owners at inflated prices, seeking financial gain, while others use these domains for more nefarious purposes, like phishing, scams, malware distribution, or just redirecting to competitor websites. In some cases, cybersquatting is used for political leverage: individuals register domains related to political figures or movements, as seen with cases from Australian senators to US presidential tickets, for negative consequences. These activities create a complex and often problematic ecosystem, affecting businesses, individuals, and the overall integrity of the internet.
Cybersquatting extends across various languages, exploits different top-level domains—like by registering netflix.jp before the company itself can—and employs sophisticated techniques to bypass traditional safeguards. It is absolutely not limited by language or geography. The introduction of new generic TLDs (like netflix.film) has added another layer of complexity to the cybersquatting landscape, both in terms of new opportunities for squatters and new challenges for brand protection. While most cybersquatting is profit-driven, there are non-commercial forms such as cybergriping, where individuals register domain names to criticize or parody organizations: ex-South Park writer Tony Morton is (in)famous for creating spoof websites and using humor to combat hate. However, this raises questions about the balance between free speech and name or brand protection.
At Dataprovider.com, we developed our own system to identify cybersquatting for the top 100,000 websites, based on the traffic they receive and a few other indicators.
Take a look at the number of cybersquatting domains we detect for each of the ten target domains in Figure 3. According to our data, nearly 2,400 domains targeted the main domain of the US based airline United in September 2024, while YouTube.com and 3m.com were targeted by 1,040 and 1,014 cybersquatters, respectively. We also see three major adult sites among the top 10: explicit links are popular targets for cybersquatters because they attract large volumes of traffic, making mistyped or similar domains highly profitable through ads, affiliate links, or redirects. Additionally, adult sites generally face weaker brand protection, allowing cybersquatters to exploit misspelled URLs and monetize them with less resistance from site owners.
Combatting Cybersquatters
Understanding cybersquatting means understanding the domain ecosystem. Key players include ICANN (the Internet Corporation for Assigned Names and Numbers), which governs the domain name system globally, registries that manage top-level domains, and registrars that facilitate the registration of domain names. This ecosystem establishes the backdrop against which cybersquatting occurs. and the foundation on which it can be combatted.
Legal proceedings, often through the UN’s World Intellectual Property Organization (WIPO), have become a common recourse for companies and individuals fighting cybersquatting. Recent high-profile cases illustrate the complexity of these battles: Canva recently secured 174 domain names through legal proceedings, demonstrating the scale of cybersquatting targeting major brands. Conversely, the case of GigPig highlights the potential for abuse of anti-cybersquatting measures, with the company being accused of reverse domain hijacking. These cases underscore the intricate nature of cybersquatting disputes and the challenges in fairly resolving them.
New elements of brand protection have emerged in response to the threat of (commercial) cybersquatting. Preemptive domain ‘warehousing’ is a common response to these kinds of threats: companies register as many domain variations as they can think of to protect their brand. This proactive approach, while effective, contributes to the saturation of the internet's domain space.
Besides proactive domain management, AI and machine-learning tracking technologies are being developed to help detect cybersquatting. Digital tools and databases—like what we've developed at Dataprovider.com—are solid resources for monitoring particular domain names and identifying cybersquatting attempts. Many businesses implement redirection networks and systems that redirect traffic from similar domains to the legitimate website. There are now more ways to try and mitigate the issue, but it's what happens after the fact that remains an issue. On the legal front, companies and policymakers are utilizing existing laws and pushing for new legislation to address emerging forms of cybersquatting—but it remains a murky and complicated realm.
For now, the best course of action is for companies to keep a tight overview of their domain portfolios and expand where necessary, and for online visitors to check, double-check, and re-check the URLs of important websites.
The Future of Cybersquatting
As the internet continues to evolve, so too will the challenges and solutions related to cybersquatting. We can expect to see enhanced tracking technologies emerge, offering more sophisticated tools to identify and prevent cybersquatting attempts in real-time. The legal landscape is likely to expand, with the development of more comprehensive international legal frameworks to address cybersquatting across jurisdictions. Maintaining the delicate balance between robust brand protection measures for business, while preserving the principles of fair use and free speech in the digital space, promises to remain a hard task. With the growing popularity of emoji domains and TLD developments, we'll never be rid of the risk, but it's not impossible to keep on top of it. This digital ecosystem challenge will requite ongoing vigilance, technological innovation, and legal adaptations to address its evolving nature and impact on businesses, individuals, and the integrity of the internet as a whole.