Cybersquatting Surges as Criminals Exploit Fake Domains for Malware and Fraud
In 2025, digital squatting has escalated from a trademark nuisance to a major cybersecurity threat, with the World Intellectual Property Organization (WIPO) handling a record 6,200 domain disputes a 68% increase since 2020. Criminal networks now use fake domains not just for resale but to distribute malware, steal credentials, and defraud customers.
A prime example is Decodo (formerly Smartproxy), a web data infrastructure provider serving 135,000 users globally. Attackers in China registered lookalike domains like smartproxy.org and smartproxy.cn, luring victims into paying for non-existent services often in irreversible cryptocurrency. The scams damaged Decodo’s reputation, as frustrated users blamed the legitimate company. CEO Vytautas Savickas warned that impersonators not only steal money but erode trust in honest businesses.
Cybersquatters employ sophisticated tactics to deceive users:
- Typosquatting: Misspelled domains (e.g., gooogle.com).
- Combosquatting: Adding keywords (e.g., amazon-deals.com).
- TLD Squatting: Using alternate extensions (e.g., .net instead of .com).
- Homograph Attacks: Substituting visually identical characters from different alphabets.
Research by SecPod revealed a 19-fold increase in malicious campaigns using these methods between late 2024 and mid-2025, with 99% of fake domains linked to phishing or malware.
Companies are fighting back via the Uniform Domain-Name Dispute Resolution Policy (UDRP), with trademark owners winning most 2025 cases. High-profile disputes include:
- Tesla: Acquired tesla.com after years of operating as teslamotors.com.
- TikTok: ByteDance won a WIPO case against tiktoks.com after the squatters rejected a $145,000 offer.
- Microsoft: Settled with a teenager over mikerowesoft.com after public backlash.
- Amul: Scammers used amuldistributor.com for job and franchise fraud from 2018–2020.
While legal action helps, experts emphasize proactive defense, including registering brand variations and monitoring for lookalike domains in real time. As squatters exploit technical loopholes, domain management has become a critical cybersecurity priority.
Source: https://gbhackers.com/hackers-exploit-cybersquatting-tactics/
Decodo cybersecurity rating report: https://www.rankiteo.com/company/decodo
"id": "DEC1770450727",
"linkid": "decodo",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Technology, Data Services',
'location': 'Global',
'name': 'Decodo (formerly Smartproxy)',
'size': '135,000 users globally',
'type': 'Web data infrastructure provider'}],
'attack_vector': ['Typosquatting',
'Combosquatting',
'TLD Squatting',
'Homograph Attacks'],
'date_detected': '2025',
'description': 'In 2025, digital squatting escalated into a major '
'cybersecurity threat, with criminals using fake domains to '
'distribute malware, steal credentials, and defraud customers. '
'Decodo (formerly Smartproxy) was targeted by attackers who '
'registered lookalike domains like smartproxy.org and '
'smartproxy.cn to lure victims into paying for non-existent '
'services, often in irreversible cryptocurrency. The scams '
'damaged Decodo’s reputation, as users blamed the legitimate '
'company. Cybersquatters employed typosquatting, '
'combosquatting, TLD squatting, and homograph attacks to '
'deceive users. Research by SecPod revealed a 19-fold increase '
'in malicious campaigns using these methods between late 2024 '
'and mid-2025, with 99% of fake domains linked to phishing or '
'malware.',
'impact': {'brand_reputation_impact': 'Significant damage to Decodo’s '
'reputation',
'customer_complaints': 'Frustrated users blamed the legitimate '
'company (Decodo)',
'operational_impact': 'Erosion of customer trust in legitimate '
'businesses',
'payment_information_risk': 'Victims paid for non-existent '
'services in irreversible '
'cryptocurrency'},
'lessons_learned': 'Domain management has become a critical cybersecurity '
'priority. Proactive defense, including registering brand '
'variations and monitoring for lookalike domains, is '
'essential to combat cybersquatting.',
'motivation': ['Financial gain', 'Reputation damage', 'Credential theft'],
'post_incident_analysis': {'corrective_actions': ['Proactive domain '
'registration',
'Real-time monitoring',
'Legal action via UDRP'],
'root_causes': 'Exploitation of technical '
'loopholes in domain registration '
'and lack of proactive monitoring'},
'recommendations': ['Register brand variations proactively',
'Monitor for lookalike domains in real time',
'Pursue legal action via UDRP for trademark violations'],
'references': [{'source': 'World Intellectual Property Organization (WIPO)'},
{'source': 'SecPod Research'}],
'regulatory_compliance': {'legal_actions': 'UDRP cases won by trademark '
'owners (e.g., Tesla, TikTok, '
'Microsoft, Amul)'},
'response': {'containment_measures': 'Legal action via Uniform Domain-Name '
'Dispute Resolution Policy (UDRP)',
'enhanced_monitoring': 'Real-time monitoring for lookalike '
'domains',
'remediation_measures': ['Proactive registration of brand '
'variations',
'Real-time monitoring for lookalike '
'domains']},
'threat_actor': 'Criminal networks (primarily based in China)',
'title': 'Cybersquatting Surge Exploiting Fake Domains for Malware and Fraud',
'type': 'Cybersquatting, Phishing, Malware Distribution, Fraud',
'vulnerability_exploited': 'Lack of proactive domain monitoring and '
'registration of brand variations'}