If someone registers a domain under “your mark” (your name or your business’s name) to profit off your reputation, they are cybersquatting. Fortunately, you can remove a cybersquatter and recover your domain name by:
- Negotiating with the cybersquatter to transfer the domain name;
- Filing a lawsuit under the Anti-cybersquatting Consumer Protection Act (ACPA), to obtain a court order transferring the domain; or
- Requesting arbitration under the Uniform Domain Name Dispute Resolution Policy (UDRP).
At Minc Law, we know how to protect your name or trademark from cybersquatters. We often represent individuals and business owners whose names have been registered by cybersquatters in bad faith.
In this post, we will explain what cybersquatting is and why people do it. Then we will outline your options for dealing with a cybersquatter, including how to acquire your domain name.
What is Cybersquatting?
Cybersquatting (also known as domain name squatting and domain squatting) is the act of registering, or using a domain name with the (1) bad faith intent (2) to profit from the trademark, business name, or personal name of another.
Domain squatting generally occurs in one of two scenarios: (1) when a squatter is attempting to steal business from a competitor by creating confusion or (2) as a form of extortion. We discuss the reason why people do this as well as some notable examples below.
However, it is possible that the domain registration was in good faith. Good faith registration of a legitimate business name, even if the business name is already in use, does not constitute domain squatting.
How Does Cybersquatting Work?
Cybersquatting typically arises in two situations – the squatter registers the domain to either siphon your customers or to coerce payment for the re-sale of the domain.
The first situation, where the squatter attempts to siphon customers, is often employed by competitors or scammers to steal customers from a well-known business. The domain squatter will target profitable businesses that have not registered their domain name or they find a confusingly similar domain name.
An offshoot of this form of cybersquatting involves using a business’s name for phishing. In this scenario, a hacker will register the domain and send out emails that appear to be from a legitimate business or organization. Once unsuspecting consumers click on links within the email, they are sent to a bogus page designed to gather passwords and other sensitive information.
In February 2021, this form of cyber security threat happened to the Maryland Department of Transportation. Thousands of Maryland vehicle owners received emails and text messages that appeared to be from the Maryland Motor Vehicle Administration. The messages steered unsuspecting users to a fake site, claiming that personal information was needed to comply with REAL ID requirements. In reality, the page was created by scammers trying to get access to the users’ private and personal information.
The second form of cybersquatting is something you may have unwittingly encountered. Have you ever clicked on a URL only to land on a page that says, “Site Under Construction,” or “This Domain Name for Sale?” If so, there is a decent chance you are witnessing a cybersquatter at work. These types of squatters attempt to make money by reselling the domain to the business at an inflated price.
Both situations will involve misuse of the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is the non-profit organization that operates and governs the Domain Name System – the Internet’s address book. The Domain Name System (DNS) lists every URL on the Internet and enables the public to find websites without the need to remember every website’s IP address. The DNS also records contact information for a domain’s owner, so it is a valuable tool for determining who registered a particular domain.
Why Do People Engage in Cybersquatting?
The ultimate goal driving cybersquatting is to extract money – either by stealing a competitor’s customers or re-selling the domain to the business whose name was used.
For example, you are reading this on MincLaw.com, our law firm’s website. One way to commit domain squatting would be for a competitor to register a new website simply by changing part of the domain name, such as “MincLaw.org” or “MincLegal.com”, and then designing the website to look and feel like Minc Law’s. Many Internet users do not check the full URL of a site after a Google search and might not realize they landed on a competitor’s website. By making small alternations in the top-level domain name, it can be easy to confuse potential customers.
Cybersquatters may also use a misleading domain name to hold hostage and extort a legitimate or well-known business. For example, the squatter who registered “MincLaw.org” may have purchased the domain for $8, with the goal of re-selling it to us for $10,000 (or more). In this case, the cybersquatter is probably not a competitor trying to steal clients. Rather, their goal is to make a profit by reselling the domain name to us.
In some instances, a cybersquatter might actually have more malicious intent. In those instances, a domain is often purchased to exact revenge, harm, or extort an individual or business. Not only is this a form of domain squatting, but it is also often linked to online harassment, cyberbullying, and civil claims for online extortion.
Domain Name Squatting Tip: One way to deal with a cybersquatter involves starting a dialog and negotiating the transfer of the domain name. This method may be cheaper and faster than legal action like arbitration or litigation. The first step in negotiating with a squatter is to determine who registered the domain, using WHOis.net. Once you determine who you need to contact, you can email them and explain why you are interested in the domain. There is always a chance they purchased the domain in good faith and had no intention of appropriating your name. They may be willing to transfer the domain to you for a reasonable price.
Notable Cybersquatting Examples Involving Celebrities
Around the turn of the millennium, several well-known personalities found themselves victimized by cybersquatters. This was a time when Internet usage was rapidly growing, yet not everyone recognized the value of owning their own domains.
Two prominent celebrities, Madonna and Sting, provide illustrative examples for the purposes of this post. They each fought for the right to gain the domains featuring their names – but faced different outcomes.
Madonna Ciccone v. Dan Parisi and “Madonna.com”
In 1998, web developer Dan Parisi purchased the domain name “Madonna.com” for $20,000. He turned the website into an adult entertainment portal, but included a disclaimer stating the site was not associated with the singer. Madonna filed a UDRP claim, alleging that Parisi’s use of the name “Madonna.com” was a bad faith scheme to profit off her popularity.
The World Intellectual Property Organization’s (WIPO) Arbitration and Mediation Center sided with Madonna. WIPO correctly determined, despite his suggestions otherwise, that Parisi purchased the domain solely to re-sell it to Madonna (for an inflated fee). The panel aptly observed that Parisi had utilized a ‘cheese in the mouse trap’ technique to elicit buying interest from the artist by causing confusion amongst her fans, many of whom are minors, who would search for her fan page and wind up on a website displaying pornography.
Since Parisi’s registration and use of the domain was in bad faith, the domain name was ordered transferred to the singer.
Gordon Sumner v. Michael Urvan
In 2000, Gordon Sumner, the singer better known as “Sting” filed a UDRP claim over the domain name “Sting.com.” The singer alleged that his use of the name Sting, “is world-famous” and that the defendant, Michael Urvan, did not have any legitimate use for the domain name.
Urvan claimed that he was using the nickname Sting as a username for online gaming more than 8 years prior to Sumner’s claim. He also demonstrated that over 20 trademarks had been registered for the common English word “Sting” and none of them were owned by Mr. Sumner.
While the WIPO Arbitration Center acknowledged that Sumner was the ‘more famous’ Sting, he did not prevail in his claim. Given Urvan’s usage of the name for online gaming and the many other common uses of the generic English term, no evidence of bad faith on Urvan’s behalf was found. Since Sumner could not prove Urvan had a bad-faith intent to profit off the artist’s name, Urvan was permitted to keep Sting.com.
Options to Remove a Cybersquatter & Recover Your Domain Name
If you believe a domain name was registered in bad faith and you are not inclined to pay the ransom note/asking price, you do have options. You can remove a cybersquatter and acquire your domain name by:
- Contacting the cybersquatter directly, explaining why you are interested in the domain, and negotiating a transfer of the domain;
- Sending a takedown letter or reporting the abuse to the website’s registrar and hosting provider in the case of phishing sites and malicious domains;
- Filing a lawsuit under the Anti-Cybersquatting Consumer Protection Act; and/or
- Requesting arbitration through the Uniform Domain Name Dispute Resolution Policy.
Each option comes with its own pros and cons, so you should discuss your options with an experienced Internet attorney to ensure the best chance of success.
Reach Out & Negotiate With the Cybersquatter
Sometimes, direct communication with the squatter is the best (and cheapest) way to get access to the domain name in question. To find out who registered the domain, you can look up a registrar’s contact information using WHOis.net.
If you cordially explain why you want the domain name, the registrant may be willing to transfer it to your for a reasonable fee. Reaching out may also help you determine if the domain name was actually registered in good faith.
Report Phishing to the Website’s Registrar
If you discover a malicious website that appears to be phishing for private information, you can also report the website. Websites that include malware, phishing scams, or purport to be a legitimate business should be reported to the domain registrar or web host (e.g. GoDaddy, BlueHost). You can use the WHOis.net lookup tool to find the contact information for the malicious site’s registrar or host.
While the domain registrar cannot take down a phishing website, they can point you toward the website’s host. The web host does have the authority to remove malicious sites.
For detailed instructions, check out How to Report a Fraudulent Website to a Registrar.
If You Trademark Your Company Name, How Can You Get the Domain From a Cybersquatter?
Once you have a trademarked name, you can file a claim under the Anti-Cybersquatting Consumer Protection Act or request arbitration through ICANN to get the domain name transferred. Cybersquatting laws are essentially an outgrowth of trademark laws.
You can request trademark protections for more than just your name or your business’s name. The U.S. Patent and Trademark Office (USPTO) permits the registration of words, phrases, symbols, and designs that “distinguish the source of goods of one party from those of the others.” For example, the business name “McDonald’s,” its distinctive golden arches, and the jingle “I’m lovin’ it!” are all protected by trademark law.
When the Internet started growing in popularity, Congress recognized the need to bring domain names under the umbrella of trademark protection. They achieved this by passing the Anti-Cybersquatting Consumer Protection Act in 1999.
To learn more about registering a trademark, read on to the section, “What Legal Protections Can You Get For Your Domain Name to Combat Cybersquatters?”
What is the Anti-Cybersquatting Consumer Protection Act of 1999 (ACPA) & How Can You Use It to Your Advantage Against Cybersquatters?
The Anti-Cybersquatting Consumer Protection Act (ACPA) protects trademarks and names of living persons. It is designed to prevent deception of consumers and extortion of trademark owners. As a U.S. law, the ACPA’s application to foreign registrants is questionable.
If someone uses your name or your mark to register a domain, you can file a federal lawsuit under the ACPA. To acquire a domain name under the ACPA, a plaintiff must prove:
- The defendant registered, traffics in, or uses a domain name that is:
- Identical or confusingly similar to a distinctive mark
- Identical, confusingly similar, or dilutive of a famous mark, or
- A trademark defined by statute (e.g., Red Cross, Olympics); and
- The defendant had a bad faith intent to profit from the mark.
The ACPA grants courts the authority to transfer domain names to a plaintiff who successfully proves a violation of the Act. Plus, in appropriate circumstances, plaintiffs can also be awarded statutory damages ranging from $1,000 to $100,000 per violation.
What is the Uniform Domain Name Dispute Resolution Policy (UDRP) & How Can You Use It to Your Advantage Against Cybersquatters?
If you would prefer to avoid protracted litigation, you may also acquire a domain through arbitration. The Uniform Domain Name Dispute Resolution Policy (UDRP) is an arbitration system commissioned by ICANN and implemented by the U.N. World Intellectual Property Organization (WIPO). All domain name registrants, worldwide, are bound by the UDRP.
If you request arbitration, you must still prove certain elements to prevail. Much like the ACPA, the UDRP requires that a plaintiff prove:
- The domain name is identical or confusingly similar to a trademark or service mark,
- The registrant does not have any rights or legitimate interest in the domain name, and
- The domain name was registered and is being used in bad faith.
If you prevail on a UDRP claim, ICANN will transfer the domain to you but no monetary awards are available. Domain holders that lose on a UDRP claim can appeal the decision by filing a lawsuit within 10 days. Fortunately, if you do not prevail on a UDRP claim, other legal options – like an ACPA claim – are not waived.
When Should I Seek Legal Help to Combat Cybersquatting?
If someone has registered your name or trademark as a domain with a bad faith intent to profit, you can pursue a cybersquatting claim. Depending on your situation, you may not need to file a lawsuit or pursue arbitration. If, however, you are willing to pay the squatter the price (or ransom) they are asking for the domain, you do not need to pursue other legal remedies.
One of the important things to remember is that cybersquatting is only committed if done in bad faith. Just because someone registers a domain with your name (or something similar to your name) does not mean they are trying to profit off your reputation.
For example, in the “Sting” case we previously discussed, the defendant was not trying to profit from the use of Sting’s name. He had been using the name “Sting” for online gaming years before registering the domain and had no intent to re-sell the domain to the musician.
What Legal Actions Can Cybersquatting Victims Take?
The best legal options for dealing with cybersquatting are pursuing either UDRP arbitration or an ACPA lawsuit. But you may have other legal options depending on the circumstances. Some of the other legal issues that could arise in a domain squatting case may include:
Each of the civil claims listed above is best assessed with a knowledgeable Internet attorney. Each state has different laws that could apply to your situation, depending on the specifics of your case. Likewise, there may be strategic considerations that make certain options more favorable to you than others (like lower legal costs or a quicker resolution process).
How Can Individuals File Claims Against Cybersquatters?
If you are filing a request for arbitration under the UDRP, you can consider using WIPO’s Model Complaint. The complaint and any supporting documents must be submitted electronically to the WIPO Arbitration and Mediation Center.
While you do not have to serve the defendant with a copy of the complaint, you will need to provide a copy to the domain’s registrar (e.g. GoDaddy, BlueHost, etc.) The registrar’s involvement in the process is required because the domain name must be locked while the UDRP arbitration is pending. This just means the registrar cannot sell or transfer the domain until the UDRP proceedings or complaint is resolved.
If you decide to pursue a claim under the ACPA, you will have to file a complaint in court. ACPA claims are often filed in the United States District Court of Virginia because the company with the ability to transfer domain names (Verisign) is headquartered in Virginia. Worth noting is that ACPA claims are best pursued against cybersquatters located in the United States because U.S. courts may not have jurisdiction over foreign cybersquatters.
What Are the Best Ways to Address Cybersquatting Being Committed in Another Country?
If you are dealing with a cybersquatter outside the U.S., UDRP arbitration may be advisable. Through the World Intellectual Property Organization’s Arbitration and Mediation Center, the dispute can be resolved regardless of where the parties are located in the world.
Generally, U.S. law cannot be applied to foreign defendants unless they have at least minimum contacts with the United States. Establishing jurisdiction would only add more complexity and costs to ACPA litigation (which most clients would rather avoid if possible).
How to Protect Your Domain Name Rights Against Cybersquatters
When it comes to your online reputation, best practice is to be proactive. You can save yourself time, money, and hassle by protecting your domain name from cybersquatters in the first place.
Some of the main ways you can ward off would-be domain squatters are:
- Register your trademarks that you would like to protect – like your name, business name, or marketing slogans.
- Try to think of similar domain names that cybersquatters might use and reserve them before anyone else can. For instance, our firm might purchase the domain names, “minclaw.org,” “minclaw.net” and “aaronminc.com” so that squatters do not even have the chance to buy them.
- Utilize digital risk protection services – a form of monitoring online threats, including domain squatting, that may help your business protect its digital assets.
Deceptive Trade Practice Fact: If a competitor registers a domain that is confusingly similar to your business’s name, they may be trying to siphon off unsuspecting customers. When a cybersquatter’s goal is to mislead consumers, essentially “tricking” them into shopping on their website instead of their similarly-named competitor, they may be running afoul of Deceptive Trade Practice laws. If a squatter’s behavior violates your state’s trade practice laws, you may have extra legal options for dealing with the defendant and recovering the domain in question.
How Do You Know if the Domain Name You Want is Being Used by a Cybersquatter?
You can set up alerts to track mentions of your name, including domains registered under your name. Some well-known brands outsource this monitoring to third-party vendors – but professional monitoring services can get costly. If you are not ready to commit to a monitoring service, you can also conduct regular searches on a “WhoIs” website like Domain Tools.
A common tactic of domain squatters is to register domain names with minor misspellings that are easily made on a computer keyboard. So, an effective monitoring system must account for misspellings and slight variations.
If you do find a website for sale that is operating under your name, that usually means you are dealing with a bad faith squatter. Some of the more subtle ‘red flags’ that indicate cybersquatting are:
- A domain that links to a website that is “under construction” or has an error code (like 404 or 502),
- A website with no real functionality or interactivity,
- A single page with nothing but hyperlinks to other webpages or ads, and/or
- A site that displays pornographic or obscene content.
If you are uncertain whether an individual has registered the domain in bad faith, you can use Whois to find their contact information. From there, you can reach out and try to understand why they purchased the domain.
If there is a legitimate use, you can always make an offer to buy the domain from the registrant. They may willingly transfer it to you without much consideration in return. Even if the registrant is using the domain in bad faith, you still have the option of purchasing the domain to avoid any prolonged dispute.
For further reading on domain squatting, check out our comprehensive post by attorney Brinton Resto titled ‘Someone Registered My Name as a Domain Name: What Are My Options?’
What Legal Protections Can You Get For Your Domain Name to Combat Cybersquatters?
One of the best things you can do to protect your name from squatters is to register your trademarks. By registering your trademarks, you (as a trademark owner) put others on notice that you intend to guard and protect your name. Having the trademarked already registered should also help you with a UDRP or ACPA claim if you must resort to legal options to remove a cybersquatter.
To register a trademark:
- Search the Trademark Electronic Search System (TESS) for the name you would like to trademark. Ensure your name is unique and not too similar to any other trademarks.
- Prepare your trademark application with the Trademark Electronic Application System.
- Submit your trademark application and pay the requisite filing fee ($250–$350).
What Other Methods Can You Take Before Going to Court to Protect Your Domain Against Cybersquatting?
As we mentioned previously, protecting your domain should be a proactive process. Monitor your online presence and the use of your trademarks, either on your own or with a reputable service. At Minc Law, we offer Digital Risk Protection (DRP), a monitoring service that helps protect your digital assets and guard against privacy breaches.
You should also create a list of common misspellings of your name (e.g., Mink Law) and different top-level domains (e.g., “.org,” “.net,” or “.co”). Then, consider purchasing these domain names to thwart would-be cybersquatters. This is typically much cheaper than purchasing a domain from a squatter or having to pursue litigation or arbitration.
Cybersquatting & Social Media: Where to Report Fake Social Media Accounts
Social media platforms have raised new concerns not contemplated by older cybersquatting laws. Most cybersquatting laws, like the ACPA, are aimed at top-level domain names. A social media account is not a domain, but rather a sub-domain. For instance, our firm is not interested in owning the domain “Facebook.com” but we definitely have an interest in protecting “Facebook.com/MincLaw” from would-be squatters.
Fortunately, most social media platform’s Terms of Service (TOS) prohibit impersonation and misappropriation. If someone creates a fake social media account under your name, you should review the platform’s TOS and report the account. For more information, check out the following platform’s instructions for reporting fake accounts:
How Can You Find Legal Representation to Help You Protect Your Domain Name Against Cybersquatting?
There are several ways to find competent representation to assist with cybersquatting issues. First, conduct a Google search for cybersquatting or domain squatting attorneys or anti-cybersquatting attorneys.
You can also check your state’s bar association directory for a list of attorneys and their practice areas.
Finally, you can ask for referrals from others who may have dealt with cybersquatters.
The key to finding representation is to look for experienced Internet attorneys. Not all attorneys are familiar with domain squatting laws, so it is important to ask whether your attorney has experience protecting domains from squatters.
Consult With an Experienced Internet Attorney
If you have been targeted by a cybersquatter, it is best to discuss your legal options with an experienced attorney. The Internet attorneys at Minc Law can help you determine if you have a claim for cybersquatting and decide on the best strategy for proceeding.
“Dan Powell was exceptional. Extremely knowledgeable about the law and insightful as to the reality and expected outcome of my case. I would strongly encourage and recommend Minc and Daniel Powell.”
C. Becker, Oct 30, 2019
Contact us to schedule a free, no-obligation consultation by calling (216) 373-7706 or filling out our online contact form.