Combatting cybersquatters and bad actors with UDRPs

A surge in filings of these complaints indicates a growing awareness of their effectiveness against cybersquatting tactics, says Trisha Ytuarte of GoDaddy Corporate Domains

Over the past decade, the scourge of cybersquatting has taken up residence and its impact is ever-growing. Cybersquatting is the illicit practice of bad actors registering and using a domain name with the intent to profit off the goodwill of someone else’s trademark.

We connected with SILKA, a renowned domain recovery provider with over 1,000 successful domain name disputes and a valued partner of GoDaddy Corporate Domains (GCD), to shed light on this practice and recommend ways to protect brands in a webinar highlighting the benefits of Uniform Domain-Name Dispute-Resolution Policies (UDRPs).

Though cybersquatting can take many forms, it often capitalises on a typo domain (which contains a slight misspelling or different punctuation), a keyword related to a legitimate brand, or even the exact domain name in another country-specific or alternative TLD. Essentially, cybersquatters buy domains planning to capitalise on another company’s established, popular brand so they can divert web traffic, make money, or both.

Spotting cybersquatting

Cybersquatters use many methods that take advantage of the domain name system. However, the common denominator is that a trademark is included in the domain name in some way. These are a few common cybersquatting ploys:

• Typo-squatting happens when someone registers a domain name that is a common misspelling or typo of a popular website (ie ‘gogle.com’ instead of ‘google.com’. People who accidentally type the wrong web address can be snared by this trap which usually leads to a bogus site with ads, knock-off or similar services, or may even spread malware.
• The homoglyph uses single characters which appear identical or similar to what they are emulating, such as how a lowercase L and an uppercase I can look alike, or a non-native language script, like ç for c. Similarly, homograph attacks use characters from non-Latin alphabets that resemble Latin characters, making them look identical to popular domain names, such as using Cyrillic letters. Both homoglyphs and homographs trick users into visiting malicious sites.
• Misspelling words bets on the probability that some people will mistake the misspelled word for the real thing.
• Other common cybersquatting tactics include name-jacking and news-jacking, domain parking, and combo-squatting, which have colourful names but nefarious purposes to divert people to different websites than they seek.

Cybersquatting also increasingly takes the shape of phishing emails. These emails attempt to imitate real messages sent from an actual email address of the company or organisation, using a look-alike domain name. For example, a fake internal email, appearing to be from the company’s CFO, can be sent to the company’s own accounts payable department asking them to pay an attached (fake) bill. Then, instead of going to an actual vendor, the payment goes to the cybersquatter.

Cybersquatters can also trick a company’s customers or vendors. When email recipients click on these domains, they are typically taken to misleading or counterfeit content and asked to provide sensitive information such as login details or credit card information.

According to SILKA, job scams have emerged as a prevalent cybersquatter trend this year. Bad actors advertise fake jobs by sending job seekers emails from addresses that look almost identical to the actual company’s email address. Or they use another cybersquatting tactic of combination domains, which uses a trademark alongside generic or industry-related terms, such as hr@companyname-careers.com.

These sophisticated phishing emails invite people to apply for a job and even arrange online interviews. Ultimately, applicants are told they got the job and are prompted to fill out forms. When the job candidates provide their bank account details and other personal information, the data is then harvested by the bad actors to perpetrate identity theft and collect money.

Even a professional who works with domains every day can be fooled by cybersquatting tricks. These domains appear in emails, texts, and on websites, making them omnipresent and often very convincing.

Defending against cybersquatters

With threats continuously evolving and the domain space expanding, the question then becomes what can or should you be doing to defend your brands? Fortunately, there are many different options for defending against cybersquatting domains including:

- Defensive registrations, which entail compiling lists of risky domains, and preemptively registering domain names to prevent cybersquatting and malicious use. This is a common practice for most corporate domain portfolios, requiring a customised strategy considering brand risks, business locations, domain abuse data, and historical enforcement.

- Defensive blocking products, such as GlobalBlock, which launched earlier this year, help prevent cybersquatters from registering trademarks across many TLDs all at once.

-Domain name monitoring tools ingest the client’s trademark and key terms and output a list of domains already registered with similar names. These watch tools can also notify brand owners of future registrations as they emerge.

Monitoring can be preventative too, alerting trademark holders about domains that have been registered but not used by cybersquatters yet. It is crucial to continuously monitor domains and prioritise risk factors using tools that can help you categorise based on usage and risk factors, such as GCD’s Brandsight Tracker, which monitors over 70 data points on a daily basis.

-Website takedowns involve contacting the cybersquatter’s hosting provider or registrar to request that the questionable website be taken offline. This option typically requires evidence that the content infringes on the legitimate brand.

- Demand letters will ideally succeed in stopping the cybersquatting behaviour. However, masked domain name ownership details often make it difficult to contact the owner.

- Litigation, which requires legal counsel, can further the chances of successfully protecting brands through additional appeals and the potential for monetary damages, but it can be a lengthy and costly process.

-Buying domain names from bad actors is a possibility, though not recommended for a variety of reasons, such as ethically rewarding illegal activity, having to pay exorbitant fees, and emboldening other bad actors. Consider this a last resort.

-Filing a Uniform Domain-Name Dispute Resolution Policy (UDRP) complaint is an effective tool for trademark owners to obtain domain names from cybersquatters. Many trademark owners are discovering the benefits of this globally available solution, with its lower costs and domain ownership opportunities.

As a valuable partner for GCD’s enforcement work, SILKA explains the UDRP, one of the more effective enforcement tools, in more detail below.

What is the UDRP?
Established in 1999 by The Internet Corporation for Assigned Names and Numbers (ICANN), UDRP complaint filings have gained popularity every year. The World Intellectual Property Organization (WIPO), which handles the most complaints of any agency, tabulated that the number of annual UDRP filings for 2023 more than doubled those from 2013.

Klara Sigvardsson, partner at SILKA, believes this surge is not merely a reflection of the rise in cybersquatting incidents, but significantly impacted by a growing awareness of the UDRP as an effective enforcement tool.

Why are UDRPs so popular?

First, the UDRP is an administrative process, not a legal procedure, which typically means substantially lower costs. Second, parties who win a UDRP process gain ownership of the domain name in question—the result is permanent, as opposed to some other enforcement options. Third, the UDRP process applies to all generic top-level domains (gTLDs), including .com, .net, and all new gTLDs, as well as some country-code extensions (ccTLDs), including .co, .tv, and .me, which makes it a globally useful solution. Finally, the entire UDRP process takes only around three months, which is fairly quick compared to drawn-out legal communications or lawsuits.

How to win the UDRP
According to SILKA, to be successful in a UDRP dispute, the trademark holder must demonstrate three criteria.

1. The complainant’s trademark must appear in the questionable domain name in some shape or form. There must be proof that this domain name is identical or confusingly similar to a trademark or service mark to which the complainant has rights.
2. The person or company bringing the UDRP complaint must show that the current owner has no rights or legitimate interests in this domain name. For example, if another company has operated under a particular company name for ten years, that could be considered legitimate interest in the matching domain name even if they hold no trademark that matches the domain name. If both parties have demonstrable rights to the same domain name, there is no basis for a UDRP.
3. The domain in question must have been registered and used in bad faith. The ‘used’ part can be obvious, especially if there’s a website selling counterfeit products or sending out phishing emails using the confusingly similar domain. The trickier part can be to demonstrate that the domain was also registered in bad faith. It must be proven that the bad actor intended to abuse this brand at the time of domain registration.

Why use UDRPs?
If the goal is to not only take down the offending website(s) but also to gain control of the domain, a UDRP is ideal. Another plus of UDRPs is they can be carried out in groups as long as companies share a common grievance, such as brands within a company or competing businesses. Many cybersquatted domains can be listed in the same UDRP complaint, making it an efficient and cost-effective process. In one successful UDRP complaint from last year brought by Tory Burch, there were 106 domains.

The UDRP process in a nutshell
If trademark owners discover a domain violating their mark, they can first review to make sure the domain is not owned internally by another department at the company. Once that review is done, they can proceed and draft the UDRP complaint either in-house or with the help of an external specialist. The complaint is submitted to argue how the domain infringement meets the UDRP’s three criteria.

After the filing, the current domain owner has time to respond (though they rarely do). Absence of a response does not, however, lead to a default victory for the complainant—all criteria still need to be met. Then, the dispute resolution provider (eg WIPO) appoints a panel to review the evidence and issue a decision.

Assuming the complainant wins the UDRP dispute, they must implement the decision to have the domain name cancelled or transferred to their portfolio. Follow-through on this last step is the most important because the cybersquatter’s site could conceivably remain online even if they lose ownership of the domain.

Cecilia Borgenstam, partner at SILKA, shares that it is not uncommon for the technical side to be missed while ownership and administrative control get transferred. The result is that the domain name—now owned by the trademark owner—can still be used by the previous owner for publishing bad websites and sending fraudulent emails. The name servers should, therefore, be changed immediately, and the domain name should be transferred in its entirety as soon as possible before the domain expires and risks being bought by another party all over again.

It’s important to have the right resources, team, and processes in place to help facilitate this and protect against future abuse of those recovered domains. At GCD, we partner with our clients to ensure compliance and ongoing visibility. Some helpful tactics include creating custom fields to clearly track those domains recovered through enforcement efforts and setting up defensive Domain Name System (DNS) zone templates to implement proper controls for those defensive domains.

These steps not only help build a robust defence against cybersquatting but secure all domains under management while ultimately protecting clients’ customers, employees, and business practices.

Conclusion
Domain name cybersquatters will not stop pushing the boundaries with their endlessly creative illicit activities, which knowingly violate IP rights. However, trademark holders have several tools in their collective arsenal to detect and quell these violations and should work with their partners to determine the best and most efficient course of action.

The UDRP is among the most promising solutions available today, as evidenced by the record-breaking number of UDRP cases handled by WIPO last year. Its efficiency, predictability, and cost-effectiveness make it an attractive choice for businesses. Companies are well-advised to consider UDRPs an integral part of protecting their brands to stop cybersquatters in their tracks.

To watch our full conversation, encompassing basic and advanced UDRP strategies with the SILKA team, or to request assistance with your enforcement or proactive registration, please visit this link: https://demo.gcd.com/webinar-udrp-essentials-and-mastering-udrp.

Trisha Ytuarte is a senior client success manager at GoDaddy Corporate Domains. She specialises in helping organisations analyse their defensive registration options, consolidate and transfer domain portfolios, and streamline their portfolio management.

Ytuarte is dedicated to empowering businesses through optimised domain management and achieving their digital objectives.