Domain names help navigate the vastness of the world wide web and find the information and services we are looking for. However, malicious actors abuse the importance of domain names by registering ones that are identical or similar to existing trademarks, company names, or personal names, hoping to profit from the confusion. It is called cybersquatting.
Cybersquatting cases reach record highs in 2022
According to the data presented by the Atlas VPN team based on the information provided by the World Intellectual Property Organization (WIPO), cybersquatting cases reached record highs in 2022.
In total, 5,616 cybersquatting disputes were filed to the WIPO this year; nearly a 10% rise from 2021.
The report shows that:
- Cybersquatting complaints reached record highs in 2022, reaching 5,616; nearly a 10% rise from 2021.
- Compared to 2000, cybersquatting disputes have risen by a whopping 202%.
- In total, 61,284 cybersquatting complaints have been registered by WIPO from 2000 till now.
If we look at the historic numbers of cybersquatting complaints, they have been steadily growing over the past six years. Compared to 2000, cybersquatting disputes have risen by a 202%.
After registering the look-alike domain names, cybersquatters may attempt to sell them to the trademarks they are copying or use similarities in domain names to attract traffic to their own website. Among the latter are those that use domains to lure victims into phishing attacks.
Cybersquatting techniques
Nowadays, most business owners are already aware of the cybersquatting techniques malicious actors use. However, regular Internet users who do not own any domains may need to be made aware of the dangers and tactics employed by cybersquatters.
Here are some of the main ones:
- Typosquatting: In typosquatting, malicious actors register existing domain names with slight spelling variations with the goal of taking users to a fraudulent website if they type a domain name incorrectly. Typosquatters may combine mistyped domain names with look-alike websites of well-known brands to deceive users into thinking they are visiting legitimate websites.
- Combosquatting: Popular among phishers, this technique involves combining existing domain names with frequently used words, such as “payment” to trick users into thinking they are on a page that belongs to a legitimate brand.
- Soundsquatting: In soundsquatting, malicious actors register domain names that contain homophones, words that sound alike, instead of typographical errors to spoof legitimate websites. This technique mainly targets Internet users that use Siri and other voice assistants to navigate the web.
- Homographsquatting: This technique may be particularly hard to recognize as it uses similar-looking symbols and letters of different languages to replace the ones in well-known brand domains. While these domain names may look almost unrecognizable, they can lead users to entirely different pages.
- Levelsquatting: Cybercriminals may use a legitimate brand’s domain as a subdomain to confuse visitors into believing they are on a legitimate website. This cybersquatting technique is the most dangerous for mobile users, as mobile address bars are generally quite small and may not display the full web address, making this attack type harder to spot.