What do domain hijacking and cybersquatting mean?

Domain hijacking and cybersquatting are similar but have different intentions. In domain hijacking, an existing domain is taken over to gain access to company data or to misuse the brand identity.

Cybersquatting involves registering certain domain names early with the intention of reselling them later for a significant profit. In this blog, we discuss how these practices work, the risks involved, and how to effectively protect your online reputation.

What is domain hijacking?

Domain hijacking is a form of online theft where a so-called domain hijacker tries to take control of your domain name. In domain hijacking, a malicious person attempts to steal your domain name, for example by hacking the account at your registrar or by posing as the rightful owner.

As a result, domain hijackers can use your website for their own benefit, such as redirecting visitors to another site or accessing personal data.

Example of domain hijacking
Imagine: you have a bakery called ‘Delicious Pastry’, with ‘deliciouspastry.com’ as your domain name. Suddenly, you notice that you no longer have access to your site, and another page that has nothing to do with your business appears. A hacker has hijacked your domain. Someone gained access to your domain name through your registrar and took it over. This is an example of domain hijacking: your domain has been stolen and is now being misused.

What is cybersquatting?

Cybersquatting occurs when cybersquatters deliberately register a domain name that closely resembles that of a well-known company or brand, without having any rights to it. Their goal is to make significant money by selling the domain name at a high price to the company that actually owns the brand.

Example of cybersquatting:
Imagine: you own a company called ‘Stijn Renovations’, and a cybersquatter registers ‘stijnrenovations.com’ before you do. The cybersquatter then offers to sell the domain name at a very high price, hoping that you will agree to buy it.

What are the four types of cybersquatting?

• Typosquatting: registering domains that resemble well-known brands but with spelling mistakes (e.g., ‘alberthine.com’ instead of ‘albertheijn.com’).
• Brand squatting: registering domain names containing existing brand or company names to later sell them to the brand owner.
• Identity squatting: registering domains with the name of a well-known person to exploit or sell them.
• Ransom squatting: registering a domain that another company would like to use, with the aim of demanding large sums of money for its transfer.

Unethical or a creative way to make money?

Cybersquatting is generally considered unethical because it exploits the brand value or reputation of others without their consent. Companies can suffer financial losses, and customers can be misled.

It is essentially a form of exploitation where the cybersquatter seeks to profit from someone else’s success.

No clear legislation

In Belgium and the Netherlands (unlike in the US), there is no clear law that punishes cybersquatting, which leads some to consider the strategic registration of domain names as a creative way to make money.

Despite the lack of specific legislation against cybersquatting, there are legal options to address infringements through trademark law and domain name dispute procedures. This practice is generally viewed as unethical and damaging.

Domain hijacking vs. cybersquatting: the difference

Domain hijacking and cybersquatting are both forms of domain abuse. The main differences lie in how they are executed and the underlying purpose.

In short: domain hijacking involves stealing an existing domain, while cybersquatting involves registering a new domain name with malicious intent.

Stealing or early registration

If your domain name is hijacked, a hijacker has taken control of your domain name. The hijacker essentially steals your domain name and gains full control over the website.

In cybersquatting, someone deliberately registers a domain name that resembles a known brand or company name without any rights to it. The intention is often to resell the domain name for a high price to the rightful owner or to redirect traffic to their own site.

Domain hijacked, now what?

• Contact your registrar immediately: ask for help to regain control of your domain name.

• Check your accounts for security breaches: ensure your passwords and security settings are up-to-date to prevent further damage.
• File a complaint through a dispute procedure: use the UDRP (Uniform Domain-Name Dispute-Resolution Policy) or, in the Netherlands, the ADR procedure of SIDN to reclaim the domain.
• Seek legal assistance: if necessary, hire a lawyer to take legal action based on trademark law or breach of contract.
• Secure your domain for the future: consider additional security measures such as two-step verification or a domain lock at your registrar.

Don’t fall for cybersquatting

• Register your domain name early: make sure to register the domain name of your brand or company as soon as possible, including in different variations (.com, .net, .org).
• Protect your brand: register your brand name with official institutions for legal protection.
• Claim domains with common errors: register variations of your domain name (such as misspellings or other extensions) to prevent typosquatting.
• Monitor new domain registrations: use tools to keep track of whether someone registers a domain name that resembles your brand.
• Enable domain name protection: many registrars offer security options such as domain locking and two-step verification to prevent unauthorized changes to your domain name.