Cybersquatting: What To Do When Someone Is Holding Your Brand’s Domain Hostage

By Carolyn Juarez

Cybersquatting started in the 1990s before most companies had an internet presence. The internet was still unfamiliar territory. People didn’t really know that if their company didn’t secure its domain name or even its misspelled domain name, somebody else could grab it and hold it for “ransom.”

The early days of the dot-com boom was the peak of the cybersquatting era. In 1999, when the Anti-Cybersquatting Consumer Protection Act (ACPA) was passed, cybersquatting became illegal.

The same year, ICANN, which manages the internet domain name system, developed a domain dispute resolution procedure called the Uniform Domain Name Dispute Resolution Policy (UDRP). More recently, ICANN has developed the Uniform Rapid Suspension System (URS) dispute resolution procedure for some top-level domains introduced after 2012, like .xyz, .email, and .jobs (but not .com, .net, or .org).

Today, companies are more diligent about acquiring domain names. They have realized the value of having a domain portfolio including misspellings, phonetic equivalents, related brands, and relevant top-level domains. But the reality is that domain name disputes are issues that come up pretty frequently in my practice. I’ve handled numerous UDRP actions and frequently counsel companies on whether somebody else’s registration of a domain name is cybersquatting or whether it’s lawful domain investment.

When it comes to this topic, there’s a distinction between true cybersquatting and what is actually legal domain name investing. And if you believe someone is holding your domain hostage, it’s important to be aware of your options.

What Cybersquatting IS

“Okay, we’re going to launch a new product. There’s a company that already has the domain registration, and they want to charge us $10,000 for it. Isn’t that cybersquatting?”

Not necessarily.

In a nutshell, cybersquatting comes down to bad faith. Cybersquatting is the registration of a domain name with the intent to profit in bad faith. Examples of “bad faith” registration may include:

  • Someone buys a domain name because it is visually or aurally similar to an existing trademark or brand, then runs ads on it.
  • Someone monitors trademark applications, sees a new application filed, and registers the corresponding domain name.
  • Someone registers a misspelling, a typo, or a domain name that is visually or aurally similar to an existing company or brand, then sends spam emails as part of a phishing scam.
  • Someone purchases a trademarked tagline another brand uses for its goods and services, then redirects that site to their own, competing products. This is an example of using somebody’s trademark in a way as to create confusion as to origin. That would be cybersquatting as well as trademark infringement.

What Cybersquatting is NOT

Just because someone else owns a domain with your trademark or brand name in it doesn’t mean it’s cybersquatting. Domain investing is permitted, so long is there is no bad faith intent, which can be a fine line.

Examples of legal domain investing may include:

  • An individual or company registering hundreds of domain names based on industry trends or consumer patterns and holding them for resale value to future users of those marks is not cybersquatting. It’s a bit like real estate speculation — the investors are purchasing unused property and holding it in the event that someone wants to build on it in the future.
  • If you go to a domain name of the company or brand you’re launching and someone else bought it years before but there’s nothing there — it’s under construction or it’s a parked landing page with no ads and no content — that may not be cybersquatting. The owner could be building a valid website that will be live in the future.
  • A domain name where someone criticizes a company (e.g., XYZcompanysucks.com, aka “gripe” sites). As long as it is not being used for a commercial purpose, courts have determined that gripe sites are not registered with bad faith intent and are not cybersquatting — basically, the First Amendment’s protections for freedom of speech trump a trademark owner’s rights. (Of course, if what the owner is saying on the site is not true, then there’s defamation to consider.)
  • Same-name brands that sell different products, as long as they have a legitimate business associated with them, is not cybersquatting. Let’s say Timothy Dyson owns a car dealership and registered dyson.com to sell cars. Dyson the vacuum cleaner manufacturer would not have been able to claim that Timothy Dyson is cybersquatting because there’s a legitimate business associated with that domain.

Explore Your Options If You’re a Victim of Cybersquatting

One recent example of cybersquatting was a client who notified me that another company had registered a domain name containing the client’s trademark and redirecting users to the registrant’s own, competing website. That is registration in bad faith — cybersquatting.

So what were that client’s options?

Option 1: UDRP or URS Proceedings

Filing a UDRP action with an ICANN-approved dispute provider is typically the fastest, least expensive way to resolve a cybersquatting case. However, you cannot collect monetary damages (whereas you can under an ACPA suit — more on that below).

For UDRP complaints, if the complaining company is the victim of cybersquatting, ICANN can return the domain to the trademark holder or shut it down. Basically, this is an arbitration conducted through ICANN-approved providers which enforces the legitimate use of top-level domain names.

For a complaint to be successful under the UDRP, the trademark owner must prove:

  1. That the domain name is the same or similar to the trademarked name, such that use causes consumer confusion
  2. The domain name holder has no rights or legitimate interest in the domain name
  3. The domain name has been registered and is being used in bad faith

For the newer TLDs (top-level domains), the URS is a fast, low-cost remedy, but the trademark owner’s remedy is limited to suspension of the domain name.

Option 2: ACPA Litigation

The other option available to victims of cybersquatting is to sue under the ACPA. The ACPA allows victims of cybersquatting to sue domain name registrants in federal court. If the plaintiff can prove that:

  1. It has a valid trademark which was distinctive or famous at the time the domain name was registered
  2. The domain name is similar enough to the plaintiff’s trademark to cause consumer confusion (or dilute a famous mark)
  3. The owner registered it with a bad faith intent to profit

Then the domain name may be transferred to the trademark owner and the cybersquatter can receive monetary damages under the statute, among other remedies.

Cybersquatting plaintiffs may also claim trademark infringement or unfair competition; those claims often walk hand in hand.

Pre-Dispute Evaluation and Resolution

In cases where the facts point to cybersquatting and clients aren’t ready to pursue UDRP or ACPA action, we may send out a cease and desist letter requesting that the domain owner transfer the domain name to the client.

Sometimes that works and the domain owner will agree to transfer the domain name over, likely because they know that they’re going to lose an ACPA action or a UDRP action.

In cases where the facts point to legitimate domain name investment and the owner is charging the client $10,000 for it, we may recommend using a third-party company to anonymously negotiate a better price.

Preventing Cybersquatting: Getting Ahead With Trademarks and Domain Name Registration

The Sunrise Period

Prior to release of a new TLD, brand owners may preregister domain names that are the same or similar to their trademarks. The preregistration period is called the “sunrise” period. Brand owners often choose to register their domains during this period to prevent them from falling into the hands of cybersquatters or to avoid negative connotations (like the .xxx TLD or .sucks TLD).

A few years ago, Comerica, one of the largest banking firms in the U.S., did not register Comerica.mortgage when the .mortgage TLD was approved and somebody else snapped it up. Comerica had to file a UDRP action (which it won) in order to obtain the domain name.

As soon as a new TLD is approved, companies should be diligent to secure domains, particularly if the new TLD relates to the company’s industry. Otherwise, someone else can go out and stake their claim first, then even use the URL for phishing and other malware operations.

Purchase Domains Early

Proactively purchasing domain names has become a best practice since the mid-1990s and the shift to an online world. I work with a lot of clients who are investing in a brand or making a company name change and they button down the domain name first thing — before they file a trademark application.

Purchase All Domain Extensions

It’s also wise to purchase the domain name with the more commonly used or popular extensions like .net, .info, or .biz, as well as spelling and phonetic variants.

Registering dozens or even hundreds of domains does get expensive. But if you’re trying to establish a robust online brand presence, it’s important to do. It is relatively inexpensive to register a domain name — and even less expensive than engaging in a contentious dispute with a cybersquatter or trying to acquire it once an investor has already grabbed it.

Questions about protecting your intellectual property? Schedule a consult.