Cybersquatting cases reach record highs in 2022

Domain names help us navigate the vastness of the world wide web and find the information and services we are looking for. However, malicious actors abuse the importance of domain names by registering ones that are identical or similar to existing trademarks, company names, or personal names, hoping to profit from the confusion. The practice of deliberately registering domain names in violation of trademark rights is called cybersquatting.

According to the data presented by the Atlas VPN team, cybersquatting cases reached record highs in 2022. In total, 5,616 cybersquatting disputes were filed to the World Intellectual Property Organization (WIPO) this year — nearly a 10% rise from 2021.

The cybersquatting numbers are based on the data provided by the WIPO. The data includes cases and domain names filed under Uniform Domain Name Dispute Resolution Policy (UDRP) from 2000 to 2022. The UDRP, which WIPO proposed in 1999, has become an international standard for resolving domain name disputes.

After registering the look-alike domain names, cybersquatters may attempt to sell them to the trademarks they are copying or use similarities in domain names to attract traffic to their own website. Among the latter are those that use domains to lure victims into phishing attacks.

If we look at the historic numbers of cybersquatting complaints, they have been steadily growing over the past six years. Compared to 2000, cybersquatting disputes have risen by a whopping 202%. 

In total, 61,284 cybersquatting complaints have been registered by WIPO from 2000 till now.

Cybersquatting techniques

Nowadays, most business owners are already aware of the cybersquatting techniques malicious actors use. However, regular Internet users who do not own any domains may need to be made aware of the dangers and tactics employed by cybersquatters. 

Here are some of the main ones:

Typosquatting. In typosquatting, malicious actors register existing domain names with slight spelling variations (e.g., airbnb[.]com and airrbnb[.]com) with the goal of taking users to a fraudulent website if they type a domain name incorrectly. Typosquatters may combine mistyped domain names with look-alike websites of well-known brands to deceive users into thinking they are visiting legitimate websites. 

Combosquatting. Popular among phishers, this technique involves combining existing domain names with frequently used words, such as “payment” (e.g., airbnb-payment[.]com.) to trick users into thinking they are on a page that belongs to a legitimate brand.

Soundsquatting. In soundsquatting, malicious actors register domain names that contain homophones (words that sound alike) instead of typographical errors to spoof legitimate websites (e.g., weatherportal[.com] is replaced with whetherportal[.]com). This technique mainly targets Internet users that use Siri and other voice assistants to navigate the web. 

Homographsquatting. This technique may be particularly hard to recognize as it uses similar-looking symbols and letters of different languages to replace the ones in well-known brand domains. For instance, Russian “а” appears identical to English “a,” so “apple.com” (English “a”) and “аpple.com” (Russian “а”). While these domain names may look almost unrecognizable, they can lead users to entirely different pages.

Levelsquatting. Cybercriminals may use a legitimate brand’s domain as a subdomain to confuse visitors into believing they are on a legitimate website (e.g., drive.google[.]com is replaced with drive.google.com.sdjaksjd.cc). This cybersquatting technique is the most dangerous for mobile users, as mobile address bars are generally quite small and may not display the full web address, making this attack type harder to spot.