Cybersquatting or domain squatting is the registration, sale, and/or use of a domain name with a trademark that does not belong to the person or entity making the registration or using the domain name.
This may involve using the trademark’s trade name or a slight variation of it that is so similar that the association is immediately apparent, and the likelihood of confusion becomes particularly high. Usually, cybersquatters focus on well-known brands and trademarks.
Cybersquatting is generally bad faith registration of another’s trademark in a domain name (ICANN)
In cybersquatting, the registration of that domain name is often but certainly not always done in bad faith and to benefit in some way from the trademark in the domain name. The practice of cybersquatting has been firmly on the rise in 2020 and 2021 as digitization, remote/hybrid work, and usage of online tools increased due to the pandemic. Web3 also seems to be an opportunity for cybersquatters again.
There are a variety of purposes pursued by the practice of cybersquatting. There are also various ways to abuse a trademark by doing it.
Some examples of reasons why people engage in cybersquatting:
- Register the domain name before the trademark holder does and then offer the domain name at a hefty premium to that trademark holder.
- To mislead Internet users and drive traffic to the website associated with the domain name, which can be done for various purposes.
- As part of a larger-scale operation to make the Internet user believe that the website belongs to the brand name holder. This is usually done with malicious intent, such as getting hold of personal data and identity theft.
- For relatively innocent reasons.
- For other reasons and combinations of elements of previously mentioned purposes, whereby cybersquatting can be seen as a cybersecurity challenge and cyber risk.
What can one do against cybersquatters?
If a cybersquatter registers or uses a domain containing your trademark, you have several options, depending on the domain type, country, etc.
ICANN (Internet Corporation for Assigned Names and Numbers), the organization that pretty much determines what happens to domain names after they are registered and what is or is not allowed, offers a Uniform Domain Name Dispute Resolution Policy (UDRP) procedure to address the problem.
ICANN defines cybersquatting as follows: “Cybersquatting is generally bad faith registration of another’s trademark in a domain name.” You may be able to file a UDRP complaint if someone has registered a domain name in a generic top-level domain (gTLD) that is under contract with ICANN and matches your trademark.
While cybersquatting disputes involving a gTLD or generic top-level domain go through the Uniform Domain Name Dispute Resolution Policy procedure, often similar procedures exist for non-generic, national top-level domains (TLDs). Unfortunately, they aren’t always as transparent in some countries.
If someone registered a domain name in a generic top-level domain (gTLD) operating under contract with ICANN similar to your trademark, you may be able to file a Uniform Domain Name Dispute Resolution Policy (UDRP) proceeding (ICANN)
Why cybersquatting remains a big problem in 2022
Cybersquatting has obviously been around for a long time, but it indeed hasn’t disappeared. On the contrary: just as we saw a massive increase in cyber attacks and security issues since the beginning of the coronavirus outbreak in 2020, cybersquatting also increased dramatically.
In 2021, 5128 UDRP cases were filed with WIPO’s Arbitration and Mediation Center. That is an increase of just 22 percent over the previous year, 2020, which in turn was already a record year. WIPO, the World Intellectual Property Organization, is an agency of the United Nations.
Trademark owners in 2021 filed a record 5,128 cases under the Uniform Domain Name Dispute Resolution Policy (UDRP) with WIPO’s Arbitration and Mediation Center, eclipsing the 2020 level by 22% (WIPO)
In a statement, the organization said that the accelerating growth of cybersquatting cases filed with the WIPO Center could be explained by trademark owners increasing their online presence and activities. And that, in turn, has to do with the fact that we were all spending a lot more time for more and more online activities during the pandemic when digital transformation and the adoption of digital/online services skyrocketed.
WIPO deals with generic Top-Level Domains and more than 80 country-code Top-Level Domains or ccTLDs regarding the provision of dispute resolution services.
In other words, we are dealing with a problem that invariably recurs at significant events and is also related to the increasing digitization and digital transformation.
When these two elements come together (specific events such as the pandemic, wars, etc. on the one hand and increasing digitization and online activities on the other hand), it is always an opportunity for all kinds of opportunists and rogue individuals to make their move and take advantage of the situation, obviously also on the Internet.
The accelerating growth in cybersquatting cases filed with the WIPO Center can be largely attributed to trademark owners reinforcing their online presence to offer authentic content and trusted sales outlets, with a greater number of people spending more time online, especially during the COVID-19 pandemic. Representing 70% of WIPO’s generic Top-Level Domain (gTLD) cases, .COM demonstrated its continuing primacy (WIPO)
Cybersquatting – here to stay as our digital environment evolves
The first attempts to tackle cybersquatting go back to 1999 with the mentioned UDRP (ICANN) and the U.S. Anti-Cybersquatting Consumer Protection Act.
Cybersquatting dramatically increased when ICANN expanded the number of generic top-level domains in 2011 with a range of gTLDs on top of the best-known ones such as .com, .net, and .org, to mention a few.
With the rise of Web3 and domain extensions such as .nft and .eth, cybersquatters have a new opportunity (using the so-called Ethereum Name Service or ENS instead of the traditional Domain Name Service or DNS).
