A graphic of privacy and security icons: a profile, shield, padlock, password, and credit cards, connected by lines on a red background.
Privacy & Security June 23, 2023

Cybersquatting: What To Do When Someone’s Sitting on Your Domain

Cybersquatting happens when someone registers a domain that’s similar or identical to a well-known brand or personal name—with a bad faith intention of selling it back for a hefty sum.

Have you found out your company name or personal brand has a domain registered by someone who isn’t you? Are they asking you to buy it from them at a ridiculous price? You may be a victim of cybersquatting.

Cybersquatting, also called domain squatting, is when someone registers a domain in bad faith to profit from their trademark, business name, or personal brand. Cybersquatters target big-name celebrities and companies, but they also go after newly registered businesses and personal brands.

Keep reading to learn how to fight back and prevent this from happening to you.

How to Identify Cybersquatting

How can you tell if your domain is owned by a cybersquatter? First, check to see where the domain takes you. Most domain squatters will use the website under the domain name to:

  • Advertise the domain for sale
  • Advertise other products and services
  • Pretend to be you, your brand, or your company

If the domain takes you to a site selling you products, services, or the domain itself, you most likely are dealing with a cybersquatter. Cybersquatters are in it to make money. There are two categories of cybersquatters:

Opportunistic Cybersquatter: someone who registers a domain name with the aim of selling it either to the company or another individual for an inflated price.

Malicious Cybersquatter: someone who buys a domain name to trick visitors, stealing the brand or company’s traffic to scam, hack, or steal their information.

Within those two categories, there are four different types of cybersquatting or domain squatting. Learning to recognize the categories and types helps protect you from cybersquatting.

TLD Squatting

TLD squatting is using a different extension or top-level domain (TLD) from an already existing domain name, like “google.net” instead of “google.com.” Opportunistic domain squatters use this method to take advantage of your brand by registering your domain name under a less popular TLD. Malicious cybersquatters also use this type of cybersquatting to confuse your unaware visitors who happen to land on the squatter’s domain instead of yours. They may even spoof your site to get visitors’ to hand over personal information.

Level Squatting

Level squatting is when a cybersquatter registers a domain name using an already existing domain as a subdomain or part of the domain name. For example, registering a domain like “facebook.spuff.com.” This is most effective in hyperlinks and on mobile devices because visitors won’t be able to see the full domain. Level squatting is most often used by malicious cybersquatters to install malware on visitors’ devices.

Homophone Squatting

Homophone squatting is registering a domain spelled with words that sound similar to the original domain. For example, “domainregistree.com” or “domainregistrie.com” sound The aim of homophone squatting is to target users of text-to-speech services like Google Assistant, Bixby, and Amazon Alexa. Homophone squatting is used by both opportunistic and malicious cybersquatters.


Typosquatting is using misspellings or typos to register domain names close to already registered domain names. This technique is used more by opportunistic cybersquatters who see a popular website or domain and copy it to create a domain similar enough to yours. Typosquatting has happened to Google several times, with domain squatters registering domains like “gooigle.com” or “ghoogle.com.”

How to Prevent Cybersquatting

No matter the type of cybersquatting, it is all illegal. Cybersquatters are all after one thing: money or valuable information from visitors. Stop a cybersquatter before they strike by using these tactics:

  • Use ICANN-Accredited Domain Registrars: ICANN-accredited domain registrars fall under the Uniform Domain-Name Dispute Resolution Policy. Domain registrars are the companies or individuals that sell domain names to the public. Using an ICANN-accredited domain registrar allows you to use their domain squatting dispute system, which allows you to place a free complaint against a cybersquatter with ICANN’s dispute provider who can order the cybersquatter to transfer the domain to you.
  • Be the First to Register Your Domain: It’s common for cybersquatters to prowl business registration databases or popular blogs to find new targets. Registering your domain name before your business keeps opportunistic cybersquatters from taking advantage of your brand or business.
  • Register Multiple Domains for Your Brand and Business: When you register your domain name, register multiple domains using different extensions, typos, and close-sounding words. You can also register domains close to your brand or company industry to protect your business and brand now and in the future.
  • Register a Trademark: While you can’t trademark your full domain name, you can register the second-level domain (2LD) or the word(s) used before the extension to your domain name. For example, our 2LD is ‘domainregistry.’ You can trademark your brand, personal, or business name, protecting it from use by cybersquatters.
  • Get Domain Ownership Protection: Some domain registrars, offer domain ownership protection for some domain names. Domain ownership protection services will alert you to attacks from cybersquatters, trying to register domain names similar to yours.

How to Fight a Cybersquatter

If you believe you’re the victim of a cybersquatter, contact the domain registrant first. Both WHOIS and ICANN have domain name look-ups that will allow you to search for a domain name’s owner and get their contact info. Try seeing if there may be a mistake in the domain registration or if you can buy the domain name at a reasonable price. If the domain registrant is uncooperative, you can use ICANN or private litigation to get your domain only if cybersquatting can be proven.

Let’s go over both processes and other ways to get your domain name from a cybersquatter.

ICANN Domain Dispute Process

In 1999, ICANN adopted the Uniform Domain-Name Dispute Resolution Policy (UDRP) as a way for people to dispute domain name issues. Filing a claim through ICANN is a faster and often cheaper way of handling a domain squatter than litigation. Paul McCarthy, Madonna, and the World Wrestling Federation have all used the process and won.

For a successful UDRP claim, you’ll need to prove:

1. The domain’s bad faith intent.

2. The registrant has no legal right to the domain name or trademark used.

3. The domain is identical or close enough to your business name, personal brand, or trademark.

Through the Courts

The Federal Anticybersquatting Consumer Protection Act (ACPA) started in 1999 makes cybersquatting illegal under U.S. federal law. You will need to hire a domain lawyer or represent yourself during litigation. This is by far the longest and most expensive route of dealing with a cybersquatter.
To win an ACPA claim, you’ll need to prove:

1. The domain name completely matches or is similar enough to a trademark or copyright at the time of registration.

2. The domain registrant’s bad faith intentions in registering the domain name.

Buy it Back

Only pay to get a domain back if you can afford it and it makes sense to you. Filing a lawsuit or submitting a claim through ICANN can be time-consuming and a financial burden. Paying the cybersquatters fee can sometimes be a quick and easy way of getting your domain without wasting more time and money. You can use a mediator to help you negotiate a better price than what the squatter could be demanding.

Wait for the Domain to Expire

A longer process that doesn’t involve going through a third party or paying the cybersquatter involves waiting for the domain name to expire. This is considered possibly one of the cheaper ways of claiming your domain from a squatter. To see when a domain name will expire, perform a search for the domain name through ICANN or WHOIS. You’ll find an expiration date for the domain along with other info about the domain name owner. Many cybersquatters use auto-renewal services, however, meaning you could be waiting years for the squatter to lose interest.