It was nearly two decades ago when the world-famous star Madonna won the case against a cyber-squatter who maliciously used her trademark when putting up a porn site. At the time, madonna.com was full of content that was inappropriate even for Madonna. The court sided with the singer and the website owner was legally forced to give up the domain name.
The Madonna case is one of many: Microsoft, Dell, and PETA were all victims of cyber-squatting. One might assume that this is simply the price of being famous or owning a billion-dollar brand. However, cyber-squatting can happen to anyone, and it’s just one of the various types of cybercrime.
In the same crime family as cyber-squatting is the practice of domain hijacking. In 2004, a 19-year old German playing with a DNS transfer site and popular domains, such as Google.de, Amazon.de, ultimately succeeded in transferring ebay.de. Imagine, a German goes to eBay to buy something and instead of a store there is…nothing.
While there are many high-profile cases like the ones listed above, these crimes are constantly evolving, which makes them hard to immediately detect. In fact, around 80% of them remain unreported, as victims often don’t even realize the crime has occurred.
Understanding and Preventing Cyber-squatting
Cyber-squatting is the malicious practice of registering or using a domain name that’s closely associated with someone else’s reputable trademark or business. Typically, a cyber-squatter will buy a domain name that matches the name of an existing well-known brand or company. These names are either unregistered or the registration has temporarily lapsed, and the cyber-squatter pounces on the opportunity to register the domain. Next, the cyber-squatter will contact the company and offer them the opportunity to purchase it, making it clear that the domain registration was made with bad intentions.
However, not every trademark or brand domain questionably registered is intended to blackmail a trademark owner. Mistakes happen, and not every famous brand name has only one use. For instance, the singer Sting took action against someone who registered Sting.com for their personal website. The same court that decided the Madonna case found that the sting.com owner did not register this domain with bad intent and did not award the singer this domain (Note: later, the singer ultimately got the domain).
The differentiator between these two examples and the key to understanding whether the person who has registered your trademarked domain is a cyber-squatter is the “bad intent” component. If the new owner is contacted by the company (or vice versa) and the situation results in a domain hostage situation, there are legal avenues available to recover a domain.
As Harvard Law School reported, the associated issues of trademark infringement and trademark dilution are well defined within the law. In the U.S., it is possible to file a lawsuit under the Anti Cyber-Squatting Consumer Protection Act (ACPA). However, if you happen to become the victim of cyber-squatting, regardless of which country you are located, the best course of action is to file a UDRP (Uniform Dispute Resolution Policy) complaint. During this process, a trademark owner can file a complaint against the domain-name holder, and an administrative panel reviews it.
To prevent becoming a victim of cyber-squatting from the get-go, register all domains that pertain to your company and brand once you realize you’ll need them, and keep your domain registrations up to date. Even better, appoint someone within your company to keep track of this process and acquire new domains as needed.
How to Handle Domain Hijacking
Whether done as a prank or with criminal intent, domain hijacking is a cybercrime that entails: a) “stealing” a domain name, i.e. changing the registration of a domain name without permission, and b) diverting traffic to a fake internet address.
Unfortunately, all a hijacker needs to steal your domain is your email address and password. Most commonly, a hijacker will assume their target’s identity to convince the registrar (where your domain is registered) to change authority settings and make adjustments. However, it is also possible to “brute force” the system to get your password (which is another way of saying “running a program to guess every possible password until they get yours”).
The best basic prevention measure against domain hijacking is to have a strong password and always enable multi-factor authentication for your email accounts. For the highest level of security, you should also make sure your choice of domain registrar offers multi-factor authentication, supports DNSSEC (Domain Name System Security Extensions – protocols that add a layer of security to the domain system look-up and exchange processes,) and offers a registry lock (prevents a domain name from being deleted, transferred or its information altered).
Should you become a victim of domain hijacking, follow ICANN’s instructions. The only way to recover your domain is by claiming your rights through proper documentation (domain history, billing records, system or web/DNS logs that serve as a link between the domain and the content you publish, annual WHOIS reporting notice, etc.)
Domain hijacking and cyber-squatting are real dangers that can come as you build your brand and develop your online presence, and prevention is key. Choose an appropriate domain name registration partner who offers up-to-date protection tools, create a strong password, and always use multi-factor authentication.
For more information about domain theft protection, see ICANN’s set of recommended measures to help webmasters protect their company’s domain assets.
Natasa Djukanovic is the Chief Marketing Officer of Domain.ME