31 Jul 2017 in Newsletter
Cybersquatting Can Be Painful for Businesses of All Sizes
Cybersquatting is one of the biggest problems plaguing legitimate, customer-facing businesses in the U.S. today. While many forms of cybersquatting exist, the end goal is always the same– stealing money or valuable personal information from unwitting consumers. Many times, cybersquatters take advantage of a hastily-typed, misspelled domain name and will use the legitimate company’s trademarks and color schemes to purposefully create consumer confusion.
Cybersquatting can be extremely damaging for legitimate businesses. For example, consumers often fail to appreciate they are victims of cybersquatting, and will sometimes embark on negative publicity campaigns (using social media, print media, email campaigns, etc.) against the legitimate business. Other times, cybersquatting victims will not publicly complain, but will refuse to do future business with the legitimate company. The tactics employed by cybersquatters evolve constantly. Many times, when one site is successfully taken down, three more pop up in its place.
Further complicating matters, it is often difficult to find the responsible individual as cybersquatters are excellent at hiding their true identities using such tactics as domain registrant hiding services, also called “domain proxy” services. With that said, several strategies are available for resolving cybersquatting based on existing intellectual property rights if properly leveraged by clever legal counsel. The following article outlines several of the most common strategies used by cybersquatters.
- Phishing via email
Phishing via email involves the scammer using an email address to impersonate a legitimate business. In one example, the scammer sends an offer letter to prospective customers asking the customers for information linked to their financial accounts. Sometimes these emails are sent under the pretext of resetting account credentials. Other times, services such as payday loans are offered in the communication. Once the customer provides the financial information, the scammer either accesses the victim’s financial accounts or opens new accounts using the stolen information.
Typosquatting describes a situation where a registrant registers a domain name that is very similar to, and generally a misspelling of, a business’ legitimate domain name. The consumer may not even realize that they have landed on a non-legitimate website based on the similarity of the two websites. Many times, the typosquatter will offer services similar to those offered on the legitimate business’ site, using the legitimate business’ trademarks, trade dress, and sometimes even verbatim language. Once the bad actor obtains the consumer’s information, they can use it for a variety of illegitimate purposes, such as applying for credit cards or accessing a consumer’s financial accounts. Occasionally, typosquatters will take advantage of the misspelled domain by redirecting the request to another website controlled by the typosquatter.
- Use of software to create cybersquatting webpages on non-infringing domains
Another way cybersquatters take advantage of consumers is by using software to create links to webpages that act differently depending on what link is used to access the page. This method allows a cybersquatter to register and use a non-infringing domain name while also using sub-pages that offer counterfeit services under the name and trademarks of a legitimate business. As an example, a cybersquatter may create links to several different pages offering payday loan services under the names of three major U.S. lenders. However, the root domain is the registrant’s legitimate business. This situation is troubling for businesses because, if the registrant has legitimate rights in the domain name, solutions such as the Uniform Domain Name Dispute Resolution Policy (UDRP) might not be available. For more information on UDRP proceedings, look to ICANN’s website: https://www.icann.org/resources/pages/policy-2012-02-25-en.
- Confusingly similar domain names offering counterfeit services or that redirect to a competitor site
These situations can be problematic for legitimate businesses because the legitimate business is often times not aware of the site until a complaint is received from a victimized consumer. Often, the registrant will register a domain using the name of a legitimate business plus a term that is descriptive of the goods or services. These sites might be returned in search results depending upon the search terms entered by a consumer. Once a consumer lands on the site, cybersquatters then generate revenue by one of the following means: click-through advertising, offering counterfeit services, or redirecting the consumer to another site controlled by the scammer. Another form of this type of cybersquatting occurs when a registrant uses the name or trademark of a legitimate business, but uses a new gTLD extension as the descriptive term, for example, .review, .loan, .shoe, etc.
It is an unfortunate fact that cybersquatting is hard to prevent and time consuming to police. As exemplified by this article, there are many different tactics used, and the strategies are constantly evolving in an attempt to evade identification. Often, cybersquatters operate many sites simultaneously, and are not heavily invested in any given one. The result is that businesses must expend resources fighting to have a site successfully taken down only to have the cybersquatter move on to the next. Compounding this problem, there are hundreds of thousands of variations for possible misspellings of domains for typosquatters, and over 1,000 gTLDs, meaning that defensive domain name registration is not always helpful. That said, preventative registration of common misspellings of a company’s domain name is always advisable. The nature of the constantly-changing tactics employed by cybersquatters means that businesses should continually search for new ways to streamline the process of identifying and removing cybersquatting sites.
Our domain name protection and trademark specialists at Osha Liang have cost-effectively resolved many cases for our clients under attack by the sort of cybersquatting activities outlined in the preceding article. If you need help resolving a cybersquatting matter, please do not hesitate to contact our offices.
 While some of the examples outlined in this article are not technically considered cybersquatting, the various examples are referred to collectively as “cybersquatting” for brevity of the article.