What is cybersquatting? Definition, examples and legal recourse

Cybersquatting is the practice of registering a domain name that is identical or confusingly similar to a trademark or well-known brand, with the intent to profit from that brand's reputation. Profit can take several forms: selling the domain back to the brand at an inflated price, redirecting traffic to a competitor, or running a fraudulent operation under the brand's name. The ICANN-administered UDRP system has handled over 50,000 disputes since 1999, which gives a sense of the scale. This article covers what cybersquatting is precisely, its main forms, documented cases, the legal framework, and how to protect yourself.

Precise definition of cybersquatting

Going beyond the dictionary definition, cybersquatting requires three elements to be present simultaneously:

1. A domain name identical or confusingly similar to a trademark.
2. The registrant has no legitimate rights or interest in that name.
3. The domain was registered and is being used in bad faith.

The third element, bad faith, is what distinguishes cybersquatting from a legitimate competing registration. A company in Argentina that happens to share a name with a French startup is not a cybersquatter. Bad faith requires intent to exploit the trademark holder's reputation.

Bad faith: the legal definition

The UDRP Policy (paragraph 4b) lists specific circumstances that constitute bad faith. Any one of these is sufficient:

• The registrant offered to sell the domain to the trademark owner for more than the out-of-pocket registration cost.
• The domain was registered to prevent the trademark owner from reflecting their mark in a domain name, as part of a pattern of such registrations.
• The domain was registered primarily to disrupt the business of a competitor.
• The registrant used the domain to attract internet users for commercial gain by creating confusion with the mark.

Courts and UDRP panels have also recognized "passive holding" as bad faith: a registrant who does nothing with a domain but holds it can still be found guilty of bad faith if the circumstances clearly indicate they registered it to exploit the trademark.

The main forms of cybersquatting

Typosquatting

Typosquatting targets users who make typing mistakes when entering a URL. Common patterns include doubling a letter (microsofft.com), swapping adjacent letters (amazno.com), or replacing a letter with a visually similar one (rn instead of m). The purpose can be simple traffic capture, but typosquatting URLs are also regularly used in phishing attacks targeting banks, cloud platforms, and payment processors. Verizon successfully pursued OnlineNIC for registering thousands of Verizon typo variants.

Classic cybersquatting (resale)

This is the original form: registering a brand's name before the brand does, then demanding payment. The earliest documented cases in the United States date to the early 1990s. Panasonic, Fry's Electronics, and Hertz were among the first major companies to discover their brand names had been registered by third parties seeking a payout.

Simulated legitimate use

A more sophisticated variant: the registrant sets up a minimal website on the squatted domain to simulate legitimate commercial use, making a UDRP complaint harder to win. A parking page with a few generic articles can complicate the "bad faith use" element. This is why legal counsel is often recommended when filing a UDRP complaint.

Reverse domain hijacking

The inverse situation: a trademark holder attempts to recover a domain that is legitimately held by someone else, by filing an abusive UDRP complaint. The UDRP recognizes this as an abuse of process. If a panel finds that the complaint was filed in bad faith to harass a legitimate domain owner, it can formally declare the complainant guilty of reverse domain hijacking.

Documented cases

Case	Form of cybersquatting	Outcome
Panavision International v. Toeppen (1998)	Classic resale: registrant held panavision.com and demanded $13,000	Toeppen ordered to transfer; first major US cybersquatting ruling
Madonna v. Ciccone (2000, WIPO UDRP)	Pornographic content on madonna.com to capitalize on name recognition	Domain transferred to Madonna; landmark early UDRP decision
Nissan Motor Co. v. Nissan Computer Corp. (2000)	Legitimate business name conflict; used site to criticize Nissan Motors	No transfer; registrant had legitimate prior rights
Twitter/X v. multiple registrants (ongoing)	Pattern registrations of brand typos and variants	Mix of UDRP wins and domain releases

The Nissan case is worth noting because it shows that not every similar domain is cybersquatting. Uzi Nissan registered nissan.com for his computer business before Nissan Motor became prominent online. The court found no bad faith because he had a legitimate prior use.

The legal framework

In the United States: the ACPA

The Anti-Cybersquatting Consumer Protection Act (1999) allows trademark holders to sue in federal court. Damages range from $1,000 to $100,000 per domain, and courts can order domain transfer. The ACPA requires proof of a valid trademark and bad faith intent. It covers domains registered or used in the United States.

In Europe and France

There is no unified European equivalent of the ACPA. The main legal tool is trademark law (EU Regulation 2017/1001 for EU trademarks) combined with national remedies. In France, AFNIC manages the .fr registry and operates the SYRELI dispute procedure, which is faster and cheaper than going to court for .fr domains specifically.

The international route: the UDRP

The ICANN Uniform Domain-Name Dispute-Resolution Policy applies to all gTLDs (.com, .net, .org, and others) and to many ccTLDs that have voluntarily adopted it. It is an administrative proceeding, not a lawsuit. A decision is typically rendered in 45 to 60 days, at a cost of $1,500 to $4,000. It cannot award damages, only transfer or cancellation of the domain. For the full procedural detail, see the article on UDRP domain dispute resolution.

How to protect yourself from cybersquatting

Protection operates at two levels:

Preventive registration of the variants most at risk before someone else registers them. The article on which domains a brand should register covers this in detail, as does the piece on defensive domain registration. The principle is simple: a domain you own cannot be cybersquatted.

Continuous monitoring to be alerted when a new similar domain is registered. Detection speed matters enormously. A reaction within 48 hours, while the domain is freshly registered and the registrant has not yet built a case for legitimate use, is far stronger than a response six months later. Brand domain monitoring covers the technical side.

---

Cybersquatting is not a legal gray area: registering someone else's trademark as a domain with intent to profit from it is a violation of both ICANN policy and national law in most jurisdictions. The recourses exist and they work. You can check right now whether domains similar to your brand name have already been registered using Domain Sentinel's lookup tool.

Frequently asked questions

Is cybersquatting illegal? Yes. In the United States, the ACPA makes it a civil offense subject to damages. Internationally, the UDRP provides an administrative remedy. In France, Germany, and other EU countries, trademark law and national dispute procedures cover it.

What is the difference between cybersquatting and phishing? Cybersquatting is the registration of a domain to profit from a brand's name. Phishing is the active use of a fake domain to deceive users, typically to steal credentials or payment information. The two can overlap: a cybersquatted domain can also be used for phishing.

How do I recover a cybersquatted domain? The fastest route for gTLDs (.com, .net, etc.) is the UDRP. For ccTLDs, use the relevant national procedure (SYRELI for .fr, DENIC dispute for .de). In severe cases with significant damages, a court action under the ACPA (US) or national trademark law may be more appropriate.