Domain Squatting: What You Need To Know

We’ve heard of ransomware stealing your files, but are you aware of cyber criminals holding domains for hostage? Domain squatting is a reality and here is what you need to know about it…
There are hundreds of different ways that cyber criminals scam internet users out of money. From creative letters from far removed relatives in Nigeria full of promised inheritances and scammy money transfers through to hacking into databases full of credit card information, cyber criminal activity is on the rise. While they are deceitful and dishonest, cyber criminals are not short of new and creative ways to rob people of their money, and domain squatting is no exception.
What is domain squatting?
Put simply, domain squatting occurs when cyber criminals register expired domains or domains that are strikingly similar to an already registered domain or trademark. They will then demand outrageous amounts of money to turn the domain over to the rightful trademark owner. While in possession of the domain the criminals will often create websites that could harm the business’s reputation, including pornographic material or encouraging negativity towards the brand. This makes the business or individual much more inclined to put up the money to release the domain.
Alongside website domain squatting cyber criminals also target social media platforms like Twitter and Facebook. The squatters will register a social media account similar to the individual’s name with a slight spelling difference or by adding “thereal” before the name. Cyber squatters will then post messages or images that will outrage followers. The person that the name actually belongs to will pay to get the rights to the account.
Cyber criminals will often aim for larger companies with established brands for higher payouts. For example, in 2014 Donald Trump sued the man who registered the domains trumpmumbai.com, trumpindia.com, trumpbeijing.com and trumpbudhabi.com. The man himself, J. Taikwok Yung, was ordered to pay $32,000 in damages. The courts identified the Anticybersquatting Consumer Protection Act as the reason behind the ruling, stating that “the registration of domain names of well-known trademarks by non-trademark holders who then try to sell the names back to the trademark owners” is punishable by law at up to $100,000 fine per offense.
Do to the global use of the internet, local and federal laws cannot persecute all of those who commit domain squatting. This problem was somewhat solved when the Internet Corporation of Assigned Names and Numbers (ICANN) created rules to be followed when using the internet around the world. As such, any rightful owner of a trademark can file a complaint against a squatter who is then forced to provide proof of ownership or turn over the domain. To do so, the trademark owner must prove that three violations have taken place to proceed with the investigation. ICANN states the violations as follows:

  1. Domain names cannot be identical or confusingly similar to a trademark or service mark in which the complainant has rights.
  2. Domains cannot be registered to persons who have no rights or legitimate interests in respect of the domain name.
  3. Domains cannot be registered and used in bad faith.

This process is called the Uniform Domain Name Dispute Resolution Policy, or UDRP. This policy creates an avenue for trademark owners to fight against cyber criminals and the hostage of their trademarked names. No money is awarded, but it will force the domain squatter to release the rights to the account or domain without a ransom.
It is important that domain owners understand the risks of cyber squatting and the actions required to resolve situations involving hackers or ransomers. By being proactive in brand protection, many website owners can curb or quickly resolve these unfortunate occurrences. You can learn more about the UDRP process by visiting the ICANN website or by reading this post from the Midphase blog.

Register your very own domain names over on the Midphase website!