Cybersquatting involves the abusive registration of a domain name in bad faith or the registration of a domain name which includes someone else's trade mark, or variations of that trade mark.

The main motives for cybersquatting are to:

  • impersonate a legitimate business to acquire usernames, passwords and other personal information or to install malware on a person's device
  • direct traffic to the website for commercial gain e.g. to sell counterfeit goods
  • try to sell the domain name to the owner of the trade mark at an inflated price.

What can you do?

More and more businesses are taking steps to manage their online reputation, one part of which is to monitor the use of their trade marks and to prevent their brand name from being used for malicious activities.

Depending on where the cybersquatter is located, aggrieved businesses can commence proceedings for trade mark infringement, misleading and deceptive conduct and passing off.

Another option, if the infringing domain name involves a generic top level domain (gTLDs), is to apply to the World Intellectual Property Organisation (WIPO) arbitration and mediation centre, to have the domain name cancelled or transferred to the complainant.

How does the WIPO centre process work?

The Uniform Domain Name Dispute Resolution Policy (UDRP) applies to gTLDs. gTLDs are domain names ending in suffixes such as .com, .info, .net, .org.

As part of the UDRP, domain name holders are required to submit to a mandatory administrative proceeding, with an approved administrative dispute resolution service provider e.g. the WIPO centre, if a complainant asserts that:

  • the domain name holder's domain name is identical or confusingly similar to a trade mark or service mark in which the complainant has rights; and
  • the domain name holder has no rights or legitimate interests in respect of the domain name; and
  • the domain name holder's domain name has been registered and is being used in bad faith.

The complainant can commence the administrative proceeding by lodging a complaint to WIPO. There are fees involved with the UDRP administrative proceeding.

WIPO will then submit a verification request to the Registrar (the entity which the respondent has registered a domain name with) to verify that the respondent is listed as the registrant of the domain name. As part of the verification request, WIPO will include a request to the Registrar to lock the domain name. The Registrar is required to lock the domain name within two business days of WIPO's request.

The respondent can submit a response to the WIPO centre, responding to the allegations made in the complaint, within 20 days of the commencement of the administrative proceeding.

The proceeding is determined by a one or three member panel, usually within two months of commencement.

WIPO decisions

The panel only has power to require the domain name be cancelled or be transferred to the complainant.

Decisions made are published on the WIPO centre's website.

Subject to an appeal, the Registrar is required to implement the decision made under the UDRP. The UDRP proceeding therefore has an advantage of avoiding international enforcement issues commonly encountered through a court proceedings.

What about .au domain names?

If a cybersquatter has registered an Australian domain name e.g.,,, a person or company can lodge a complaint with the Domain Administration Ltd (auDA) under the .au Dispute Resolution Policy (auDRP). The process under the auDRP is similar to the UDRP complaints process.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.