Introduction

With today’s technology, corporate impersonation and IP theft has become easier than ever. It is relatively easy to misdirect people to fake websites that look and feel like legitimate company ones or to create fake social media accounts in a brand’s name. These are both forms of cybersquatting.

But what exactly is this new form of IP theft?

What is Cybersquatting?

Cybersquatting is the unauthorised use, registration and/or trafficking of a domain name with the intent of profiting from a trademark, company name, or personal name that belongs to someone else. Digital IP is quite vulnerable to this kind of abuse as it is easy for cybercriminals to falsify accounts and domains for gain. This is why it is so important to make sure that domains are managed and maintained correctly, and that you have oversight over all the pages that are tied to a domain. You don't want anyone to be able to use your domain or sub-domains for malicious activities and fraud when you’re not paying attention.

There are three main kinds of cybersquatting and in this article we go through each one and provide advice on how you can protect yourself from them.

Typosquatting

By far the most common type of cybersquatting is typosquatting.

As the name suggests, typosquatting refers to the intentional misspelling of existing domains with the intention of creating false pages or websites that users will end up in if they misspell the real domain name.

These would be examples of typosquatting:

  • whatsalpp.com instead of http://whatsapp.com

  • http://xofnews.com instead of http://foxnews.com

  • http://yajoo.com instead of http://yahoo.com

  • http://micr0soft.com instead of http://microsoft.com

Typosquatting can be quite harmless if the fake name takes you to an undeveloped website with nothing on it, but this is not usually the case, and typosquatting is usually done in combination with another of the cybersquatting techniques - domain spoofing.

Domain Spoofing

Domain spoofing is when cybercriminals use a false website or email domain in order to get users to interact with it as if it was the legitimate one. Usually this is done in order to scam people into making payments or into revealing their account details or other personal information.

For example, let's pretend we are a cybercriminal who wants to scam people into purchasing fake subscriptions to a popular streaming service, say Netflix. We can purchase a domain like netflix-payments.com and mimic the payment portal of the official Netflix payments site. With AI, the process of creating these fake websites has become a lot easier. Then, with a good copycat payment portal in place, we set up the payment system to buy a subscription and wait for people to fall in the trap.

Aside from domain spoofing, this is also an example of impersonation of a corporate entity for financial gain. However, impersonation can take other forms as well. 

Impersonation

Impersonation is a form of online identity theft. Many cases of impersonation involve pretending to be a business or corporate entity in order to sell counterfeit goods, get user data, or make money, but it can also involve pretending to be an individual person.

The impersonation of individuals, especially famous ones, has become a lot more common with the rise of social media. This form of impersonation often does not require having a false or misleading domain. Creating a profile in the name of a celebrity and passing it off as the official profile can be considered cybersquatting as well.

With AI and improved deepfake technology, the impersonation of individuals is likely to grow and become even more insidious and hard to spot. It's already possible to create very realistic deepfake voices and video. It will soon be very hard to tell the difference between what is real and what is not. 

How to protect your organization from Cybersquatting

Cybersquatting is pretty sneaky, isn't it? You may be wondering what you can do to prevent this kind of abuse. After all, how can you keep track of all possible domains, websites, and profiles that could be associated with your name?

The reality is that you cannot keep track of all the possible variations and spellings of your domain. At the end of the day, you cannot control what other people decide to do online.

However, there are ways to make it a lot harder for cybercriminals to abuse your name and domain. Excedo's Digital Trademark Protection system focuses on prevention, monitoring, and enforcement so you can have total control and visibility over how your digital IP is being used. 

Prevention:

You can use domain blocking services to prevent domain registrations that use your trademarked names. Furthermore, you can register your trademark with the Trademark Clearinghouse (TMCH) to gain a variety of other protection features, such as warnings when anyone attempts to register a domain name using your trademark.

Excedo provides TMCH management and Domain Blocking services from brand protection and DNS abuse programs such as Domains Protected Mark List (DPML), AdultBlock, and more, to provide a cost-effective, one-stop-shop to defend against cybersquatting and DNS abuse. 

Monitoring:

Our domain monitoring technology allows you to monitor 300M+ domain names and new registrations for any keyword (including non-trademarked terms) to detect infringements as they happen. Domain Monitoring enables you to fill in the gaps for important terms and phrases that may be generic or even to use it for analysing domain registration activity by competitors. 

Enforcement:

Finally, to protect your brands online, you must be able to react when an infringement is detected. Excedo provides domain dispute services as well as phishing website take-down services to protect your brand online from fraudulent activities with malicious intents. 

Conclusion

Leaving domains to fend for themselves, without any supervision or monitoring of how they are being used across the internet is the main reason organizations fall prey to cybersquatting. Preventing this kind of abuse requires being proactive and investing in prevention, monitoring, and enforcement systems. Without these, you are making it easy for cybercriminals to use your name for fraud, thereby putting your customers and users at risk.

Do you know if your domain is being misused?

Contact us for a free consultation and we can help you identify any potential infringements.