Have you ever looked up a domain name for your organization to find out that it has already been bought? Does the domain name lead to an already functioning website operating under your business name or a page that reads “this domain name is for sale” or something similar? If you answered yes to either of these questions, then it is very probable that you might be a victim of cybersquatting.
So, what then is cybersquatting? How can you prevent it from happening, and how can you deal with it? Is cybersquatting the same as typosquatting?
What Is Cybersquatting?
Cybersquatting is the unethical practice of registering domain names of existing trademarks, organizations, or businesses in bad faith to use for illegal operations or to make a profit by reselling to the owner at an increased price. It is also known as domain squatting.
Cybersquatting became popular when malicious actors foresaw the need for organizations to move into the digital space and own websites in the early days of the internet. They began to buy the domain names of the organizations and used them illegally under the business name. They also made a lot of money by reselling them.
How Does Cybersquatting Work?
Cybersquatting or domain squatting is prevalent nowadays, even with laws against them. In a cybersquatting attack, the attacker checks to see if a company has a registered domain name and if not, they buy it and use it illegally or keep it to sell at unreasonable prices. A domain name costs an average of 10 to 30 dollars per year. A cybersquatter could buy this domain and try to sell it for thousands of dollars instead.
Another method of cybersquatting occurs when the attacker finds out that a domain name already exists, but buys a similar one with a different top-level domain. A top-level domain is the last segment of a domain name. Some common top-level domains include .com, .org, .eu, .ng, etc.
For example, MUO’s domain name is “makeuseof.com”. An attacker could see that this domain is already registered and try to buy “makeuseof.org” to use for illegal purposes. They may even try to register “makeuseof.fr” or any top-level domain of a specific country and try to steal traffic from that country. When the organization finds out about this domain and contacts the owner, the person might decide to sell it. On other occasions, the malicious actor contacts the owner first.
A cybersquatter might use your domain name or one similar to yours to redirect unsuspecting users to another website. This might be the website of a competitor or even a phishing website used to gain sensitive credentials from victims.
How Do You Prevent a Cybersquatting Attack?
You can stop a cybersquatting attack from happening to you by taking these steps.
Trademark Your Website Domain
If you have a distinctive brand or business that you want to protect, you should trademark your website domain to prevent cybersquatting. That way, if a person registers a domain very similar to yours, you would be able to sue for infringement. If you do not do this, and a cybersquatter registers a variation of your domain name or something similar, you may not have the legal rights to take up that case.
Register Different Variations of Your Domain
Although this doesn’t seem a cost-effective method initially, buying out your domains with top-level domain variations can prevent a cybersquatting attack. When you buy them, you can redirect them to your main domain name. For instance, MUO’s domain name is “makeuseof.com”, but if you type in “makeuseof.org” into your browser, you are led to the original domain name (makeuseof.com).
You can buy a domain name from Google Domains or any other Google Domain alternatives for domain registration.
Monitor Your Website Traffic
Another way to prevent cybersquatting attacks or nip them in the bud is to always closely monitor your website’s traffic. If you notice a sudden drop in your traffic, especially from a specific region or country, it might be a sign that a cybersquatter has hosted a similar domain to yours and is using it illegally.
How Do You Resolve a Cybersquatting Attack?
The first step in preventing or solving a cybersquatting attack is to find out the affected domains. You can do this by just searching the domain name on the internet or using tools like Google’s Domain Register to check if that domain name is available. If the domain is already up and running and used in bad faith, use WhoIs LookUp to get contact info on the cybersquatter.
When you have confirmed that the domain is used for illegal purposes, you can file a case according to your country’s Anti-Cybersquatting Consumer Protection Act (ACPA).
Cybersquatting vs. Typosquatting
Cybersquatting and typosquatting attacks are both types of URL hijacking attacks. A URL hijacking attack occurs when you find yourself on another website, rather than the intended correct one.
A typosquatting attack occurs when a cybercriminal buys and registers a misspelled domain name of a popular website or organization. They do this so that when a person types in the URL of that website and makes a typo—as we’re all prone to make—they are led to a malicious website and might even get hacked or swindled. So if you were to type in “google.com”, a typosquatter would buy the domains “gooogle”, “goggle”, or even “foogle”, each followed by “.com”. Most times, typosquatting websites are used for phishing attacks.
Cybersquatting attacks entail using your already registered domains or similar ones in bad faith. Cybersquatting domains are not misspelled. So while a typosquatter might change the Google domain name to one with a typo, a cybersquatter might use something like “googlesearch.com”.
Be in Charge of Your Security
Apart from cybersquatting and typosquatting attacks, there are many other security attacks that might affect you and your organization. Hackers and malicious actors are always finding new vulnerabilities and opportunities to exploit unsuspecting people on the internet. It is your responsibility to keep yourself and your organization secure at all times.
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish