The many colors of cybersquatting – Do not underestimate them


Blueliv Guest Post | Jean-Jacques Dahan, Managing Director and Expert Consultant for Online Brand Security & Global Domain Strategy at Zeusmark.

Cybersquatting is a constant challenge for a company. It is a broad concept involving many aspects of risk, speculation, and fraud. It should not be underestimated as it provides a breeding ground for many businesses and reputation-jeopardising activities, resulting in financial and consumer security failures.

A company might treat cybersquatting on a case-by-case basis with no specific long-term mitigation process. This mishandling of priorities enables perpetrators to operate under the radar and build discreet technical revenue-generating schemes.

These schemes often run unnoticed for years, evolving and eating away at a  company’s:

  • Marketing budget
  • Sales
  • Online traffic
  • Corporate emails
  • Confidential data

Several tactical ways exist for criminals to take advantage of domain names in order to reap their rewards. Often, when a company thinks of cybersquatting, it primarily thinks that the intention is to sell the cybersquatter domain name back to the brand owner. Although this was once the opportunistic cybersquatter’s original strategy, many have now developed more aggressive and cunning strategies, which often create havoc across marketing budgets, sales platforms, and sites with login functionalities.


Harvesting confidential email & trade secrets

Cybersquatters often use misspelled domain names in order to harvest confidential emails from inside a company.

For example, the fraudster registers “” instead of the existing “”.

Once the domain name is registered, squatters connect a least one mail exchange server to the domain name and use the “catchall” functionality offered by the hosting company. This enables them to catch any email sent to “”.

There are several ways criminals choose to register a specific misspelled domain name. They base their domain-name picks on data from search behaviors, or even on classic phonetic variations. Specifically, they research types of misspelled name variations used by consumers when conducting searches. This intelligence is then used as a reference when registering an “email-promising” domain name.

Typically, they register 10 or 20 domain names at a time in order to increase the odds of catching confidential trade secrets or other valuable data.

Some perpetrators use this tactic, biding their time, while they gain knowledge to understand internal procedures. They use information like:

  • Names
  • Logos
  • Department identities
  • Account numbers
  • Administrative reference codes
  • Nicknames

This data can then be used to perform heavily detailed CEO email scams, which in itself has become a billion-dollar fraud scheme phenomenon.

Others use this information to spy on competitors, doing internal research and collecting data. These behaviors are common within the pharmaceutical industry and other patent-dependent industries.


Secure your online marketing budget and bottom line

Affiliate fraudsters are also heavy users of cybersquatting in the form of misspelled domain names also called typosquatting.

Typosquatting is a potent way of stealing visitors from a high-traffic website in order to redirect them somewhere else. Often the traffic is hijacked and redirected back to the correct website address in a split second without the consumer’s knowledge. Although, when the consumer arrives onto the website, an affiliate code has been injected into the URL, which then generates a commission for the squatter when a sale is complete.

This tactic is often used in the airline and hospitality industries, online gaming, and other high-traffic e-commerce websites. The revenue for the typosquatter is typically 8-12% of the cost of an airline ticket, lifelong commissions from online gamblers, and up to 50% commission on online courses and memberships–most often, without the brand-owner and the consumer realizing a third party is involved.

Affiliate fraud is a heavily camouflaged billion-dollar ecosystem which has developed over the last 10 years. Online marketing executives would gain profound value from focusing on identifying these ongoing schemes which take advantage of their company’s online success.


Multi-departmental proactivity is a must

Cybersquatting has many shapes, depending on what the criminal wants to achieve.

These brand-based attacks are aimed at numerous departments, and, therefore, responsibilities should not be isolated in legal departments alone.

It is clear that search analytics contain a myriad of intelligence which can be used by those perpetrating fraud. Insights from search behaviors are rich in data, enabling them to craft an impactful brand-based attack, or long-term revenue generating scheme against any major corporation.

In order for CISOs to secure email confidentiality, it is paramount to secure tactical domain names.

The data which legal and IT departments need, to take proactive and precautionary measures, typically lies within the marketing department. These are overlooked by most companies, as they usually have a reactive process to online brand protection, mainly driven by the legal department, which monitors and reacts to old and newly-filled trademarks.

A beneficial way to tackle inter-departmental duties and concerns is to designate an authority (inside or outside counsel) who fully understands the intricacies of the digital threat landscape, and gather information and data across departments (primarily marketing, legal & IT) in order to make the right decisions and take appropriate action on behalf of the company as a whole.

This person then reports to the management regarding threats, concerns, needs for a budget, and acts as a liaison to implement new processes, policies or protocols.

A company must continue to monitor to stay abreast of speculative tendencies online, but should not depend on monitoring alone. This will, without a doubt, bring many avoidable costs across departments.

Implementing a proactive search-behavior-based and fraud-addressing domain name strategy is highly beneficial. This will ensure a more robust, controlled and profitable online brand environment and secure outreach to trusting and loyal customers.

Dark Commerce

Exploring the cybercrime industry and its business models: part 1

Read free report
Demo Free Trial MSSP