Cybercrime 101: What is Cybersquatting?

27 September 2022

Educating yourself about cybercrime is crucial in 2022. Technically, it has been crucial since we all started using the internet.

Unfortunately, many folks with ‘password123’ as their go-to for all accounts still exist in droves. It’s okay if you’re one of them: we’ve all been there! But it’s time to get wise about the basics of cybercrime to protect yourself and those around you.

Because when your website is vulnerable, chances are it is endangering other websites on the server, and therefore other people’s data, not just yours. Just as your home is on the street, in a neighbourhood, within a community, your website is also located adjacent to other sites and individuals containing information and data that needs to be protected from theft and manipulation.

Something as innocent as an outdated website could be a cybercrime hazard to yourself and others. Check out one of our recent articles to learn more:

4 Urgent Reasons to Redesign Your Website

Check our blog and socials from time to time, as we bring you helpful articles and posts about cybercrime and security to ensure you are following best practices with your personal and business online presence.

Today we take a look at Cybersquatting.

What is Cybersquatting?

Also referred to as domain typosquatting, cybersquatting is a cybercrime. In a nutshell, cybersquatting takes advantage of existing brand identities, exploiting them in bad faith for unauthorized gains. It does this by registering, using, and selling domain names that are the same as or similar to an existing business. These can include brands, company names, trademarks, and related collateral like social media. There are various types of cybersquatting, all with the end goal of exploiting the goodwill and trust of an existing name for profit and/or mischief.

Cybersquatting Is on the Rise Since the Pandemic

The INTERPOL Secretary General recently noted the ‘alarming pace’ of cybercriminal attacks, including cybersquatting, during the Covid-19 pandemic. This has been corroborated by WIPO or World Intellectual Property Organization, the global forum for intellectual property (IP) services, policy, information, and cooperation.

Protecting your brand identity and the data associated with it is of critical importance to your business. We’ll highlight some of the most common and pernicious forms of cybersquatting so you’re able to recognize the signs if they are affecting your business or one that you interact with.

4 Common Types of Cybersquatting

Top-Level Domain (TLD) Squatting

A TLD or Top-Level Domain is a popular website, like, for example. TLD Squatting takes advantage of this brand recognition, registering a domain that is similar to, like You may have found yourself navigating absent-mindedly to one of these sites and only then realized you followed a phishing link. This type of cybersquatting is intended to mislead visitors into visiting a potentially harmful or manipulative site. Even Facebook has to deal with it!

Hostile Subdomain Takeovers

Sometimes referred to as subdomain squatting, a hostile subdomain takeover is a tricky type of cybersquatting. Essentially, a domain becomes vulnerable when a subdomain pointing to service has been removed or deleted. Cybersquatters are able to hijack this removed or deleted official subdomain. This legitimate, hijacked subdomain is then used to host malicious content, steal cookies, and phish for private data.


Also referred to as a sting site, fake URL, or URL hijacking, typosquatting is a type of cybersquatting that capitalizes on common typing errors or misspellings made when searching for an established brand or business. Using our previous example, or something along these lines would qualify as a typo-squatted domain. They can also be characterized by foreign language spellings, pluralized names, and the same spelling on a different domain (like CNN. cm), among other creative permutations of this type of manipulation.


Here’s a popular one! While it would never occur to a professional business owner to register their business name under x-rated domains, this is a prime cybersquatting ground for scammers. Legitimate sounding businesses will have their names registered under domains ending in .xxx or .sex, for example.

Preventative Measures Against Cybersquatting

Cybersquatters sometimes attempt to gain information about a business via email, phone, or direct contact with the target business or brand before the squat has successfully occurred. If you receive an email from an unknown source or individual, claiming to have familiarity with your business and asking for information, check their name and data before responding or interacting.

Research Individuals and Email Addresses

Google the domain, business name, and email address. Typically, a professional individual working for even a small business is likely to have a LinkedIn profile and additional online identity footprints.

Likewise for the business, they claim to represent. Remember, if you haven’t dealt with someone directly, they could be misrepresenting themselves entirely. Fraud and scams are profitable jobs and side gigs for countless internet-savvy individuals lacking scruples, so don’t fall victim to your own trusting nature and naivete!

If the email address you received an email from does not show up anywhere on Google, or suggests a different domain spelling, be extremely weary about interacting with this person. They could be phishing for information that will allow them to cyber-squat your brand or website.

Research Businesses and Social Media Accounts

It’s easy to test if a site is official or not. Simply Google the business name. The algorithm will almost always ensure that the authentic, verified site comes up as the first result. It is primed to prioritize the display of websites that process legitimate requests, like verified purchases or inquiries, with regularity. This is one of the primary functions of the search algorithm, to protect browsers from fraudulent, suspicious websites and activities associated with them.

Another clue is that a business’s social media accounts will be verified and contain the correct link in their information or biography. While not every business keeps an active social media presence or has the blue check mark, quickly surveying the full online environment associated with a domain or business should give you a decent idea of whether it is legitimate or fishy.

Stay Educated About Cybercrime

Certainly, sophisticated cybercriminals create entire online environments to lend an air of legitimacy and professionalism to their scams. It is every internet user’s obligation to stay aware and informed of the dangers.

We are all taught as children about stranger danger and to look both ways before crossing the road. Unfortunately, we must constantly educate ourselves about ongoing threats to our personal data and the lives we live with that data. Identity theft is a very real problem that can severely impact an individual’s life and finances. Preventative measures and ongoing education are key to staying safe.

Choose Website Professionals Who Understand Cybersquatting

At Smartweb Canada, we are passionate about designing simple, user-friendly websites that serve our clients and their customers efficiently and safely. In almost 20 years of business, we have encountered every type of cybercrime. Our professionally diverse team is heavily invested in protecting our clients and their websites from cybersquatting and other invasive forms of cybercrime.

If you feel something suspicious is going on with your site, get in touch with us today. We monitor our client’s sites regularly and install the latest security and surveillance software to ensure they are protected.

Our friendly customer service agents are well-informed on cybersecurity and are here to chat and offer advice if you have an inquiry or concern.


Free Assessment Form

Verified by MonsterInsights