What is Domain Squatting? Here’s What You Need To Know

FYEO
9 min readAug 19, 2022

--

Domain squatting isn’t necessarily illegal, but it is a bad faith act committed for personal gain. On its own, cybersquatting is as simple as someone purposefully registering a domain name similar to someone else’s trademark with the ill intent to turn a profit.

There are a few ways domain squatters can generate the profit they’re after, but one of the most popular methods is to eventually sell the domain to the trademark holder. After all, good domain names are becoming increasingly harder to find.

However, domain squatters have also found more malicious ways to make a profit, and depending on how the domain name is being used, it could cross the line into cybercrime. For instance, domain squatting can form the foundation for a phishing scheme intended to scam you out of your crypto, which is a serious federal offense.

So, how do you identify a cybersquatting case, and what’s your recourse when dealing with a squatter? Even more importantly, what can you do to protect your business before becoming a domain squatting victim? Here’s what you need to know.

What is Domain Squatting?

By the time most people ask what domain squatting is, they’ve already found that a domain name they wish to purchase is not available. However, just because a domain name you want is already registered doesn’t mean cybersquatting is to blame.

Domain squatting occurs when a person registers a domain name with certain knowledge and intent. For example, someone who just learned that “Freddy’s Cycles” has recently been trademarked, and then goes looking for domain names that match that trademark, would be classified as a domain squatter.

On the other hand, a guy named Freddy who fixes bikes in his garage wouldn’t be considered a domain name squatter just because he purchased freddyscycles.com — even if a bike manufacturer had trademarked the name.

The difference is that the latter person acted out of legitimate interest in the domain name. In contrast, the former person only purchased it with the intent to generate personal gain using someone else’s trademark.

In either case, the trademark holder of Freddy’s Cycles might end up paying thousands of dollars to acquire the domain name, whether they understand what domain squatting is or not.

So, before you pursue a domain name registered by someone else, you need to ask: Does the situation qualify as domain squatting? If it does, you might have a few options beyond negotiating directly with the squatter.

How Do Domain Squatters Earn Money?

Now that you know what domain squatting is and how to recognize it, here’s a closer look at how domain squatters plan to make their money, along with an example that draws the line between immoral and illegal.

Buying and Selling Domain Names

The classic ploy pulled by domain squatters is to find domain names similar to trademarks. The more recognizable a trademark is, the more valuable a domain name becomes, whether it’s an exact match or extremely similar.

Domain squatters may hold on to a trademark for years. After all, it only takes a few dollars to register and renew a domain name annually. At some point, their goal is to get in touch with the trademark holder or, more often than not, just sit and wait to be contacted.

After the initial research involved in finding a good domain name, the time and money spent on their pet project are minimal, and it can pay off big. Surprisingly, this style of domain squatting is not considered illegal, and your options for getting the domain name you want might be limited.

Phishing Schemes

Phishing schemes are the perfect example of how domain squatting can cross the line into cybercrime.

When planning a phishing scheme, domain squatters will try to find names almost exactly the same as an existing site, often by dropping letters or finding a misspelling (often referred to as “typosquatting”).

Once they’ve secured the domain, scammers will go out of their way to create a website that mimics the real thing. For example, PayPal.com is consistently targeted by these schemes, and if a user doesn’t catch on quickly, they might accidentally expose their login information using a phony form.

In addition to online banking users, cryptocurrency users are also becoming increasingly popular targets of these schemes. Because of the nature of cryptocurrency, it can be much harder to track these scammers — not to mention that getting your money back is nearly impossible.

Fake Ethereum giveaway sites, fake groups promising big Bitcoin returns, and sites promising a fast and easy way to buy or exchange crypto top the list of the most popular schemes domain squatters are using to exploit the unsuspecting.

What Can You Do If A Domain Name You Want Is Taken?

It can be very frustrating when you come across a domain name you want to have, only to find out that someone else already owns it. It’s doubly disappointing if the domain name matches your trademark, since not having that name could make it harder to grow your brand.

However, before jumping to conclusions, you must remember that domain squatting is done with certain knowledge and intent. On top of that, remember that domain squatting isn’t necessarily illegal, so simply identifying someone as a squatter doesn’t give you rights to the domain name.

If there’s a domain name you want, the first step is usually finding out who the registrant is. From there, you have a few options to try and get it, whether they’re cybersquatting or not.

Attempt To Negotiate With The Owner

There is no way to just “take” a domain name if it’s registered by someone else. However, you can look up the WHOIS information to see who owns it. By law, all domain registrants must collect the domain registrant’s name, email, phone number, along with other contact information.

However, WHOIS information is not always publicly available and doesn’t always represent the individual who owns the name. For instance, some people use a registered agent, so they don’t have to put their own name, email, and phone number into a public database.

No matter who is listed as the registrant — whether it’s an individual, a professional agent, or a corporation — you should make every attempt to reach them and discuss the domain name. This might even mean sending snail mail or faxing a letter over, and it might take many attempts before you hear back.

If you choose to negotiate on your own like this, here are some tips:

  • Never threaten or harass the owner of the domain name.
  • Make it clear who you are and why you want to acquire the domain name (i.e., you own a relevant trademark).
  • Express your desire to fairly compensate them for the domain name.
  • Include your contact information, along with multiple ways to reach you.

Once you’re in touch with the domain name owner, you can use evaluation tools that consider things like the length of the domain name, the commonality of the words within it, and the extension (i.e., .com vs. .net) to give you an idea of the name’s value on the open market. Of course, if the domain name is related to a trademark you hold, it will be worth even more to you.

Professional negotiation services do exist if you want someone to do the legwork for you, and they can also offer guidance on what a fair offer for the domain name might be.

Wait For The Domain To Expire

Domain name registration must be renewed every 12 months, which is why you might have luck waiting until the owner decides they don’t care to renew the domain name anymore (or they simply forget).

Even in the case of a cybersquatter, there’s a good chance the domain name owner won’t renew a name indefinitely. So, it’s always worth checking the WHOIS information to see when the domain name is set to be renewed.

Better yet, get a domain monitoring tool setup to ensure you don’t miss it if the domain name becomes available again. Assuming the registration simply expires, you can buy the name for the standard rate (about $10.95).

It’s very important to monitor any domain names you might want to purchase in the future, because domain squatters often use tools that help them track soon-to-be-expired domains. So, if a small business is currently using the domain name you want and forgets to renew it, a domain squatter could swoop in, buy it, and try to resell it to them for a lot more money than the standard registration fee.

Of course, there’s no guarantee that the domain you want will expire. When looking at the WHOIS information, you might see that someone has already registered the domain name for many years into the future, in which case the waiting game isn’t in your favor.

Can I Sue Someone for Domain Squatting?

It’s also important to recognize that you probably are not legally entitled to a domain name, even if it’s similar (or even a perfect match) to a term or phrase you have trademarked. However, now that you know what domain squatting is, you might be able to make a case for yourself under the right circumstances.

Proving that the owner of a domain name is cybersquatting means proving they intentionally acquired something similar to your trademark, intending to profit from it. Not only is that difficult, but the associated court case will also be time-consuming and costly.

Still, if someone uses a misleading domain name similar to your trademark, it’s well within your right to pursue legal action. And, if they’re using it for a phishing scheme or other malicious endeavor, that goes beyond cybersquatting and enters the realm of cybercrime, which you should certainly report.

Now, in the absence of cybercrime, there are two legal options you need to know about to help you get the domain name you want: ACPA and ICANN.

How ACPA Can Help You Get a Domain Name

ACPA stands for the “Anti-Cybersquatting Consumer Protection Act.” It is an option where you can negotiate with the domain squatter first, and if you can’t come to a compromise, you can find an attorney and go through the legal proceedings. Think of it as “evicting” the domain squatter from the domain you want.

Some essential things to understand about the ACPA are:

  • You must be the trademark owner.
  • The trademark was distinct when the squatter purchased the domain.
  • The person who purchased the domain name intentionally acted in bad faith to profit from your trademark (i.e., truly a squatter).
  • The domain is identical or “misleadingly similar” to your trademark. For instance, freddyscycling.com might be similar enough to Freddy’s Cycles to warrant a case.
  • The trademark is unquestionably distinct, you were the first to use it, and therefore it qualifies for protection under trademark law.

Before trying to take them to court, you might want to rethink negotiations if you’re uncertain about two things:

  • If you’re not sure that you meet all the criteria mentioned above; or
  • If you simply acknowledge that some of those things will be very hard to prove (i.e., the domain name owner acted in bad faith)

How ICANN Can Help You Get a Domain Name

The other option for pursuing legal action when you want a domain name is to sue the domain squatter under the Internet Corporation of Assigned Names and Numbers’ (ICANN) arbitration system, which applies internationally.

Unlike an ACPA lawsuit, resolving domain name concerns through ICANN takes far less time and costs far less money. But, here are some things to note about the ICANN arbitration method:

  • Your case will be overseen and guided by one of the experts ICANN provides.
  • The Uniform Domain Name Dispute Resolution Policy (UDNDRP) will determine the process.
  • Parties will not be able to achieve any financial remedy under ICANN’s arbitration process.

Similarly to the ACPA process, you will need to reasonably prove that you have a legal right to the domain name (i.e., you have an active trademark and that trademark was in place when the domain name was registered).

Tips to Prevent Cybersquatting

If you want to protect yourself from domain name squatters, one of the best things to do is prevent it from the get-go by registering any domain names you want early. As new domain name extensions (.app or .io) become available and gain traction, it’s worth registering them, too.

Once you have the domain names you want, you should set them to auto-renew and plan to register them for more than one year at a time. From there, setting up a domain monitoring tool like FYEO Domain Intelligence will provide the ongoing protection your business needs.

FYEO Domain Intelligence is our threat monitoring platform that works in real-time to alert you whenever a domain similar to yours is registered. If the registrant’s intent is considered malicious, FYEO’s team of analysts can even help you take down the domain to avoid spoofing, phishing, and lookalike schemes from tricking your employees or customers.

In addition to domain monitoring, you can get real-time protection for every employee at every endpoint in the organization with the browser extension known as FYEO Agent — the end-user client of the FYEO DI platform.

The FYEO Agent detects and warns users of potentially malicious links from areas outside of email (e.g., Telegram, Discord, etc.) at the browser level. All that information is then sent back to the Domain Intelligence portal, meaning your employees can take threat protection from reactive to proactive and crowdsourced.

Interested in learning more? Explore how Domain Intelligence can help you beat domain squatters today.

--

--

FYEO

FYEO is a leading cybersecurity company that utilizes the power of AI and decentralized technologies to secure individuals and enterprises from cyber threats.