You are currently viewing 4 Types of Cybersquatting You Should Know

4 Types of Cybersquatting You Should Know

Building your online presence can take a while, though falling prey to cybersquatting can destroy your credibility in no time. Learning how cybercriminals impersonate people and companies is a must to defend yourself from their antics. Here are the types of cybersquatting you should know.

There are four types of cybersquatting: name jacking, identity theft, typosquatting, and reverse cybersquatting. All four represent a way of brand abuse and could be illegal, depending on the circumstances. Learning how to recognize this infringement is a must to protect intellectual property.

However, it’s not enough to know cybersquatting by name. In this article, we’ll thoroughly explain each type, provide examples, and explain how to deal with them. You’ll also understand what motivates cybercriminals to impersonate companies, people, and websites online.

How Many Types of Cybersquatting Are There?

You’ll find four types of cybersquatting:

  • Name Jacking
  • Identity Theft
  • Typosquatting
  • Reverse Cybersquatting

Cybersquatting refers to a practice where a third party registers a domain name that has a likeness to or relation with a distinct or trademarked name, like the name of a famous person or company. It’s a type of brand abuse that could be illegal in certain scenarios.

However, these four types of cybersquatting have different characteristics, and knowing which one is taking place will help you develop a strategy to regain control of your online presence.

4 Types of Cybersquatting You Should Know

1. Name Jacking

The most common type of cybersquatting (and the one most people think about when they talk about this type of cybercrime) is name jacking. As the name suggests, someone other than you will register a domain with your name or brand’s name.

However, you can’t sue or accuse someone of name jacking unless the name in question is distinctive. In other words, your name or brand’s name has to be famous enough for third parties to know about it before they register it.

You can’t accuse someone of name jacking if they register a common name, like John Doe – even if your name is indeed John Doe. In contrast, someone like LeBron James can sue someone for registering a domain such as or similar.

Name Jacking Example

In 2006, Tom Cruise took Jeff Burgar, a notorious cybersquatter, to court. Burgar had registered the domain and used it to redirect it to his own website, where he wrote about celebrities.

This name jacking case is clear-cut: Tom Cruise was famous when Burgar registered the domain. At the same time, Tom Cruise had trademarked his name before Burgar registered the domain, so no cybersquatter would’ve won that case.

2. Identity Theft

Identity theft is similar to name jacking but requires extra steps. In this case, a cybersquatter has to wait until a domain expires to purchase it, then use a similar website to the one that existed to lure their victims. In other words, they’ll impersonate a website using the real domain.

More often than not, a criminal will purchase an expired domain without the trademark owner knowing. They’ll duplicate the website that existed on that expired domain to scam people. Visitors seldom check if a website is legitimate and will often fall for this trick.

Cybercriminals use dedicated software to monitor the expiration date of multiple domains, so they can quickly buy them as soon as possible.

Identity Theft Example

In 2021, an Argentine web designer took his country by surprise when he bought for less than $3.

He noticed the website remained unresponsive for a while and thought to check if the domain had expired out of curiosity.

Thankfully, he had no bad intentions. However, someone with ill will would’ve infected thousands of people with malware or scammed a lot of people out of their money.

3. Typosquatting

Typosquatting is similar to name jacking, though it requires cleverness rather than timing. Someone who name jacks a domain needs to register it before the trademark owner does. However, typosquatting requires you to be creative and come up with name variations.

In other words, a cybercriminal will come up with names similar to the trademark he wants to target.

For example, let’s say you want to typosquat You have to think about name variations, such as,,, and so on.

Since you’re not registering the domain because you’re named John Googgle (and want to lure people to your sham website), you’re a typosquatter.

Typosquatting Example

The Google example is based on a true story. In 2005, Google sued a Russian man named Sergey Gridasov for registering multiple domains, such as,, and

The tech giant had to show they had registered the domain before Gridasov did, which wasn’t hard to do: the respective owners had registered in 1999, and Gridasov registered similar domains less than two years later.

In fact, the court noticed that Gridasov used all three domains to infect computers with malware, which was enough for them to rule on Google’s side.

4. Reverse Cybersquatting

In reverse cybersquatting, something rare happens: the trademark owner isn’t the victim but the offender. In this case, the person or company with a trademark will sue a third party for rightfully owning a domain name.

How does reverse cybersquatting work? Let’s say you share your last name with a famous company like Amazon. So, you register the domain. Jeff Bezos doesn’t like that, so his lawyers contact you to take down your website. That’s reverse cybersquatting – but it makes you, the owner of, the victim.

Whether it’s illegal or not depends on a case-by-case basis. However, if a trademark owner intimidates or forces someone to take down a website via anything other than legal ways, that trademark owner is breaking the law.

Reverse Cybersquatting Example

In 2022, a law firm that owned the domain wanted to register a better-sounding domain, However, that name was already registered by a man who shared that last name.

The law firm (Bartko, Zankel, Bunzel, & Miller) sued the owner of to try and force him to take down his site and transfer the domain to the law firm. The court ruled in favor of the owner of – because that was his last name, making this situation a clear-cut case of reverse cybersquatting.

What makes things more frivolous (and funny) is that this law firm specializes in intellectual property practice, meaning they knew what would happen and went along with it anyway.

How To Recognize Cybersquatting

Under American law, you have to meet two criteria to consider a case of cybersquatting illegal and fit to take to court. These two are:

  • Similar or identical domain name. The cybercriminal has to register a domain name that’s similar or identical to a trademarked (or distinctive) name. Said domain should be close enough to the name in question to confuse or deceive people.
  • Malicious intent. As the case proves, registering a domain name isn’t enough to commit a cybersquatting crime. To do so, you have to register that domain with the intent to sell it for more money, use it to hurt a person’s or company’s reputation, or use it to commit a cybercrime (spreading malware, phishing, or similar).

Why Does Cybersquatting Happen?

Cybersquatting, similar to most cybercrimes, has one purpose: scamming people. This type of intellectual infringement takes place to steal someone’s money.

For example, someone who performs typosquatting is looking to lure people to their site. When that happens, these cybercriminals will try to spread malware or use a duplicate website to steal credit card numbers.

How does that happen? In the first case, a cybercriminal could use your CPU (via their sham website) to mine cryptocurrency. In the second case, they would replicate an e-commerce site only to copy your personal information and credit card number when you attempt to purchase something (from what you think is a regular website).

Is Cybersquatting Illegal?

In most cases, cybersquatting is illegal. There’s a reason for that: most people don’t impersonate or replicate websites out of goodwill – but to scam people. However, there are certain cases where something seems like cybersquatting, but it’s legal to do.

You probably recall what reverse cybersquatting is. In that case, an unknowing third party appears to be cybersquatting a domain, although they’re not doing so. The case perfectly illustrates that scenario.

However, other people have met one of the two requirements required to commit cybersquatting. They have purposely used a similar or identical name to a trademarked name – but had no malicious intent in doing so.

For example, in 2004, a teenager registered the domain name, which sounds suspiciously similar to Microsoft. Because of that, the software company sued the domain owner, though they failed to pursue the lawsuit any further because of public pressure.

In the end, the teenager settled (and transferred his domain) for an Xbox, a trip to a Microsoft tech fest, and some courses.

What Can Be Done About Cybersquatting?

To avoid any cybersquatting attempts, the best thing you can do is to trademark your brand’s name as soon as possible and register several domains related to it.

Don’t settle for one top-level domain (i.e., .com, .org. .net, etc.) alone. Instead,  purchase as many as possible to avoid trouble later on. You don’t have to create a website for each one: you can redirect all domains to the same site.

If you fall prey to a cybercriminal, you have two options: contact a lawyer or the cybersquatter. If you want to play it smart, talk to both, and choose the cheaper option to solve the issue.


The four types of cybersquatting are name jacking, identity theft, typosquatting, and reverse cybersquatting. Although these practices are usually considered unethical, they must meet certain characteristics to be considered illegal. However, most people prefer to pay cybersquatters instead of suing them because it’s cheaper to deal with the issue that way.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.