Protecting yourself against cybersquatting

Cybersquatting: what is it and how to protect yourself?

Cybersquatting is an increasingly widespread cybercrime that exploits the value of brands to make illegitimate profits by squatting on their domain. This cybercrime is becoming commonplace in the digital environment, so it is crucial for organisations to know exactly what cybersquatting is and how to protect themselves against it.

What is cybersquatting?

Cybersquatting is the act of registering, selling or using a domain name in bad faith, taking advantage of the reputation and commercial value of a famous brand or name with the intention of making illegitimate profits. Essentially, cybersquatting is a form of online piracy that causes harm to businesses and individuals. The term comes from squatting, which is the act of illegally occupying property, with the addition of cyber, to confine it to the digital environment. In this case, the squatted property would be the corporate domain. This is why cybersquatting is also called cybersquatting. Cybersquatters often register domain names or create subdomains that are identical or confusingly similar to popular brands in order to trick users into visiting their website. This leads users to fraudulent websites with various illegal intentions: selling fake goods, scams, data theft… In addition, cybersquatting is also often used by cybersquatters to profit from the sale of squatted domains to legitimate companies at exorbitant prices, in order for them to avoid damage to their brand. To combat cybersquatting, ICANN has developed the Uniform Domain Name Dispute Resolution Policy (UDRP). This procedure makes it easier for affected companies to recover domain names registered in bad faith. To find out more about cyber-attacks on businesses, go here→ How to protect yourself in the midst of a wave of cyber-attacks on businesses.

what is cybersquatting

Differences between cybersquatting and phishing

Although both are cybercrimes that involve the misuse of names and trademarks and sometimes go hand in hand in a cyberattack, the cybersquatting and phishing are not exactly the same thing.

Cybersquatting is the registration, trafficking or use of a domain name that is identical or similar to a well-known trademark. Its aim is to make financial gain through that identical or similar domain name.
It does not necessarily involve deceiving users or stealing personal information; sometimes it is simply used to force the organisation to ransom the domain. Phishing, in turn, involves sending fake emails or creating fake websites that mimic legitimate companies or brands in order to trick users into obtaining personal information, financial information or login credentials. It aims to gain access to accounts, steal identities and commit fraud. It involves the use of social engineering techniques to manipulate victims into believing they are interacting with a trustworthy entity. Often, however, the first step in a phishing attack is cybersquatting: a real domain is used to create a fake website or profiles as the basis of the deception.

Some examples of cybersquatting

Some prominent examples of cybersquatting are:

  • Registration of domain names identical or similar to famous brands with the intention of reselling them to their rightful owners at an excessive price.
  • Use of domain names to divert web traffic to sites with pornographic content, misleading advertising or illegal activities.
  • Blocking domain names to prevent legitimate companies from registering and using them, in order to sell them to the highest bidder.
  • Creation of fake websites that mimic the appearance of well-known brands to deceive users and obtain personal or financial information.

Detection of cybersquatting

Some of the most effective strategies for detecting cybersquatting are:

  • Domain monitoring. One of the most effective ways to detect cybersquatting is through regular monitoring of domain names. Such tools issue real-time alerts when a domain name that is similar to the organisation’s domain name is registered, allowing quick action to be taken to protect the brand.
  • Use of internet service provider (ISP) domain look-up tools. The tool shows the many variations that could be used to commit cybersquatting. These tools also indicate which domains have already been registered.
  • WHOIS search. The WHOIS database is a valuable resource for detecting cybersquatting. A WHOIS search provides information on who has registered a particular domain name. In this way, an organisation can check whether a domain name similar to its brand name has been registered by someone who has no legitimate relationship to it.
  • Phishing detection tools. Sometimes cybersquatters use cybersquatting in their phishing tactics to trick users into visiting their fraudulent websites. Phishing detection tools help to identify these websites and, collaterally, to detect cybersquatting.

The role of new technologies

Artificial Intelligence and machine learning are beginning to play a crucial role in the fight against cybersquatting. Their detection, analysis, learning and automation capabilities make them key tools for proactively, accurately and effectively combating cybersquatting. As cybercriminals develop more sophisticated tactics, their use will become increasingly critical. The use of AI and machine learning-based solutions allows:

  • Proactive detection of suspicious domains: real-time detection and analysis of new domain registrations and patterns indicating possible cybersquatting, such as names similar to well-known brands.
  • Constant monitoring of registered domains: continuous monitoring of detected suspicious domains similar to the brand, with alerts on changes in content or usage that may indicate fraudulent activities.
  • Identification of cybersquatting techniques and patterns: recognition of common methods used by cybercriminals, such as addition, substitution or omission of characters in domain names.
  • Reduction of false positives: accuracy in distinguishing between legitimate domain registrations and real cybersquatting cases, reducing false alerts.
  • Automated real-time response: activation of automatic response protocols to block the suspect domain, notify the authorities and the affected brand and proceed to takedown.

 

AI for cybersquatting

Most used methods of cybersquatting

Cybersquatting can occur in different ways.

Homographic

It involves replacing characters in a domain name with visually similar characters, often indistinguishable to the naked eye. This method is particularly effective because of the difficulty for the human eye to distinguish between certain characters, especially in URLs.

Addition

It involves adding additional characters to an existing domain name. It is particularly effective when targeting brands with short names, as an additional character can easily go unnoticed.

Omission

In this case, it refers to the removal of characters from an existing domain name. It is quite effective when targeting brands with long names, as one less character goes unnoticed.

Domain change

It involves slightly altering an existing domain name, often by changing the order of the characters, introducing a spelling mistake or using a domain extension different from the organisation’s official one. Its effectiveness is based on the very mistakes users make when typing a domain into the search engine.

Subdomain

A common cybersquatting tactic is the creation of subdomains outside one’s own brand. A subdomain is an extension of the main domain name. Cybersquatters register subdomains containing the name of popular brands to trick users and redirect traffic to fraudulent sites.

How to prevent cybersquatting

Preventing cybersquatting can be a challenge, but there are several strategies that help protect the brand and domain:

  • Early domain registration. Register domain names that are important to the brand early. This may include variations, common misspellings and other domain names that could be attractive to cybersquatters.
  • Trademark protection. Registering the trademark provides additional legal protection against cybersquatting. If the trademark is registered, it ensures the possibility of winning a domain name dispute.
  • Constant vigilance. Continuous monitoring of the domain with automated tools capable of alerting about the use or registration of domains and subdomains that are the same or similar to corporate domains is essential.
  • Use of a private registration service. When registering a domain name, it is advisable to use a private registration service, so that cyber criminals cannot access the information associated with the registration.
  • Legal action. Take immediate legal action to recover the domain name when cybersquatting is detected. The Uniform Domain Name Dispute Resolution Policy (UDRP) is the process for doing this.

You may be interested in our publication→ Brand protection: strategies to prevent fraudulent use.

Protect yourself from cybersquatting with Kartos by Enthec

Kartos XTI Watchbots, our Cyber Intelligence platform, uses in-house developed Artificial Intelligence to help organizations monitor their domain and detect any associated cybersquatting.
In addition, Kartos by Enthec provides organizations with real-time alerts about the existence of domains and subdomains associated with those of their brand and offers takedown services for the removal of those that are fraudulent.
Contact us to learn more about how the solutions of our Kartos XTI Watchbots Cyber Intelligence platform can help you detect and prevent cybersquatting, protect your brand, and avoid cyberattacks.