When cybersquatters try the extortion game

A squat in Zagreb (Zagreb)
Image via Wikipedia

An interesting case at work today, where a website owner got targeted by a company/individual who had registered a number of domain names relevant to them and was trying to sell them at £3000 a pop. As you can imagine, the website owner was quite concerned about this behaviour and wouldn’t you be? It’s a technique called cybersquatting (or domain name squatting) and is more of an annoyance than a real threat to a business.

Here’s how it works. Let’s say I own a domain called http://www.owencutajar.com. Mr Domain Extortionist comes along and registers the following domains:

  • www.owen-cutajar.com (extra dash)
  • www.owencutajar.net  (different TLD)
  • www.owncutajar.com (misspelling)
  • www.owencutajarROCKS.com (derivative name)

Mr Extortionist then emails me and tries to sell me the domains (for many times the price he paid for them). They can use the carrot approach: “It would be a good opportunity to attract more search engine traffic, be relevant to other markets etc” or the stick approach “If you don’t buy the domain, I’ll sell it to your competitor/to a porn site etc”. The initial outlay is pretty low for him, possibly around $5 a domain name, but usually he’ll try and sell them for thousands of pounds each. If he can just sell one, he can easily recoup his costs and make a tidy profit.

So, how should an organisation handle this threat? Here’s some advice:

  1. Under no circumstance should you buy any of the domains the squatter is holding. As outlined above, the squatter need only sell 1 domain name and he can recoup the cost of the investment (and then some). This will also trigger off a repeat cycle where the squatter buys more domain names and ransoms it off again. It’s the same thinking behind the “We don’t negotiate with terrorists” approach. Giving in to their demand provides positive reinforcement for their actions and only triggers off a repeat cycle.
  2. Realise that this threat won’t go away. The number of combinations that the squatter can register are limitless, so you don’t really have the option of pre-empting the situation by buying up all the permutations before the squatter comes along. It would be immensely expensive and a nightmare to manage. Instead, familiarise yourself with the risks and demonstrate that you will not bow to pressure.
  3. Take action. If you are based in the U.S. and the squatter is infringing your trademark, you can take the domain away from them. 15 U.S.C. § 1129(1)(A) states: “Any person who registers a domain name that consists of the name of another living person, or a name substantially and confusingly similar thereto, without that person’s consent, with the specific intent to profit from such name by selling the domain name for financial gain to that person or any third party, shall be liable in a civil action by such person.”. If you’re not based in the U.S., you can notify the Office of Fair Trading or equivalent body that the company that has approached you is seeking to extort money from you using unethical practices. If the situation escalates, you may even want to involve your local Fraud Squad.
  4. Alternatively, do nothing! There’s nothing you can technically do to prevent people from registering domain names and the vast majority of squatted domains will just sit there doing nothing and eventually expire. It takes effort from a squatter to register domains and try and sell them, and if they don’t get any traction, they will head off and seek another victim. Non-engagement is a valid technique to deploy in this case, but make sure your own domain is well established and people know where to find you.

I’d be interested to hear from others who have had to face the situation and how you dealt with it. Just drop a comment below.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.