NordStellar
Cybersecurity
What is cybersquatting, and how does it affect your brand?

Summary: Learn what cybersquatting is, how it threatens your brand, the legal options available, and how to detect and prevent domain abuse.
Businesses need a secure identity to protect their brand image and promote their products. Losing control of brands leads to lost revenue and raises reputational risks. That's especially true online, where cybersquatting is a constant concern for image-conscious companies.
Cybersquatters register domain names tied to existing brands and misuse them – sometimes for data theft or ransomware delivery. However, most cybersquatting examples are avoidable with the proper prevention measures.
This article will provide a cybersquatting definition and explore the techniques that squatters use. We will learn detection and prevention methods, and some tips for organizations affected by ongoing cybersquatting incidents.
What is cybersquatting, and why does it matter?
Cybersquatting is the practice of registering domain names tied to established brands to profit from their reputation.
Some domain holders may offer to sell the registration to the affected company without malicious intent. However, cybersquatting can be extremely harmful.
Criminals selling similar products via the squatted site deny revenues to the legitimate company. Cybersquatting may also have serious implications for the brand's online reputation. For example, imposters may create phishing sites to steal customer data or offer inferior services.
Cybersquatters often target companies in the e-commerce, IT, or finance – sectors that rely heavily on their online presence. However, all companies with strong brand reputations and broad reach could become victims of cybersquatting.
Is cybersquatting illegal?
Using a domain name similar to an existing one is not inherently illegal. If two companies have similar names, their domain names will likely follow suit. In those situations, courts rarely demand that site owners take down one of the websites involved.
However, the legal situation is different when domain holders register websites in bad faith. In these cases, courts deem domain owners guilty of registering domain names to deceive or defraud. There is no legitimate basis for the website's name to resemble an existing domain.
Companies in the United States can draw on anti-cybersquatting legislation and regulations to combat domain squatting. Relevant legislation includes:
Anticybersquatting Consumer Protection Act (ACPA)
Passed in 1999, ACPA defends a trademark owner in the digital realm. The law makes it illegal to register or sell domains that include another individual's personal name or a trademark they own.
If the courts find squatters guilty of registering domain names with the intent to profit, they may order the transfer of the domain name to the legitimate owner. Complainants also qualify for statutory damages ranging from $1,000 to $100,000 per squatted domain.
The Lanham Act (1946)
The Lanham Act is the basis for modern American trademark law. Under a 2006 amendment, trademark owners can obtain rulings if domain squatting "dilutes" their brand identity. This provides plenty of scope for a domain takedown.
ICANN and the UDRP
Companies can also seek redress via the Uniform Domain Name Dispute Resolution Policy (UDRP). Created by the Internet Corporation for Assigned Names and Numbers (ICANN), UDRP is a global framework that provides an internationally accepted definition of "bad faith" domain registration.
UDRP cases lock domains until ICANN delivers a ruling. Complainants may take over the offending domain if the domain name is:
- "Confusingly similar" to an existing domain.
- Run by an individual with no legitimate connection to the brand's purpose.
- Being used in bad faith to damage the existing brand or harm site visitors.
UDRP rulings are powerful tools. However, they only relate to top-level domains (such as .com or .net). Companies should take legal action via the United States courts if cybersquatting cases involve lower-level domains.
Common types of cybersquatting and what they look like
Cybersquatting takes different forms. Some types are fairly harmless – or even accidental. Other styles involve malicious actors seeking to undermine a company's digital identity. The list below summarizes the most common varieties to help you identify online imitators:

Typosquatting
One of the most common types of cybersquatting, typosquatting involves using slightly misspelled versions of domain names and brands.
Cybersquatters register domain name variants that closely resemble legitimate ones, aiming to change as little as possible. For instance, they might add a hyphen after the brand name (www.vendor-.com) or remove a character (www.vendr.com).
The aim is to attract traffic from visitors who make typing errors or snare casual web users who fail to verify URLs properly.
Identity theft and name jacking
In identity theft-related cybersquatting, criminals impersonate companies by registering similar-looking domains – like netflix-support.com – or by purchasing expired domains to pose as the original entity. These tactics deceive users into thinking they’re visiting legitimate websites, often to steal sensitive information or damage brand trust.
Name jacking, on the other hand, involves registering domains using the names of well-known individuals, often before the actual person has the chance to claim them. Targets are typically celebrities, public figures, or recognizable characters. The goal is usually to sell the domain back for profit or to exploit it for visibility or influence.
For example, in 2001, a cybersquatter registered the domain name nicholekidman.com – an example of name jacking. The actress successfully took legal action and had the website removed.
In both cases, attackers aim to exploit trust by mimicking known names. Identity thieves may also monitor domain name registrations and buy expired ones, restoring their functionality to impersonate the former owner.
When this happens, the original site owner must use legal channels to recover their registration – which is why it’s important to keep domain registrations up to date.
Trademark infringement
This type of cybersquatting hijacks the intellectual property of individuals or brands. Companies use trademarks to establish intellectual property rights over product designs, recipes, cultural works, or their company name.
The trademark owner has the sole right to profit from trademarked products. This includes using protected brand names in domains. For instance, eCommerce companies cannot add "Disney" to their domain names or call themselves "Spiderman-Construction.com".
As noted earlier, the trademark owner can challenge a fraudulent website under ACPA and ICANN regulations. If the domain registrant is identified and found liable, courts may also award financial compensation.
Name squatting or the generic word squatting
Generic word squatting uses familiar terms that appeal to everyday web users. These terms may be connected to trusted brands (for example, "apple" or "windows") but they could equally be popular search terms like "food" or "hotel."
Generic domain squatting is usually a long-term strategy. Squatters hold large quantities of internet domain name registrations. In the future, these registrations may relate to major brands, popular characters, or celebrities. When that happens, the domain values rise and owners can sell them at high prices.
Reverse domain squatting
Reverse domain name cybersquatting exploits regulations intended to protect brands against online imitators.
In reverse cybersquatting, attackers select a relatively low-profile company. Ideally, targets have a relatively basic online presence. Squatters register a website in the name of their target. For example, criminals may notice that Advance Security rarely updates advancesecurity.com.
Attackers then register a similar site under the business name Advance Security, create a professional-looking website, and claim that the original site imitates their domain.
In some cases, attackers exploit ACPA to challenge and take over the original website. They then exploit that position by demanding ransom payments or launching secondary fraud attacks.
Combo-squatting
Combo-squatting attacks manipulate a company's main domain by adding extra elements. For instance, phishers often lure victims to fake Amazon domains with names like Amazon-sales.com or Amazon-security.com.
Combo-links build trust and mislead consumers. Many visitors assume that squatted domains are connected to the main brand, allowing attackers to harvest user credentials and deliver malware. As a result, company reputations depend on monitoring squatted domains and removing fake websites as quickly as possible.
Homograph attacks
Homograph web squatting attacks use symbols or characters from unfamiliar languages to create domains that closely mimic a company name.
For example, squatters could use the "a" symbol from the Cyrillic alphabet instead of the "a" of the Latin alphabet. The characters look similar. However, they can be used in separate domain names without customers being able to tell the difference.
This highlights the need to register or monitor many versions of an existing website. Companies must take a global view when monitoring domain registrations to identify lookalikes across multiple languages. They need an international perspective to catch all domains that resemble their official site.
How cybersquatters make money off your brand
Some cybersquatters are just a nuisance, but many seek to profit from their activities. Squatters can monetize websites in several ways. All of them potentially pose a reputational risk to the company involved. Monetization techniques include:
- Earning pay-per-click revenues – Criminals embed ads on the squatted website and earn revenues when visitors click on them.
- Reselling domains to the original brand owner – Companies must repurchase squatted sites to protect their digital reputation. In many cases, attackers extract large sums to transfer control.
- Affiliate hijacking – Squatted sites redirect visitors to the original brand's website via affiliate links. However, criminals embed their own affiliate ID, earning a commission when customers purchase items through the affiliate program.
- Direct ransom demands – Squatters refuse to surrender control of a company's website until the business pays a ransom, generally via cryptocurrency.
- Phishing and malware injection attacks – Cybersquatters send persuasive emails to targets, convincing them to visit squatted sites. The phishing domain tricks victims into entering personal data or downloading malware-infected files. This malware can then launch data theft attacks against the victim or their organization.
How to identify if your brand is a target
Cybersquatting harms brand reputations, puts customers at risk, and can lead to compliance issues. Businesses need ways to identify and prevent web squatting before imitators can inflict damage.
The first step in neutralizing cybersquatting is identifying whether your company is under threat. It's important to take a proactive approach to cybersquatting detection. Assume that your brand is at risk and actively search for squatted domains.
Look for the typical red flags of cybersquatting:
- Sudden changes in revenues from legitimate affiliate links
- Redirected traffic failing to reach legitimate product pages
- Unexplained SEO score changes for company websites
- Spikes in complaints about fake websites or other online services
However, don't rely on intuition. Domain monitoring tools are essential allies, enabling a systematic solution to the cybersquatting issue.
For example, NordStellar's threat management platform searches the web for domains that resemble your assets. Automated scanning solutions detect squatted top-level domains. AI-powered diagnostics assess the risk posed by each domain, helping you determine the best course of action.
Comprehensive automated scanning detects cybersquatting early, allowing you to take legal action and resolve disputes before squatters harm your brand.
Best practices to protect your brand from cybersquatters
Detection is half the challenge. Knowing how to prevent cybersquatting also requires strategic measures to make life harder for squatters and safeguard your online identity. Best practices for brand protection include:

Register multiple top-level domains (TLDs)
Registering several TLDs for critical websites blocks off potential domain names, leaving lower-quality alternatives for imposters. Purchase variations of your business name, using all available TLD formats. Consider using prefixes like "the" or suffixes like "sales" to cover even more ground.
Implement defensive domain registration
Go beyond TLDs by registering related domain names or domains related to the brands you sell. Include common typing mistakes to block typosquatters, and integrate all registered sites into an update cycle. This avoids situations where registrations elapse, opening the door to cybersquatting.
Trademark your domain name
Trademarking your domain name is an essential web protection measure because it allows you to protect your assets in the legal system. Cybersquatting laws like ACPA only protect registered trademarks.
Failure to register your website increases the risk of reverse cybersquatting. You may be unable to convince courts or regulators that you were the original owner. So take a proactive measure to secure your intellectual property.
Monitor brand mentions and domain registrations
Automated scanning solutions prevent cybersquatting by detecting mentions of your brand on dark web forums – a strong signal that cybersquatting or other attacks are imminent.
Use a threat exposure management platform to detect new look-alike domain registrations related to your brand. Use scanning tools in tandem to understand threats and stay one step ahead.
Set up alerts and auto-renewals
Automation is a valuable tool against web squatting. In particular, automated alerts help you flag suspicious site registrations. Schedule regular analysis sessions to assess risks and decide whether to take proactive measures.
Automation also helps you manage website renewals. Don't rely on human skill. Let software tools handle basic chores and reserve brain power for strategic tasks.
Use brand protection and cybersquatting detection solutions
If brand protection is a fundamental business priority, enlisting external expertise is strongly advised. Platforms focused on brand protection, such as NordStellar, take a comprehensive approach to detecting and neutralizing cybersquatting threats – making it easier to safeguard digital brands.
What to do if you've already been targeted
Prevention and detection are essential. However, what if it's too late? What if you already know or suspect that you are a cybersquatting victim? In that case, don't panic. Take a calm approach to engaging squatters and resolving the situation.
- Start by recording your interactions with the domain squatters. Screenshot the offending websites and record metadata about the sites. This evidence will help you make a case to transfer the domain.
- Run WHOIS lookups to identify the website registrar and report cybersquatting activity. At this stage, a cease and desist letter or email may be sufficient to shut down the spoofed domain.
- If that doesn't work and you are satisfied that the domain was registered in bad faith, file a UDRP complaint with ICANN.
- Alternatively (or concurrently), start planning a legal action under ACPA. Your legal team should help you prepare the documents and gather evidence.
Whether you are dealing with cybersquatters right now or planning for the future, implementing prevention measures is vital. Contact NordStellar to learn how to monitor the web for brand mentions and squatted domains in the future.