What is CyberSquatting? Examples of CyberSquatting
Cybersquatting meaning and common cybersquatting examples. Cybersquatting vs Typosquatting. Protect your online business from Domain cybersquatting.
What is Cybersquatting?
Cybersquatting is a common practice where unauthorized people register domains that are identical to popular brands of businesses and individuals. Cybersquatting is practiced in bad faith such as illegally profit from a brand's popularity and trademark. There are different types of cybersquatting, including the more popular domain typosquatting and domain grabbing.
Cybersquatting vs Typosquatting
Cybersquatting is a general form of typosquatting. Typosquatting involves attackers creating domains with typos (spelling mistakes) match legitimate brands. On the other hand, cybersquatting is a broad category and includes all forms of illegally registering a domain to commit fraud, including typosquatting.
It is important to know that cybersquatting is not always committed with the intention of malicious use, though it is often done in bad faith such as sell domain at a profit. In this article, we use the term 'domain owner' other than attacker. When discussing typosquatting, the word 'attacker' is used as those who create the typosquatting domains usually have a malicious intent such as phishing, installing malware, running an e-commerce scam, among others. Cybersquatting can also be done to commit cyber attacks to individuals and businesses.
Examples of Cybersquatting
1. Registering a Domain Without the Intention of Creating the Website
A domain owner can target a domain registered as a .org, such as foodsolutions.org (hypothetical), and register a fake domain, foodsolutions.com. When users use the experience of all websites having .com domain extensions, they will be directed to the domain owner's website.
Domain owners also use country code level TLD (specific for each country) to register alternative domains to brand websites and organizations. A domain owner could register chase.au, where the .au extension is Australia's country code TLD. Here is the intention of such a decision: Assume that a person has registered the chase.co domain. The domain does not have a website or contains a big banner that states that the website is available for, let's say 100,000 US dollars. That means that the domain's owner did not have an intention of putting content into the site, but rather cybersquat it.
In an instance, the domain owner can claim that it is a case of domain parking while he or she develops the website. There is a fine line between cybersquatting and domain parking, also referred to as domain investing. However, if the domain has been parked for years, then to any common person, that is cybersquatting. So, when Chase Bank decides to create a domain for Australian users, their choice would be www.chase.au; however, the domain is squatted. Chase Bank can opt to negotiate with the domain holder for the domain for payment to transfer the domain (where people make millions of dollars doing), file a lawsuit against the domain holder with WIPO (World Intellectual Properties Organization), or opt for another domain.
International top-level domains (TLDs) such as .com, .net, and .org are the common go-to TLDs for cybersquatting.
2. Domains With Added Letters, Words, Numbers and Allowed Characters
This is a common case in cybersquatting. A user registers a domain that is a variation of the original domain. This action can either be intentional or by coincidence.
a) tiktok.com vs tiktoks.com
Let's take Bytedance’s TikTok case for example, as presented by a WIPO report. Tiktok was the most downloaded application in the US in October 2018, after its initial release outside China in May 2017. The application ranked #1 in most app stores, including Apple Store and Amazon. It ran under the official domain www.tiktok.com and was visited by about 157 million users between September 2019 and February 2020.
In 2018, a domain www.tiktoks.com was registered and acquired by two Australian friends, Fotios and Alan in 2019 for $2000 with the anticipation of exponential growth by the video-sharing network, TikTok. The domain tiktoks.com was used as a ‘follow-for-follow’ business. In the same year, 2019, growtiktok.com, tiktokcharts.com, tiktokexposure.com, and tiktokplanet.com were created (they have since become inactive according to the WIPO report).
In 2020, Bytedance filed a lawsuit with WIPO against the domain owners of tiktoks.com and later amended to include the owners of growtiktok.com, tiktokcharts.com, tiktokexposure.com, and tiktokplanet.com, winning the case. Before, Bytedance had offered the owners of tiktoks.com $145,000 for the domain, which the latter declined. WIPO ruled for Bytedance and all disputed domains were to be transferred to the complainant, Bytedance.
b) microsoft.com vs mikerowesoft.com
Here is the reason we opted to refer to cybersquatters as domain owners (with a component of bad faith of course) and not attackers. There is an infamous incident that followed a David vs Goliath situation where Mike Rowe, a Canadian, owned and operated a domain mikerowesoft.com. Well if he was David, you can guess the Goliath - yup, Microsoft! The cybersquatting claim by Microsoft was not in the spelling, as in other cases we have highlighted, but in the pronunciation. Although the case was handled amicably by both parties in the end, Microsoft was not received with open arms by the public due to their initial approach to the matter. Initially, the over 160B-dollar revenue company (as of 2022) sent the 12th grader, Mike, a 25-page cease and desist order after Mike refused an earlier-proposed $10 compensation from Microsoft for the domain.
Other reported cases of cybersquatting have full words added to brand websites. Some include amazonshop.com, foxnews-entertainment.com, and facebookwinners2020.com. These are all examples of cybersquatting.
3. Swapping Similar-Looking Characters On a Domain
In this case, attackers simply change one or more letters for a legitimate domain and register a fake domain. For instance, consider a hypothetical organization, MedLink Insurance with a domain and a website www.medlinkinsurance.com. A domain owner goes ahead and creates the domain, www.rnedlinkinsurance.com. Have you spotted the difference? An attacker simply replaced the m in the legitimate domain with the letters rn in the fake domain hoping to trick users. This swapping method is popular where users are required to click links and be directed to fake websites.
Here are popular swapped letters and characters in domain names:
-
\o\ with \0\ Eg. google.com with g00gle.com
-
\i\ with /l/ (lowercase L) E.g. twitter.com with twltter.com
-
/l/ (lowercase L) with /1/ E.g walmart.com with wa1mart.com
-
/rn/ with /m/ E.g amazon.com with arnazon.com
-
/s/ with /5/ E.g instagram.com with in5tagram.com
Purpose of Cybersquatting
Domain owners have different reasons for cybersquatting. The most common reason for cybersquatting is to benefit from a legitimate business’s trademark, whether the business currently exists or is in the process of officially coming online.
The benefit can be of many ways, but here are the most common:
1. Sell a Cybersquatting Domain to the Trademarked Business for Profit
A domain owner can register a domain and park it to solely sell the domain to a business with a related domain or business name. As we saw in the case of Tiktok, cybersquatting can be done so that the domain owners can sell the domain to a legitimate business and financially benefit from it. A mere domain can cost about $10, $20, or thereabout. However, when a trademarked business comes looking to purchase the domain and make it their own, the cybersquatting domain owners can ask for hundreds of thousands of dollars. In the case of tiktoks.com, the domain owners had requested $145,000 to transfer the domain to Bytedance, the owners of tiktok.com.
2. Benefit from a Trademarks Fame and Influence
This is another common reason domain owners register cybersquatting domains. This is often targeted at celebrities and famous businesses that do not have an online presence. As stated in types of cybersquatting, a domain owner can register a domain www./famousmovieacter’sname/.com. When users search for the name of the movie actor, there are shown results that include the domain owner’s cybersquatting domain. The domain owner can earn revenue by selling merchandise related to the actor or ads placed on the page.
3. Spoil a Business’s Name and Trademark
Most of us have experienced a sense of dislike against a person, organization, or political party, name it. Well, some users have acted on these feelings and created cybersquatting domains with dislike words such as the word ‘sucks’ attached to the domain. Once, the domain mitsubishisucks.com was created to showcase everything the domain owner thought was wrong with the company, from customer complaints, safety concerns with their vehicles, and technical failures, among others.
According to cNet, in 1997, the www.whitehouse.com domain was created. It was strikingly similar to the www.whitehouse.gov, a government website. When people search for the whitehouse.com domain, they were directed to a website with adult content. That is a pure case of cybersquatting.
Protect a Business From CyberSquatting Attacks
If you are an organization, here are steps you can take to protect against typosquatting attempts on your domain:
1. Register a domain early.
Register your domain immediately when you plan to launch a product or service business. You can legally park a domain and put content briefly explaining the purpose of the site and the progress of product development.
2. Trademark your domain.
Trademarking a domain ensures that no person or entity can register a domain similar to yours. Further, your domain is protected from being copied without your permission which is not only a trademark violation but also constitutes a violation of federal law in most countries including the US.
3. Register different versions of your domains.
During domain registration, you can also register typo versions of your website. You can then redirect users to the real domain from the cybersquatting domain.
4. File a Complaint with WIPO against cybersquatting domains and websites.
As soon as you discover a cybersquatting domain, contact WIPO (World Intellectual Property Organization) and prove that the cybersquatting domain is acting in bad faith.