For Gold, Peace, and Freedom


Black Hat Warning: Domain Hijacking and Cybersquatting

November 26th, 2007

black-hatter.jpgRecently I have been reading about the appearance of a new batch of black hat tactics involving the topics of domain hijacking and cybersquatting. While not all of these methods are strictly “black hat” in the sense of being illegal or malicious, they are all pretty sneaky and can be detrimental to webmasters whose domains or brand names are targeted. People who are owners of high traffic sites or relatively famous names are especially vulnerable. Here is a list of things to watch out for if you have a potentially popular domain name:

1. Geographical cybersquatting: In this scheme, the name of a certain geographical area, usually a city, is purchased as a domain name by the scammer. This “squatter” then points the domain to a site which displays material that many city officials would find objectionable, such as pornography, gambling, or certain pharmaceutical products. Since most officials do not want the name of their town to be associated with such material, the domain owner can offer to sell the domain to the city at a significantly high price. Often this tactic is successful because the area’s residents want to avoid any potential damage to their town’s reputation.

2. Hijacking a famous name: Similar to squatting on the name of a city, some scammers will seek out the names of famous people (or very similar variants of these) and purchase them as domain names. The new domain owner then uses extortion (otherwise known as good old-fashioned blackmail) on the target in the hopes that the affected person will trade some money in exchange for protecting his or her reputation.

In some instances, the victims of this tactic may have legal remedies, particularly in the case of cybersquatting on names that are registered trademarks. In the case of famous people, the issue is a little more murky. If the name of the scammer is obviously different than that of the questionable domain purchase, there is usually a good chance that the victim can gain control of the domain without having to pay off the scammer. However, if the names happen to match, or if the squatter has a close relative with the same name, then the victim will have a more difficult time in proving “bad faith” and may not win a legal challenge.

3. Purchasing a similar name to an affiliate program: This one is really more of “grey hat” tactic than a black hat one, and is sometimes acceptable depending on the circumstances. With this technique, an affiliate can purchase domains that are very similar in spelling to the name of the program itself, and then point these to his or her affiliate page and profit from the resulting traffic and sales. Whether or not this technique will be acceptable for people to use depends on the policy of the affiliate program owner. If he or she allows it, this can be a clever way of making some extra money.

4. Hijacking traffic from the competition: Similar to #3 above, except instead of doing it as an affiliate, the black hatter buys up domains that are very similar to a competitor’s trademark. The owner of these domains can then benefit from the type-in traffic while also taking away sales from the competition.

An interesting variation on this technique is to purchase a domain with the same name as a popular site, but with a slightly different extension. For example, someone managed to procure the domain amazon.cm and is apparently benefiting quite nicely from the typo traffic that would otherwise go to amazon.com. The .cm extension is actually the country code for Cameroon, but like most international domains, the owner does not necessarily need to live in the same country as the domain extension. The current owner has redirected the amazon.cm domain to one of those paid-for-action offer sites, and judging by the surprisingly high Alexa and Compete ranks for the page, is probably making a tidy profit from this valuable piece of virtual real estate.

How to Prevent Domain Hijacking

The easiest way to prevent becoming a cybersquatting victim or falling prey to similar kinds of questionable tactics is to purchase at least the .com and .net extensions of your personal, company, or trademark names before your competition does. You may also want to purchase the .org versions as well, depending on whether or not you’re setting up something that could be considered an “organization”, such as a non-profit group or a charitable foundation. It is also important not to let your domains expire; this is another way that squatters can move in on your virtual territories.

Cybersquatting Law: Possible Legal Remedies

As stated above, in some cases you may have legal recourse against the cybersquatters if you do not manage to cover all your bases first. The two main legal remedies are 1) filing a complaint with ICANN under the Uniform Dispute Resolution Policy (UDRP) and 2) filing a lawsuit under the Anticybersquatting Consumer Protection Act (ACPA), a United States federal law that allows for monetary damage awards in addition to forced domain transfer to a legal trademark owner in cases where the plaintiff wins.

You can also try a simple Cease & Desist Letter before resorting to a full-blown lawsuit. If the cybersquatter is sufficiently repelled by the possibility of legal expenses, he or she may relinquish the domain(s) voluntarily. A good explanation of all such legal options can be found at Richard Keyt’s Domain Names FAQ page at www.keytlaw.com.

Post Your Comments, Opinions, or Suggestions Here:


Email (optional)

Website (optional)