What is Cybersquatting and Typosquatting – Definition & Examples

Ever since the requirement for websites and domain names started booming on the Internet, people started cybersquatting for personal gains, often monetary. Cybersquatting or URL Hijacking simply means squatting or sitting on the cyber or domain name of someone else. It involves buying website URLs of popular business names or trademarks so that they can resell it at a cost. Typosquatting, on the other hand,  makes use of common typing mistakes when typing the domain name of popular websites in the address bar to extract information by faking websites.

In short, Cybersquatters register domain names containing trademarked terms, with a view to making an illegal profit from them or to misuse it, whereas Typosquatters register domain names using misspelled words or large popular websites, with malicious intent.


What is Cybersquatting

In the early days when websites were just blooming, web users understood the need for businesses to have a website. Many business houses, including reputed companies, did not set up websites.

So there was this set of people who started buying URLs (domains) that look like the websites of such enterprises. For example, if Samsung was not taken up, cybersquatters bought www.samsung.com so that when Samsung wanted this domain name website, it had to pay a fortune to get back the URL www.samsung.com.

Cybersquatting is related more to already established business houses that have a good reputation but do not have a related website. For instance, someone bought surfacephone.com as soon as the phones were announced. In such a case, the company may pay the other person and buy the domain name or it may initiate legal proceedings to procure the domain name.

There are legal methods to get back such URLs, but the legal processes are too long and more costly than simply buying back the URL. The reputation and trademarks of a company or business become a URL. If you have a huge business called XYZ Services and a trademark saying XYZ Services, people will obviously think that your website will be www.xyzservices.com. But since XYZ Services did not think about registering this domain on the web, someone already bought the URL. Now to host its own website and to prevent damage to its reputation, XYZ Services will have to buy back the URL from whoever purchased it.

If you have a huge business called XYZ Services and a trademark saying XYZ Services, people will obviously think that your website will be www.xyzservices.com. But since XYZ Services did not think about registering this domain on the web, someone already bought the URL. Now to host its own website and to prevent damage to its reputation, XYZ Services will have to buy back the URL from whoever purchased it.

Even if you do have a site say www.ABC.com, cybersquatters will register a different top-level domain like say ABC.net or ABC.us, in the hope that the main website will some day buy it off their hands at a handsome profit.

What is Typosquatting

These are the most dangerous kinds – often used for Phishing. People make typographical errors while typing in the address bar. If someone wants to benefit from a well-known reputation, he or she will buy domains looking like the genuine URL but actually contains a typo.

For example, to fool people, someone might buy linkdin.com or linked.in because linkedin.com already exists and is popular amongst career-minded people. There can be a faceboook.com that looks like www.facebook.com but has an extra ‘o’.

The intention in typosquatting is always harming people – stealing their identities and making profits while with cybersquatting, some of the cases might be genuine. Users might not have known about a company in some other part of the world and might have bought related URL. The user may or may not sell back the URL in innocent cases. But typosquatting is deliberate planning to skim Internet users.

How to deal with Cybersquatting and Typosquatting

While it is already known that people involved in typosquatting do it for malicious gains, it is a little tough to establish whether cybersquatting was done on purpose or if it was just a coincidence. The first thing is to check what you find when following the cyber squatted URL. If it leads to a parked website, site under construction and ‘site for sale’ web page, it is definitely a case of cybersquatting. If there is a full fledged website being hosted at the domain, it might be an innocent case.

It is sometimes hard to prove that the person who is owning a cyber squatted domain actually did it with the intention to misuse your business name and reputation. You can either contact the site owner and make him an offer or you may contact lawyers in your area and go ahead and file a case against cyber criminals. This is a decision you have to take. A legal proceeding takes up both time and money and as such, some people avoid that route and prefer to pay up. It also depends on the mindset of the other person. If he indeed is a cybersquatter, he is sure not to give in without a legal fight.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.


  1. Russ Soule

    while I might agree that typosquatters are attempting to mis-lead browser users, I completely dis-agree that cybersquatting is either illegal or even un-ethical. this activity is the same as registering a large company’s name in a state where the company is not located so that when the company decides to locate there, they need to purchase that registered name from the investor. there is no guarantee that the company will EVER purchase the name and, in fact, many companies operate in one state under a different ID than in other states in order to avoid those who legitimately own the name. now if the NAME is copyrighted at the national level, there is the possibility of suing to recover lost income due to the use of said copyright, but if no income was lost, there would be little basis for the lawsuit beyond a demand to stop using the copyright. however, using a name on an url might NOT be a copyright infringement. what you are saying is that if I register DelighfulDairyCones . com and someone in Oregon has that as its corporate name, whether copyrighted or not, somehow I have become an un-ethical cybersquatter whose only purpose is to make money. well, isn’t that the purpose of all businesses, including The Windows Club?

  2. “…making an illegal profit from them or to misuse it… malicious intent…”. These intentions have to be present. Tomorrow I will post an example to make things clear.

  3. MmeMoxie

    Andy, today with Typosquatting, I agree that many are Phishing sites. Years ago, back in the 1990’s when I first started to “surf” the web – I was typing in Chevrolet com. Well, I spelled Chevrolet wrong, by one letter or switched 2 letters around and I got taken to a rather risque website! I laughed, what else could I do? Well I learned to have Dictionary com bookmarked on my computer, so that I would be spelling correctly. LOL At that time, Phishing wasn’t as wide spread, as it is today.

    As far as selling website names back to the proper company or person who should have it – These sellers are just as bad as the Ransomware hackers!!! I’m sorry. When people buy these domains, their sole purpose is to “ransom” their domain to the person who has that name or the company name. This to me is not good business practice. In my eyes, I see this as stealing to make a profit. I’m sorry, but, that is the way I feel and have for the last 20 years.

  4. Criostoir

    if a domain name is available and if the keywords in the domain name are not copyrighted then why would it be cyber squatting to register that domain name.people who are late to thhe party like to brand domain name investors as squatters.
    if i bought 10 houses in 1999 am i a squatter or a real estate investor in 2016.

    a cyber squatter is someone who buys a copyrighted domain name in hope of making a quick buck either through selling or through traffic income.
    a domain name investor is someone who buys available domains as an investment vehicle.
    capitalism it appears is not allowed in the domain name arena

  5. Russ Soule

    Criostoir, that is the point I was trying to make. Unless a business name is copyrighted, it is available for anyone to use in any area that it its use has not been seen. Example: In 1986 I set up a tax business called Best Tax Service Inc in Michigan. Under the Michigan laws, n one could use that name for a tax business unless I gave them permission. However, a Florida tax man decided it was a good name to have and used it in Florida. A tax woman in Texas also decided that was a great tax business name to have and used it there. I failed to have the name copyrighted and they were free to do what they wanted. In the same year, I set up and copyrighted U-Compute Centers and THAT name could NOT be used for 17 years. If someone had setup an internet domain as Best Tax Service, I would have been out of luck, but the UCC was copyrighted and I could prevent THAT name from being used.

  6. It is not about domain names primarily but business names. If you know that a domain name will soon be needed by a company or a person and you purchase it before the other does, you are infringing on the trademark of the business. Of course, it would vary across countries so you have the option to book domains with other TLDs like .Net, .co.uk, .co.in and similar.

    I am suffering because someone is sitting on my TLD .in. I own powercutmedia.com and org. I failed to renew powercutmedia.in as I was depressed about the business and I thought I’ll let it go. Later I realized all my marketing material mention powercutmedia.in domain. The business name too is Powercut Media (IN) so people would naturally for .in domain. I am waiting for a long time hoping whoever has registered .in domain would release it at some point of time. But seems it is not going to happen. In that case, I’ll have rebuild my marketing material: from banners, to audio and videos. Even the email promoted by the marketing material was arun@powercutmedia.in which is now inaccessible.

    Another headache is ICANN adding more and more TLDs every year. Earlier if you bought a domain .com, you would simply buy .net and probably .org to go with it. Now there are .co.in, .in, .org.in, .media and what not. The only way around was to trademark my business name which I did not do. If I had, I could have used it as a weapon to stop others from registering any TLD that contained “powercutmedia” as a keyword.

    Finally, intentions matter. Why is that person holding powercutmedia.in if he or she is not hosting anything on the domain? Of course, there is only one Powercut Media in India. There is one in UK but they’re into something else and I wouldn’t mind if they go ahead with powercutmedia.co.uk or something like that.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 9 =