Posted In: Domain Security, Domaining

Research Exposes New Form of Cybersquatting

If you are familiar with domain names, hopefully you are also familiar with the threat of cybersquatting. The definition of cybersquatting is when someone registers a domain name with the trademark of a known brand and malicious intent to benefit from the trademark’s likeness. Domain investors are often times mistaken for cybersquatters however there are key differences between the two. Domain investors use industry knowledge, logic and trend forecasting to determine what domain names may become highly desirable in the future, while cybersquatters use trademark domains to hoodwink the public into believing their association with the trademark brand and making a profit based on this deceit.

Combosquatting 

There are a few forms of cybersquatting, including the well known typosquatting. Typosquating is registering a domain name with a common typo in it knowing the domain will receive traffic from this keyboard error.

A new study conducted by George Tech with Stony Brook University and South Bank University explores a new facet of cybersquatting they refer to as combosquatting. Combosquatting is the practice of registering domain names that combine a popular trademark with a string of words or phrases. The study researched how these domain names were being used. You can see the analysis below which found a staggering 88.77% suspicious and 13.39% malicious activity.

Combosquatting is as much of a threat to consumers as it is to brands. Many combosquatting domains use phishing tactics to gain access to sensitive information. For example you may get an email from what you perceive to be your bank that has a link to the website bankofamerica-com-login-sys-update-online.com. Because you see the Bank of America trademark in the domain name, you decide to trust the website and input your private login information which is now in the hands of someone looking to exploit you.

Another common tactic for hackers is to use false update and password credential pop-ups to gain access to your accounts and spread viruses, as seen below with the cybersquatted domain airbnbforbeginners.com. Someone familiar with the airbnb brand is likely to fall for this upgrade.

This is also becoming very common with the Apple iTunes and iCloud pop-ups. If you ever see one of these messages randomly pop-up when you are using an app or browsing the web that prompt you to enter your information, dismiss it and navigate to the Settings application and enter your credentials there. If you are still asked to it is a legitimate system dialogue. We are so trained by our smart devices to blindly oblige when asked to enter our credentials it is important to be aware of cybersquatting tactics, and critical of the websites and pop-ups you trust.

Image credit: igeeksblog

How to protect your brand from cybersquatting

Cybersquatting is harmful to brands because it dilutes your brand name and causes mistrust with your customers. If a customer is fooled by a domain and website they believe to be yours and purchase a product that never comes and has their bank account stolen in the process they aren’t going to put the blame on a cybersquatter, they’re going to feel let down by your brand.

Top tips for brands:

  1. Brand and trademark monitoring services take care of the demanding and slightly overwhelming task of protecting your brand online by preventing domain name and trademark hijacking, enforcing action against counterfeit websites and maintaining your overall brand reputation.
  2. Defensive registrations allow trademark owners to block their trademarks across a specific set of domain endings. Defensive registrations are a proactive solution for protecting your trademarks from abuse like cybersquatting. An example of a well-known brand protecting themselves with defensive registrations is Facebook registering the domain names fasebook.com and facbook.com that both redirect to official facebook.com ensuring that none of their website visitors are diverted elsewhere.
  3. Don’t use your trademark in new domains for campaigns. If you use a combination of your trademark and words just as combosquatting does, it will be difficult for consumers to distinguish which domains are legit and which they should be skeptical of. We suggest using the new domain endings for your marketing campaigns for example Amazon.sale, Amazon.marketing, Amazon.social.

Don’t wait until something like this happens to your brand, be proactive in your domain management and protect your trademark and your customers.