Cybersquatting is defined as:
“… registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.” [Source: Wikipedia]
There are several other variations of this type of attack from typosquatting(intentionally misspelling a domain name), to combosquatting (registering a domain name with something like “security” in it. For example: yourcompanyname-security.com), to username squatting (typically attributed to social media).
Here are three ways cybersquatting harms your business:
1. As the definition states, it harms the goodwill and reputation of your organization. This has the ability to drive web traffic away from your business. If an entity creates a landing page using your organization’s name they can profit off of it by placing ads on their site. They can also sell counterfeit goods, which will also hurt your revenue.
2. The security of your organization, employees, customers, and consumers are at risk. Cybersquatting, and it’s variants, are used in Social Engineering attacks, such as phishing and SMiShing (phishing over text). Phishing and SMiShing attacks may be used to steal username and passwords or to install malware on a victim’s device. The FBI’s 2020 Internet Crime Report showed that 241,342 criminal complaints were filed for phishing/vishing(phishing over the phone)/SMiShing/Pharming(redirecting a user from a legitimate site to a malicious one). This also happens to the the top crime type by victim count in the Bureau’s findings.
3. Communications issues. This is related to number one in this list. Fake websites setup with a squatted domain name, or a squatted username on social media, can be used to spread disinformation about an organization. Not only can this harm the reputation of the victim organization, but by muddying up communications there is always a chance it could end up harming those in the community you serve.
When we work with our clients we include researching into this kind of stuff as part of our risk/threat assessments.
Contact us below to learn how we fit into your cyber security strategy.