Domain squatting, also known as cybersquatting, can be understood as an intentional act of registering a domain in the name of an already existing organization that has a registered trademark but does not have a website in its name. The primary objective of doing so is to park the domain name of a reputable business with no website. When the business entity wants to use the domain name for its website in the future, the cybersquatters make a profit by selling the domain name to the organization. Some phishers also use similar-looking domain names to send phishing emails for fraudulently obtaining sensitive information about the user or organization. Therefore, it is helpful to learn how domain squatting and phishing works, their different types, and protective measures.
How Does Cybersquatters Make Domain Squatting And Phishing Work?
Cybersquatters usually contact various businesses and trick them by advising them how to protect themselves against domain squatting. All their advice boils down to the point that it is the organization’s fault to miss registering the domain name and the best option is to agree to the terms of the squatters and buy the domain name at the so-called “reasonable price” offered by them.
- Squatters usually sell the domain name at a price that is several times higher than what they paid. One of the tactics they use to convince them that the price offered by them is reasonable is by tricking the organization into accepting their exclusive “just for you” discounted deal.
- Cybersquatters try to predict the names of business organizations that are poised to merge. They register the expected domain name of the merger in advance.
- Squatters even try to access the search statistics of popular search engines. If they notice any unexpected increase in the frequency of certain words, they understand that it is a sign that those words can become prevalent domain names sooner or later.
- Some squatters even practice phishing. They register sites whose names resemble those of reputable domains with change only in one or two characters. They use those names for sending phishing emails to obtain the personal and sensitive data of users and organizations fraudulently.
Various Types Of Domain Squatting And Phishing
There are several kinds of domain squatting methods threat actors employ to rob organizations of the domain name they require. Some of the most prominent of these methods are:
- Brand Squatting: In this type, the domain names of promising and emerging organizations are captured in advance and then sold at higher prices to the targeted entities.
- Typo Squatting: Here, the misspelled variants of reputed domain names are registered to deceive users by making them believe they are visiting a legitimate website and profit from users’ typing errors.
- Combo Squatting: In this variant, the squatters combine words like ‘payment,’ ‘security,’ or ‘verification’ with famous trademarks. For example, netflix_payment.com. Such squatting is mainly used for phishing purposes.
- Homograph Squatting: In this type of domain squatting, the cybersquatters replace some of the characters of a legitimate domain name with similar-looking characters or symbols of another language. It tricks the target into believing a disguised website is an authentic one.
- Nominal Cybersquatting: It is the registering of domains by using the names of influential people, celebrities, politicians, reputed business personalities, show stars, etc. Cybersquatters use such domain names in many ways, such as blackmailing celebrities by connecting the name to objectionable websites. The squatters even use the domain name to get compensated by offering a peace treaty. Some prominent celebrities affected by cybersquatting are Tom Cruise, Jennifer Lopez, Paris Hilton, Madonna, etc.
- Sound Squatting: The squatter takes advantage of words that sound similar. They register domain names with homophone variants, like worldfreeforyou.com registered with a similar sounding domain name worldfree4u.com. Victims become vulnerable to such domains when they use voice command software like Siri and Google Assistant.
- Level Squatting: The squatters use the targeted domain name as the subdomain to trick the users. For example, drive.google.com is replaced with drive.google.com.sdjaksjd.hskdjka.cc. Mobile users mainly become victims of such squatting practice because the address bar on mobile browsers is usually not wide enough to display the entire domain name.
Safeguard Against Domain Squatting And Phishing
Organizations and individuals can employ the following measures to ensure they don’t fall for domain squatting.
- Before disclosing an upcoming product or project, it will be wise first to register the domain name.
- Choose a domain name that is not common. Choosing a unique name can reduce the chance of it being taken by the cybersquatters.
- When you register the domain name, register any similar domain names simultaneously to prevent cybersquatters from using them in the future.
- Always remember to renew the domain name from time to time; otherwise, someone else can take possession of it.
- Do not make any negotiations with squatters or agree to any of their terms or prices. Avoid playing by their rules. Instead, if the squatter takes the desired domain name, try to use a different name rather than overpaying for the domain name registered by the squatter.
- One of the most effective measures will be to impart proper training to the organization‘s specialists concerned with regulations related to intellectual property rights. Many cases can be seen in which the copyright holders buy the domain names at a higher price from the squatters. They even agree to their terms due to a lack of sufficient knowledge concerning their rights.
- To handle cybersquatting cases, one can refer to the Anti-Cybersquatting Consumer Protection Act (applicable in the USA) and Uniform Domain Name Dispute Resolution Policy (for international disputes).
Incidences of cybersquatting are increasing by the day as users find domain names indispensable for identifying brands. As a result, cybersquatters take advantage of it and use domain squatting to earn undue profits from business organizations and indulge in malicious activities like phishing, spreading malware, and initiating various other scams. Nevertheless, by keeping in mind the above-discussed information and employing anti-phishing solutions, one can successfully combat domain squatting and phishing, keeping their information assets secure.