The Truth About Cybersqatting, How To Get The Domain, And How To Fight Back

You just got the most amazing idea for a website. Or, you just decided to put your business on the internet. Or maybe you wanted to rebrand your website. So you do a search to try to buy the domain. However, it gives you this error: “Sorry, this website is unavailable. Do you want instead?” Of course not, you wanted the .com version because that is what everyone goes to.

So you decide to check out the website you wanted, to see what brilliant website someone before you has built on top of the domain you wanted. However, when you get there you see something like this, with a bar at top, “This domain is for sale, please visit where we will sell you this domain for only $20,000.” And below the top bar you see some ads to malware sites.


What is going on? Why did they take your domain to not use it? You have become a victim of cybersquatting. Most people don’t know, but this is now illegal, and what you really might not know is that since the domain is owned by a cybersquatter in bad faith, you can force them to give up their rights to the domain without paying them a single penny!

ICANN is the official organization which controls the internet’s domain names. If you want to see who own a domain, whatever you do, do NOT do a google search for “whois” and click on the first link. Also, do not go to either. The correct official domain for looking up domains is

ICANN hates cybersquatting because cybersquatting is an evil practice, very similar to ticket scalping. You may not be aware of scalping, especially if you are not interested in sports. What ticket scalping is, is that a scalper decides to go and buy lots or all available tickets for a big game, and then resells these tickets for a higher price once the tickets are sold out. It is effectively robbery. Most states have laws against ticket scalping to defend against this evil practice, and if caught you can go to prison.


Cybersquatting is based on the same evil bottomfeeding concept. Domains are available for an affordable price to those who want to use the domain. However, there are a limited number of good omains available. So, cyberquatters, like ticket scalpers, whill buy hundreds or thousands of domains, without the intention to use any of them.

They do put ads on the site, but the site will rank very low unless it is based on a common misspelling (like for example), which is also illegal, so little to no money is ever made off ads. Sure, if you have 100,000 domains and on average each domain generates $5 per month, this really adds up. However, this is not where cybersquatters really make their money.

Where cybersquatters really make their money is by using the unethical and now illegal practice of reselling the domain at an exorbitant cost. On the low end, a cybersquatter will have less desired names at at least $5,000 (and more rarely, sometimes as “low” as $1,500). They will resell higher desired domain names for $500,000 or even as much as millions of dollars (for 2 or 3-letter domain names).


However, this practice of buying for the sole intention of reselling, is illegal. Whenever you see on a website that it is unused and contains something to the extent of “this domain is for sale”, this domain is owned by a criminal.

How do so many of these exist, then, if the practice is illegal? Part of the reason is because of a deficiency in our legal system. Another question you might similarly ask, is “why are there neighborhoods with known criminals, drug dealers, and gang members? Why don’t the police just arrest them all, they are obviously criminals?” Good question. They should. Why don’t they? There are many reasons which I won’t get into, but essentially it comes down to a couple of factors: a complicated legal system, limited manpower, and money.

You see, at least in the U.S. there has to be probable cause to raid a gang, even though it is obvious they are a criminal organization and almost certainly have houses full of drugs. Additionally, doing so could result in danger to the police, it requires manpower, and even more it requires money. Police do try to go undercover into these gangs, but doing so is risking their lives. What should happen is that SWAT should take a fleet of helicopters and special forces operatives and simply take all the gangs down. But they don’t.


Similarly, there are big cybersquatters who probably own more domain names then all legitimate users combined, and yet they are not all just taken down. A couple of big ones are OnlineNic, Afternic, and ParkLogic. While these may look like legitimate businesses, the truth is that these companies are criminal organizations. Their goal is to grab up all domains at the $10 to $20 annual price and unethically and illegally resell these domains for thousands or tens of thousands of dollars or more, each. Most do not sell, but even a few sold per year really adds up.

Just like ticket scalpers, these criminal cybersquatters are bottom feeding scum of the earth. Individual cybersquatters are often arrested, but professional criminal organizations manipulate the law and are even willing to pay occasional big lawsuits (as much as millions of dollars) in order to continue their business. It is a numbers game.

These criminals steal domain names, scalp them at an exorbitant price, and do the math to see how to be profitable. They have a strategy to defeat claims, a strategy to buy off people who they might lose to, and a strategy to maintain criminal profitability in in spite of large lawsuits. They hire expensive lawyers to shut down anyone who goes against them, and this eliminates over 99% of any claims, except for of course big companies like Yahoo for example.


The truth is, in this digital era, it is a complicated business. These cybersquatters still exist largely because most people do not understand how the internet works. Cybersquatters count on people not knowing their rights, not knowing that cybersquatting is a crime, and even counting on the ignorance of the courts and judges to try to manipulate their way to winning a case.

The biggest thing that cybersquatters rely on is the fact that most people don’t know about UDRP. What is UDRP? First let me give you a brief summary. UDRP is what allows you to forcefully take away the domain from a cybersquatter without paying them a penny.

Now let me explain what UDRP is. UDRP stands for Uniform Domain-Name Dispute-Resolution Policy. It is a policy held by ICANN that allows anyone to dispute a domain name, and if found guilty, the cybersquatter will have their domain forcefully taken away from them by ICANN who controls all the domains, and handed to the complainant, such as you.


However, filing a UDRP is not free, and it is not cheap. The default charge for 1 to 5 domains is $1500 to file a UDRP. However, if you have a few domains to file, it could be worth it. For example, say a cybersquatter is taking 5 domains you want and trying to resell for a higher bid of $5000 each, well instead of paying those criminals $25,000 you can instead pay ICANN just $1500 and get ICANN to take away their domains by force and hand them over to you for free (after your filing fee).

Even if you have only 1 domain, and the cybersquatter is charging $1500 for it, you could give them a nice kick to their face by instead paying the $1500 for a UDRP filing and then the cybersquatter loses their domain without getting a penny for it.

However, UDRP carries a risk. The risk is that you are not guaranteed the domain, unless you already talked to a lawyer who told you that you will definitely win. Some UDRP lawyers even give free consultations which will significantly improve your chances of winning by knowing whether or not you will probably win ahead of time.


The best course of action with a UDRP is not to let the cybersquatter know. You want to ambush them. If you let them know “hey I’m going to file a UDRP unless you give me the domin for a fair price of, say, $100”, they will first ignore your email and not respond, and second they will begin covering their tracks. Once they cover their tracks, that will make it harder or even impossible to win a UDRP.

What qualifies you to win a UDRP case?

(1) the domain name registered by the domain name registrant is identical or confusingly similar to a trademark or service mark in which the complainant (the person or entity bringing the complaint) has rights; and
(2) the domain name registrant has no rights or legitimate interests in respect of the domain name in question; and
(3) the domain name has been registered and is being used in bad faith.

Item 1 is a bit harder to prove then the others. However, items 2 and 3 go hand-in-hand. If the domain is clearly marked for sale, with one of those generic landing pages “This domain may be for sale”, then that proves they do not have a legitimate interest in the domain.


Bad faith registration includes any one of the following:

A) Domain registration with the sole intention of selling to a competitor for a higher rate.
B) Domain name registration in an attempt to block the trademark holder from registration if they show a history of registration practices.
C) Domain registration in an attempt to disrupt a trademark holder’s business dealings.
D) Domain registration in an attempt to confuse or attract customers from a competing business.

Item A is classic cybersquatting. The “This domain may be for sale” notice on the domain page is evidence of bad faith.

Items B and C are a bit harder to prove.

Item D on the other hand is something like the domain is similar to yours, and it must have been registered after. For example, someone registers knowing that many people will misspell “google” while searching the internet. This is evidence of bad faith because it is clear that the only reason for registering “” is to cybersquat on people trying to visit the real google, not because they really wanted to create a business or branding name “gogle” which is separate from google.


Conversely, “”, although similar, could really be a separate domain. While some people may be really trying to visit google, it could be proved that isn’t infringing on google, especially if is a website about scuba masks, for example.

However, for the purposes of this article, we are going to focus on item A – the types of cybersquatters who are like ticket scalpers, mass-purchasing domains with the sole intention to resell them for an exorbitant price when they had no interest in the domain other than to criminally scalp the domain for resale.

The hardest part of a cybersquatting UDRP case will be proving item (1) that the domain is similar to yours and infringes on your trademark. If the domain is similar, chances are you have a good chance of winning as long as you can prove that they (2) had no legitimate interest in the domain and (3) purchased in bad faith – that is, (A) that they purchased the domain with the sole intention of resale, which is considered a bad faith registration.


However, unlike the “filing a lawsuit” path as I will describe below, filing a UDRP does not require you to have established your trademark prior to their domain registration. For example, the cybersquatter registered the domain in the year 2002, but your trademark was established in 2015. No problem, the big point of UDRP is the bad faith registration, which will give you a good chance of winning.

Moreover, like I described above, you want to ambush the cybersquatter. Trust me, they will not comply to your threat to file a UDRP; but informing them you plan on filing trying to scare them into giving up the domain for cheaper will only result in giving them a heads up and then covering their tracks.

So what you need to do is to trick them. They are a criminal, so it is okay for you to trick them. The first thing you want to do is collect evidence. In order to collect evidence, first send them a high offer like $2,500, and see what they say. If they reply, “sure, we are willing to sell but we will sell for $5,000”, you have struck gold. Now you have a paper trail establishing their guilt, so even if they put a real website on their domain before UDRP proceedings progress, you have evidence they tried to sell the domain.


The next step after collecting evidence is to now do the UDRP filing. However, $1,500 is expensive. There is a Czech UDRP company which will file for only $500, but the problem is that they are a small company giving you a lesser chance of winning, and second that if the cybersquatter files a reply and tries to fight for the domain, then you have to pay another $800.

Most cybersquatters are definitely going to fight for the domain, especially if they saw someone interested. This is the downside into tricking them with a paper trail. However, it is kind of necessary to trick them because establishing a paper trail is your best chance of winning the case.

It really matters how badly you want the domain. If you don’t absolutely want it and are willing to lose $500, you could take a chance and not contact the cybersquatter at all, and instead go straight to the Czech UDRP company and file the UDRP. Then pray that the cybersquatter never replied and forfeits their chance at keeping the domain.


You see, if the cybersquatter does not reply, then they lose the case by default. You might get lucky, and then you won the domain for only $500.

However, this method can backfire, especially if it is a good domain and you really wanted it. What the cybersquatter could do is now put a real website on the domain, delete their “for sale” page, and remove the for-sale information from their cybersquatter mass domain sales website. This is worse if they used their own domain instead of a third-party, because if they used a third-party domain-selling website (like Sedo), then there is a chance the third party will corroborate that they were selling their domain.

If the cybersquatter puts a real domain onto the website and erases all their tracks (yes, erasing evidence is also illegal but besides the point, plus you would have to prove it), it will be a lot harder to win. And if they decide to fight for the domain, and submit a reply, then your $500 became $1,300 (after the additional $800 for the reply), and there is still no guarantee you will win.


So if you really want the domain, your best chances are to first establish a paper trail and second go with the best UDRP filing, or file the UDRP with ICANN. And if the domain is really important, you might want to pay a UDRP lawyer to help you win. In the end, maybe you will win, but it will still cost you thousands.

You see, this is why these cybersquatter criminals still exist. Most people won’t put out thousands of dollars to get their domain; instead they will just try another domain.

The downside of a UDRP filing, of course, is first, the cost, second, you cannot recoup that cost (a lawsuit is required to get any money in damages), and third that you can’t get any money in damages like you can in a lawsuit. This is worse if the cybersquatter has actually caused you some real damage from their malicious cybersquatting domain.


The second route you can take is filing a lawsuit. Unlike UDRP filing, there are benefits and disadvantages. The first benefit is that you can be awarded as much as millions in losses or punitive damages for cybersquatting, if you win the lawsuit. The disadvantage is that in order to win, first you have to have already had your trademark established before the cybersquatter registered their domain.

This is a lot harder, because most of the cybersquatters grabbed up most of the internet’s good domain names in the late 90s and early 2000s. They used algorithms to scan and buy hundreds of thousands or millions of domains all at once, and have kept renewing it every year.

If your company was started after the cybersquatter registered their domain, then you can’t win a lawsuit on that precedent, except in rare cases. One exception might be if the cybersquatter only started using the domain after your company became popular.


For example, say a cybersquatter registers the domain for whatever reason, before twitter became a company. Then years later, Twitter was founded and became huge, and the cybersquatter turned it into a malware site, or made a fake clone of twitter in order to steal twitter passwords. In this case, the cybersquatter might lose the domain in the lawsuit.

However, chances are your company isn’t that popular. So filing a lawsuit probably isn’t going to work for most people, unless you’re already at least moderately popular and the cybersquatter either registers their similar domain before yours, or starts using it maliciously leeching off your brand or causing your brand harm. Which is probably not your case.

So, then, your best chance is to do a UDRP filing. You should expect to pay around $1500 for the UDRP filing. If you win, you can take the domain from the cybersquatter without paying them a penny. If you really want that domain, it is worth it. However, I would highly encourage you to talk to a UDRP lawyer first, even if just for a free consultation. You should make sure you have the best chances of winning before spending any money on a UDRP filing.


And if the domain is less than $1500, it really might just be worth it to purchase the domain at that price rather than take the chance at losing the UDRP which means you lost all the money on the UDRP filing, and then having the cybersquatter increase the price of the domain making it that much further out of reach.

Of course, if you do choose the route to buy their domain for their exorbitant cost, the problem with this is now you are supporting their criminal cybersquatting organization. If you have over a thousand dollars to buy a domain, maybe you would like to get revenge on the cybersquatter.

You could first track down their real offices and the real owners, which won’t be easy but it is possible. The easiest way to find them is through social engineering. Strategically contact them and tell them what they want to hear in order to get as much information as possible. Then use this info to find out the real people behind it.


You can’t just go to whois, because they will almost certainly have some sort of domain privacy or a corporate name hidden behind multiple shell companies for the very purpose that they know they are doing something unethical and they don’t want people to find them.

After you found the cybersquatter, now you can use your imagination. What could you do after you find them? One thing you could do is publish their phone number and home address online. Second, you can mail them lots of presents. Not nice presents.

There are websites out there for mailing people you hate things like bags of glitter, or even some very nasty things. Glitter is probably legal, but some of the other things might not be. Glitter sounds innocent, but it is impossible to get out. They will have glitter in their hair, glitter in their food, glitter everywhere, and years later they will still find glitter.


Alternatively, if they make you really angry, maybe you could go on the dark net and hire an assassin. Okay, okay, maybe you don’t want to go that far, but you could hire a private investigator to uncover their deepest darkest secrets.

Remember, a cybersquatter is a criminal. A criminal has a criminal mentality. While even the nicest people have secrets – everyone has secrets – a criminal’s secrets are much worse. While a nice person’s secret might be that they still have that t-shirt they “borrowed” from their best friend, a cybersquatter’s secret is going to be way worse. Maybe the person behind the cybersquatting has been laundering money. Maybe they have been cheating on their spouse. Or *gasp* cheating on their taxes. Surely the IRS would be interested to hear that. Maybe they are even wanted in several states for crimes.

If you hire a private investigator then sooner or later you can get your revenge on the cybersquatter by ruining their life, legally. Once they are ruined or in jail, they can’t cybersquat anymore. Now that is justice. And it is totally legal. A cybersquatter is a criminal and they are currently getting away with it. The only way to fight back is to play dirty. Either take away their domain through UDRP or a lawsuit by force, and/or attack them by hiring a private investigator to literally ruin their lives by uncovering their darkest secrets.


So there you have it, here is the reality of cybersquatting and what you can do to fight back, and in some cases to steal the domain from the cybersquatter. Unfortunately, there is no free way to do it, but it is possible to get that domain in some cases.

The only thing you need to think about is how bad you really want that domain. If you simply can’t afford it and don’t want it that bad, then maybe you should just go ahead and brand as something else. However, if you really want the domain, then I would encourage you to go the UDRP route if you think you can win. It’s better then giving even one penny to a criminal!

Have you ever experienced cybersquatting? How did it turn out? What do you think about cybersquatters? Share your thoughts.

Share this:


Your email address will not be published. Required fields are marked *

3 thoughts on “The Truth About Cybersqatting, How To Get The Domain, And How To Fight Back

  1. Well, I can’t help but respond to this.

    First, life in our times is far more complicated than it has to be and going through all the machinations to obtain a “scalped” domain name just isn’t worth the trouble or effort unless you are a highly branded and well funded enterprise. It’s a pointless exercise in bureaucratic nonsense that will consume time and energy with, given the exception mentioned, little return on investment.

    Second, the dot com phenomena is over with the release of so many new domain extensions. If you have an online presence to sell or disseminate information then you are faced with the formidable task of online marketing which seems to change with the tide.

    Pursuant to a more recent post of yours about EBay the keynote is greed. Why is it people who build a successful business online… one that makes them rich beyond anything they imagined… why do they become absurdly greedy? EBay follows that model.

    Note also Google and adwords. This was once a reasonable approach to marketing online but big “G” in it’s wisdom has made it viable only for deep pockets. The Ebays and Googles of the world enrich and empower themselves by providing opportunities for the person taking those first risks to sell a service or product to make ends meet and then turn on them by greedily raising fees when their overhead has actually decreased.

    It’s a sign of our time.

    With respect to a domain…

    … by the way, I’ve been developing on the web since the first browser (Netscape) came out in March of 1993 and with several companies to my credit and many hundreds of clients I consider myself somewhat knowledgeable about the web, from front end to back end…

    … so, the point I really want to make is having a dot com is not going to enhance you online marketing one bit. With the opening of domain extensions people are becoming accustomed to alternatives to dot com and that doesn’t even consider the global markets that may not even use dot com (dot eu for europe, dot ie for Ireland, dot CO do UK for the UK, etc.).

    To add to this… if you are just now looking to go online then you probably do not have a very mature company… ie, not a highly established brand identity. Otherwise you’d have been down that road a long time ago. This means you probably have considerable latitude on altering or shifting your branding a bit to accommodate a wider selection of domain names.

    Just me thots mate.


Welcome my friend, Helper Cat says you need to register for that! :)