Domain Squatting and Phishing
Security experts have warned of the increased incidence of theft of domain names.
Domain squatting and phishing have become very popular in recent years,
so it's worth learning how to protect yourself from this.
Hosting providers have at least tens of thousands of domains at risk for domain squatting and phishing. A domain is the name of a site, that can be compared to the address of a house or some other object, but on the global web. Each site has an IP address on the Internet, which allows you to find and identify it for its full operation.
Want to have an in-depth understanding of all modern aspects of Domain Squatting and Phishing? Read carefully this article and bookmark it to get back later, we regularly update this page.
By purchasing a domain, you pay for the right to use the domain name for a certain period of time, usually for one or several years. You can renew your eligibility and your renewal takes precedence over other people's applications. But you cannot buy a domain name for a lifetime.
This is to ensure that unused domain names eventually become available for someone else to use again. If every domain name were bought, the Internet would quickly fill up with unused domain names that were blocked and could not be used by anyone. Companies called registrars use domain name lists to track technical and administrative information that links you to your domain.
Squatters most often prefer to call themselves domain investors, since the squatters are associated with the pirate seizure of domains, the dark market for names, unfair deals, and even blackmail. They say that they are engaged in the registration of domain names for the future for investment purposes and not in any way to capture them, but at the same time, no matter how much they deny their involvement in cybersquatters, their methods are generally the same. In fact, the cybersquatter, in full accordance with the name, takes over the domain and keeps it until it becomes so in demand that it can be sold for more.
How Domain Squatting and Phishing Works
The main tricks of cybersquatters are that most often they themselves give advice on how not to become a victim of squatters. Most of their recommendations boil down to the fact that you are to blame for missing the domain you need and that it is useless to argue with squatters, you need to immediately agree to their terms, but actually, you should not be led by them. If you are offered to buy your stolen domain "for a reasonable price", then it is better to refuse. The price offered to you, as a rule, is several times higher than the price that the cybersquatter paid for the domain at the auction.
A common cybersquatting tactic is to offer an exclusive discounted deal at a "just for you" price. All of these tricks are aimed at selling a specific domain to the buyer. Many buyers in such cases are looking for a domain name with an alternative spelling and this option is acceptable than paying an inflated price for the domain, motivating squatters to further similar actions. After all, a project or a company rarely so urgently needs exactly the domain that they are persistently trying to sell at an inflated price.
Another famous cybersquatting trick is to befriend a customer. They already know about your project and most likely have already staked out several domain names containing its name. When you start to trust such a “friend” enough, he will tell you that your domain has fallen into the hands of intruders, but he will help you get it back. Then they act in the same way - the buyer, as a friend, is offered to negotiate with the “bad guys" who don't really exist and pay a significant amount.
In fact, a cybersquatter cannot afford to register any meaningful combinations of characters as a domain name, because he has to choose the most promising ones. They use different methods to predict which words will become popular in the future. For example, squatters try to get access to the statistics of search queries of popular search engines. When new words and combinations appear in the search statistics, or there is an unexpected increase in the frequency of some words in excess of the usual, then this is usually a sure sign that very soon the word may appear in popular domain zones, primarily .com. Practice dictates that the name appearing in com is likely to be needed soon in other zones as well.
Sometimes squatters try to predict the names of future companies that arise after corporate mergers in order to buy up the future domain name of the merged company in advance. For example, if there is company A and company B, and then there are reports that negotiations are underway between them about a possible merger into one company, then the squatter may assume that the new name of the merged company will be one of the combinations of A and B. Experienced squatter tries to buy up all these domain combinations in advance, hoping that the new corporate site name will be one of these combinations in the .com zone.
Control over these domain names allows the squatter to demand a large sum of money from this new company if it needs a new domain name. Therefore, corporate squatters spend a lot of time studying economic trends, possible strategies of certain firms and companies, current market conditions, and other factors. Recently, there have been cases when cybersquatters sell domains not to end-users, but to each other. This indicates the development of the domain name market. Domains are gradually turning from a pure consumer product to an investment vehicle for some.
Among cybersquatters, there are those who practice phishing, that is, replacing one character in a domain name with another, similar in pronunciation or visually similar. Phishing is the most popular type of scam on the Internet today. Since the invention, every year, attackers have deceived thousands of people. This method takes not quality, but quantity. One in ten thousand is a trick, and fraudsters gain access to these accounts and files. Such services as Dark Web Exposure and Phishing Detection Test help to combat domain squatting and phishing.
Scammers usually send out a lot of emails with tempting offers, messages about imaginary winnings or coupons from well-known stores, with messages about discounts and promotions. Such emails often include fake links to websites. The purpose of such letters is to fraudulently obtain a username and password, personal data, payment details, and other sensitive information.
There are also schemes for capturing the actual domain, which is also a common weapon in the project war. Suppose site A is not friendly with site B. Owner A buys the wwwB domain and places something compromising B there. After simple manipulations, the hijackers can place their content on the captured site in order to use the resource for financial fraud. Common targets of this activity are stealing money and credit card data, sending emails with a malicious attachment or infecting visitors to a compromised site with Trojans, spyware, ransomware viruses.
The danger of this scheme is that it allows you to place someone else's content on the domain without the owner's knowledge and without any notification from the hosting provider. Many hosting providers have found this vulnerability. Preventing such domain hijacking can lead to a significant reduction in phishing content, as well as the spread of malware and spam mailings on the Internet.
Some cybersquatters have tens of thousands of domains, making a lot of money for domain squatting and phishing. The main income of most domains squatting and phishing is not even tied to the sale of domains but from the advertising placed on them. In any case, it is better to protect your name in advance from any attempts to use it for personal gain or against your company.
Types of Domain Squatting and Phishing
- Brandsquatting is the capture of brand names, domains containing company names, and the buyout of domains with names of emerging and promising brands. This includes all cases where squatters register unique names and then resell them in various ways.
- Nominal cybersquatting is the registration of domains with the names of celebrities, show business stars, politicians, famous businessmen, and even characters in fiction. The methods of obtaining money can range from blackmailing the celebrities, when a porn site is hosted on a captured domain, to a peace treaty with a compensation sum. Less often, public figures manage to sue the rights to a domain name.
- Typosquatting is the registration of names similar to well-known brands or portals, misspelled, or variations of domain names. As a rule, these addresses host sites that earn on advertising from random incoming traffic. Less often, an interested brand owner buys out the domain.
- Sectoral cybersquatting is the registration of names of various industries, areas of activity, goods, types, and services. As a rule, it does not imply the registration of brands and company names, therefore it is considered a more legal way to make money on domains.
- Geographic cybersquatting is the registration of domain names with geographical names. The most promising are the names of the most popular resorts and tourist destinations. Most of the names and their variants in different languages are already registered.
- The purchase of abandoned domains is the redemption of domains, the rights to which the owner did not manage or could not renew. In this case, the cybersquatter, having received information about the vacated domain, redeems it and then offers the previous owner at an inflated price
How to Protect Against Domain Squatting and Phishing
- Don't disclose the names of future products or projects. First, you should register a domain and only then announce the launch of the product. Another option is to select a name for the product based on the availability of free domain names.
- Choose unique and original domain names. This will reduce the likelihood of a match with already taken domain names.
- When buying the main domain, register several similar names at once so that squatters also could not take them.
- Try to find a domain via the domain name auctions. At such auctions, you can choose a suitable domain for yourself without overpaying to squatters.
- Renew the domain name registration on time.
- Don't cooperate with cybersquatters who will always win if you play by their rules.
- Increase the level of training of your specialists in the field of legal regulation of intellectual property issues. In most cases, copyright holders do not have sufficient knowledge to protect their rights, and most often the easiest way out for them is to buy domains and trademarks from squatters.
It is impossible to prevent squatting completely in the context of the development of technologies, but it can and should be combated. To find out if your domain names are cybersquatted or phished use our Dark Web Exposure and Phishing Detection Test. It is one of several free tools recognized by various reputable information security publications. In addition, use our ImmuniWeb Discovery to find and monitor the attack surface of your infrastructure.
Additional Resources
- Learn more about AI-enabled Attack Surface Management with ImmuniWeb® Discovery
- Learn more about AI-enabled Application Penetration Testing with ImmuniWeb
- Learn more about ImmuniWeb Partner Program opportunities
- Follow ImmuniWeb on Twitter and LinkedIn