Partner
Cybersquatting is one of those digital threats that businesses and individuals often do not think about until they find themselves victims. You click on a link of a familiar brand name, and you’re suddenly led to the wrong website. Customers get confused, trust may be lost, and for a business, you may face outright money demands to take back your website. Understanding what cybersquatting is and the steps to take if you are targeted can help you protect your business before further damage is done to your brand.
Cybersquatting happens when someone registers a domain name in bad faith. In most cases, the domain name closely resembles an existing business or trademark. While sometimes this can happen because businesses share names, cybersquatting is rarely innocent. Most cybersquatters do this with the intention to sell the domain back to the rightful brand owner, divert traffic for profit, or exploit consumer trust.
For example, a cybersquatter may claim a domain like netflx.com or nikeofficialstore.com. They are usually designed to look legitimate at first glance. In the United States, cybersquatting is illegal under the Anticybersquatting Consumer Protection Act (ACPA).
This is one of the most common forms of cybersquatting. Here, a cybersquatter registers a misspelled version of a popular domain name, betting that users will mistype a specific URL.
Warehousing happens when a domain registrar reclaims an expired domain and resells it at a premium. While this practice is controversial, you may be surprised to learn that it is actually generally legal. It becomes problematic when it feels exploitative, especially for brand-related domains.
Domain name speculation is a practice where individuals buy domains they believe will become valuable in the future. While it is not legal by itself, it can land one in legal trouble if the domain is too closely related to a trademarked brand.
In some instances, individuals register domains purely to criticize or mock a brand, such as brandnamesucks.com. Such websites and domain owners often get shut down fast because of illegal trademark infringement.
If you are a target of cybersquatting, consider taking the following steps:
Cybersquatting is addressed primarily by the Anticybersquatting Consumer Protection Act (ACPA), codified at 15 U.S.C. § 1125(d), which was enacted in 1999. The ACPA creates a federal cause of action against any person who, with a bad faith intent to profit, registers, traffics in, or uses a domain name that is identical or confusingly similar to a distinctive mark, or identical or confusingly similar to or dilutive of a famous mark. The statute identifies nine non-exclusive factors for evaluating bad faith, including: whether the registrant has trademark or other intellectual property rights in the domain name; whether the domain name consists of the registrant’s legal name; prior use of the domain name for legitimate commercial activity; and whether the registrant offered to sell the domain to the mark owner or a competitor for excessive value with no bona fide intention to use it.
Remedies under the ACPA include injunctive relief, forfeiture or cancellation of the domain name, transfer of the domain to the mark owner, and statutory damages ranging from $1,000 to $100,000 per domain name as the court considers just, under 15 U.S.C. § 1117(d). An important provision at 15 U.S.C. § 1125(d)(2) also allows in rem jurisdiction—the mark owner can file suit against the domain name itself in the judicial district where the domain registrar is located if the infringer cannot be found or is outside the court’s personal jurisdiction. This provision is particularly useful when cybersquatters register domains through foreign registrars under false contact information.
For many brand owners, the ICANN Uniform Domain-Name Dispute-Resolution Policy (UDRP) offers a faster and cheaper path to domain recovery than federal court. To succeed in a UDRP proceeding, the complainant must prove three elements: (1) the disputed domain is identical or confusingly similar to a trademark or service mark in which the complainant has rights; (2) the respondent has no rights or legitimate interests in the domain; and (3) the domain was registered and is being used in bad faith. Unlike the ACPA, the UDRP does not require proof of a bad faith intent to profit—it focuses on bad faith registration and use together.
UDRP proceedings are administered by accredited dispute resolution providers including WIPO (World Intellectual Property Organization), the National Arbitration Forum, and the Forum. Most cases are decided within 57 days of filing. Remedies are limited to cancellation or transfer of the domain name—UDRP panels cannot award money damages. If you want damages or if the cybersquatter contests the transfer aggressively, federal court under the ACPA is the appropriate venue. Notably, UDRP decisions can be appealed to federal court; a respondent who loses at UDRP has 10 business days to file a federal lawsuit to halt the transfer.
Cybersquatting takes several forms beyond the simple registration of a brand’s exact name. Typosquatting involves registering common misspellings of a famous domain—”gogle.com” or “amazn.com”—to capture users who make typing errors. These domains are then used for phishing, ad revenue farming, or redirect schemes. The ACPA expressly covers typosquatting; the “confusingly similar” standard applies to misspelled variants. Courts have found typosquatting particularly egregious because it preys on ordinary consumers rather than sophisticated commercial actors.
Reverse domain name hijacking is the opposite problem: a trademark owner attempts to deprive a legitimate domain registrant of their domain by filing a baseless UDRP complaint. ICANN’s UDRP rules allow panels to make a finding of reverse hijacking when a complaint is filed in bad faith. While this finding carries no financial penalty, it is a public record that can damage the filing party’s credibility in future proceedings. Other cybersquatting variants include domain name warehousing (registrars quietly holding domains for their own benefit), gripe sites (domains like “brandnamesucks.com”), and opportunistic registration following company name changes or product launches.
Building a strong cybersquatting case requires thorough documentation. Begin by capturing screenshots of the infringing domain’s current content with timestamps, including any advertising, redirect pages, or pay-per-click links. Run a WHOIS lookup to identify the registrant, registrar, and registration date; compare the registration date to the date you first used your mark in commerce, because rights priority matters in both ACPA claims and UDRP proceedings. Pull the domain’s historical content using the Wayback Machine at archive.org to show how the site was used over time.
If the registrant offered to sell the domain to you or a competitor for a price exceeding documented out-of-pocket registration costs, preserve all communications. Unsolicited sale offers are among the strongest evidence of bad faith intent to profit under the ACPA’s nine-factor test. If the domain is being used to redirect traffic to a competitor, capture evidence of the redirect and the competing site. If phishing or consumer fraud is involved, the FBI’s Internet Crime Complaint Center (IC3) and the FTC may have jurisdiction in addition to civil remedies.
Defensive registration is the most cost-effective protection against cybersquatting. Register your primary domain in multiple top-level domains—.com, .net, .org, and relevant country-code TLDs—as well as common misspellings and hyphenated variants. The cost of registering a dozen defensive domains is trivial compared to the cost of a UDRP proceeding or federal litigation. Set domains to auto-renew and use a corporate email for renewal notices rather than a personal address that may change.
Federal trademark registration strengthens your cybersquatting claims significantly. UDRP panels and federal courts look favorably on registered marks because registration establishes a definite priority date and a legal presumption of exclusive rights. Without trademark registration, you must prove priority through evidence of use, which is more expensive and uncertain. Monitor newly registered domains through services that alert you to registrations incorporating your brand name—catching cybersquatting early, before the registrant builds a following or generates revenue, makes the case simpler and the dispute resolution less costly.
If someone has registered a domain name that incorporates your brand—or if you have received a cease and desist about a domain you own—contact the internet law attorneys at Revision Legal through the form on this page or call (855) 473-8474. Our internet law practice handles ACPA litigation, UDRP proceedings, and domain dispute strategy nationwide.
Artificial intelligence has become part of nearly every business operation. Businesses now use AI tools to write marketing copy, generate product images, compose emails, draft social media posts, and produce video and audio content at a scale that was not possible a few years ago. The efficiency gains are real. But so are the legal […]
Read more about The Risks of Using AI-Generated Content in Your Business
Receiving a cease and desist letter can feel alarming. One minute you are running your business as usual, and the next you are staring at a legal demand accusing you of trademark infringement, copyright violation, breach of contract, or some other wrong. The situation can escalate quickly if not handled properly. But receiving a cease […]
Read more about How to Respond to a Cease and Desist Letter
Learn what counts as deceptive pricing in e-commerce, including false discounts, hidden fees, drip pricing, and fake urgency. Revision Legal’s internet law attorneys help online retailers stay compliant with FTC rules.
Read more about What Counts as Deceptive Pricing in E-Commerce?