No website is immune from cybersquatting. On March 2, 2025, the United States Patent and Trademark Office (USPTO) sent out an update to its earlier notice, warning that scammers are creating misleading websites such as “myusptoservices.org.” This is the type of brazen scam discussed in our earlier Insight suggesting measures that may streamline the recovery process. While cybersquatting has become more frequent and sophisticated in recent years, securing a trademark registration for your brand as incorporated in your domain name makes reclaiming your domain easier in the event a scammer uses an identical or confusingly similar domain name.

Cybersquatters profit by demanding payment from businesses, running ads on high traffic domains, stealing user data through lookalike sites, and posting misinformation or obscenities to pressure companies into buying back their domains.

Scammers also engage in “typosquatting” by registering domains with slight variations or misspellings of a business name, causing confusion for website searchers. LEGO has spent $500,000 battling such scams, including winning a Uniform Domain-Name Dispute-Resolution Policy (UDRP) case (the process is explained below) against cybersquatters using the domain “de-lego.site.” Additionally, Tesla was using Teslamotors.com until they paid cybersquatters $11 million to claim Tesla.com in 2016.

There are, however, several steps you can take to protect yourself and your business before being a victim of cybersquatting. Trademark rights come from use, not registration, but securing a registered trademark is crucial for resolving cybersquatting disputes. Today, securing corresponding domain names is best done early in the process, even before the trademark is registered, to stay ahead of cybersquatting. You can buy one or several domain names through registration sites like GoDaddy or Squarespace, but the number of ICANN registrars now numbers well over 4,000.

In the event you are the victim of a scam, you can use ICANN’s registration search to try to find the host registration. However, contacting domain owners directly can be close to impossible, since most cybersquatters remain anonymous using registrar privacy services which mask their personal mailing address, phone number and e-mail. We have successfully uncovered the identity of anonymous cybersquatters on behalf of several clients recently, but the process can be lengthy and is not guaranteed. However, as in the case of Lego, the UDRP process can be utilized by trademark owners to recover their domain name from cybersquatters, even if the infringing domain is registered anonymously. The UDRP process involves filing a straightforward complaint through WIPO (or another ICANN-accredited domain name dispute resolution service provider). If you supply a federal trademark registration number, your ownership and rights are presumed. Technically, you can bring a UDRP complaint if you don’t have a registration, but the bar is exceedingly high. In this instance, you may be able to recover the domain name by providing strong evidence of common law trademark rights, such as photographs or screenshots that show your use of the mark in commerce on the goods and services.

The respondent has 20 days to respond to the complaint to avoid defaulting. While there are no monetary damages, a successful ruling will order the infringing domain name to be transferred to the trademark owner or cancellation at the offender’s expense. It is a good idea to seek legal advice prior to submitting a UDRP complaint in order to assess your rights and identify any possible issues.

Without a trademark registration, obtaining relief is more challenging and expensive, often requiring negotiations with the scammer, lengthy legal disputes under the Anti-Cybersquatting Consumer Protection Act, or use of ICANN’s international arbitration system.

As always, Lutzker & Lutzker is available to help with trademark and domain name selection, registration and enforcement.