Domain Squatting: The Cybercriminal's Perfect 'Hide in Plain Sight' Attack


From impersonations to phishing attacks, there are numerous techniques used by cybercriminals to take advantage of your brand name for their own nefarious purposes. Here’s a breakdown of domain squatting, cybersquatting, and typosquatting, as well as the way to protect your brand from these growing threats.

Why do Cybercriminals Love Domain Squatting?

For cybercriminals, domain squatting is a low-effort, easy way for them to obtain customer or company information, through social engineering attacks. This type of attack allows cybercriminals to skip the intricacies of hacking, and full scale cyber attacks that require technical abilities, manpower, and money to execute.

Relying on the “auto-pilot” mode that most users find themselves in when online, these cybercriminals know that most website visitors are not going to double-check or verify a URL that seems normal.  They don't have to breach networks or bypass security measures; instead, they lure their targets to provide the required information themselves.
 It’s the perfect “hide in plain sight” kind of attack

What Is Cybersquatting?

The term cybersquatting refers to a practice carried out by cybercriminals, where they register a domain name that’s associated with a brand name or well-known company. Sometimes that URL will have a different TLD (top level domain), such as .org instead of .com Cybercriminals will register the domain names in the hope that the legitimate company will buy it from them, and they’ll be able to turn a profit. Others have more nefarious intentions, such as setting up fraudulent websites that are practically identical to the authentic brand in order to sell counterfeit products or steal customers’ payment information.

In 2022, 5,616 cybersquatting complaints were filed with the World Intellectual Property Organization (WIPO) — marking a 10% rise from 2021, and making it clear that domain brand protection should be a top priority for brands. The popularity of cybersquatting illustrates the importance of registering your brand’s domain name right away, as well as regularly renewing it.


Typosquatting: The Basics

Typosquatting differs from cybersquatting in that cybercriminals register a URL that’s a slight variation on an existing, legitimate domain, typically a common mistype. For example, think instead of Unsuspecting users won’t even notice they’ve made a mistake typing in the URL, as they’ll be greeted with a page that might look identical to the real thing.

This can also be done via an IDN homograph - a letter in a foreign language that looks visually similar to English, but directs users to an entirely different website. Take for example, the Russian letter ‘a’, which is virtually indistinguishable from the Latin letter ‘a,’. Cybercriminals can then direct users to an entirely different URL and site that will fool the majority of most viewers. For example versus а These kinds of attacks target non-ASCII URLs that are originally coded for English.

In line with this type of attack, cybercriminals may utilize typosquatting to create near identical URLs to use as links. For example, when was the last time you checked the link behind a ‘See More’ button? This method is highly effective when users may not necessarily have a clear view of what the full domain name is when they are going to a site.

These fraudulent URLs can be used as bait pages to gather payment details and login credentials, and even to install malware on your computer. They can also be used for email attacks, bait and switch, phishing attacks, and brand reputational attacks to name just a few.


The Consequences Of Domain Name Squatting  

When a domain is registered, whoever registers that URL maintains the rights to it. Those rights remain valid until the domain is sold or expires. This has potentially catastrophic consequences for brands, as it essentially grants free reign to cybercriminals who have purchased or registered the URL or a different URL that resembles the original one..

Cybercriminals can maliciously use the domain, leading users to phishing sites or even competitor sites. Should your customers end up tricked by these domains, they may end up receiving counterfeit products, or even have their credit card information and personal data stolen or sold by these cybercriminals.

Even though it isn’t your company’s fault, many customers will blame your brand anyway, and your brand reputation can be irreparably tarnished. Your brand may seem “guilty by association” because cybercriminals have fooled users into believing their fake version of your site is the real thing.

Domain squatting can cause a significant headache for brands, as it results in a flood of noise that can tarnish their hard earned reputation. When companies fail to protect their online presence or become victims to this type of attack, cybercriminals often swoop in and set up fake websites or social media accounts, enticing consumers to make purchases that they will never receive. 

This leads to an influx of victim complaints from various sources, such as social media, online forums, and customer service hotlines. The volume of complaints can be overwhelming, and it can take a considerable amount of time and manpower to sift through them and communicate effectively.

Many brand tend to be reactive rather than proactive in their approach  to domain name squatting, which is a huge mistake. Considering the major issues posed by this practice, it’s crucial that you take a proactive, robust approach towards safeguarding your brand name.



Best Practices For Tackling Typosquatting

To minimize the risk to your brand from typosquatting, you should take the following steps. 

1. Register your brand name as a trademark, which means that any authorized use of your brand name (or something that looks super similar and is indistinguishable to the average user) is illegal. This will be very helpful when it comes to removing fraudulent sites from the web.
2. Ensure you have an active SSL certification on your website, so that your users can enjoy the peace of mind that comes with a secure browsing experience.
3. You need to engage in constant monitoring of the web and domain registries and registrars to quickly identify fraudulent activity.
4. Detect and takedown instances immediately. This ensures that the imposters will not have a lot of time to fool customers and scam them, therefore protecting your reputation.
5. Make sure to educate your customers. Let them know how to identify your genuine stores, products, or affiliates.
6. If you find yourself a victim of this type of attack, bring in the professionals to help. This ensures instances are taken down as quickly as possible and further protects your brand.

Ensuring that you and your employees don’t get victimized is also important for protecting your brand. Verify SSL certifications on all webpages you encounter, and roll out anti-spoofing technology to make it more difficult for cybercriminals to create fraudulent URLs that mirror your site. Additionally, educating your employees on how to spot fake websites is extremely important, and consider introducing anti phishing solutions. As the old saying goes, an ounce of prevention is worth a pound of the cure.


3 Tips For Battling Domain Name Squatting And Keeping Your Brand Safe 

There are a number of steps you can take to protect your brand from the dangers of domain name squatting. 

1. Prioritization Is Key

Gauging which threats need to be resolved first is critical. If you treat every potential threat to your business as urgent, nothing is urgent. With this methodology, you may end up missing the real urgent cases, such as live phishing attacks. The truth is that not all threats are created equal, and there are some situations in which you can afford to wait, and other scenarios in which swift action can mean the difference between minimal damage and catastrophe.

By focusing on properly prioritizing threats, you’ll save time, manpower, and resources that could be wasted on minor issues. That’s not to mention that quickly identifying major attacks which need to be addressed right away can only happen if you take prioritization seriously.

2. Embrace Smart Monitoring And Automation 

Ensuring you have smart monitoring and remediation responses in place is critical for moving quickly on domain name squatting instances. When manually handled, this is a very resource heavy task. To carry this monitoring out effectively manually you will need very big budgets and a much bigger workforce. By adopting technology that notifies you about critical emerging threats, as well as provides you with an automated series of steps to remediate those risks, means that your business can provide a robust response when it matters most.

3. Be Proactive And Engaged 

Don’t wait for someone to make you aware of this issue. It’s always better to be the first one to know about these problematic domains. You’ve given cybercriminals the upper hand if someone outside of your organization, such as a worried investor or customer that’s been scammed, is informing you about an instance of domain name squatting.

Proactively look for domain infringements and implement a thorough takedown strategy to immediately take down these URLs and prevent further damage to your reputation and brand, and to your customers. For maximally effective brand protection, monitoring efforts should be led by your company and important to everyone within your organization.

Next Steps For Fighting Domain Name Squatting

BrandShield is an industry-leader in protecting brands from domain name squatting. Our proprietary technology, coupled with our team of IP lawyers and brand protection experts with years in the field, give your brand 24/7 monitoring, analyzing, prioritization, detective, and takedowns - all in one intuitive platform. To learn more about how BrandShield can help safeguard your brand from the growing threat of domain squatting, get in touch with us today.

Don't wait, speak to us