Cybercriminals Use Malicious Cybersquatting Attacks to Distribute Malware and Hijack Data

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Cybercriminals Use Malicious Cybersquatting Attacks

Digital squatting has evolved from a simple trademark nuisance into a dangerous cybersecurity threat.

In 2025, the World Intellectual Property Organization (WIPO) handled a record-breaking 6,200 domain disputes. This represents a 68% increase since 2020.

Security experts warn that criminal networks are now using fake domains not just to sell them for a profit, but to steal customer data, distribute malware, and destroy brand reputations.

How Squatting Works

Cybercriminals use several deceptive tactics to trick users into visiting fraudulent websites:

  • Typosquatting: Registering common misspellings of popular sites (e.g., gooogle.com).
  • Combosquatting: Adding keywords to legitimate brand names (e.g., netflix-login.com).
  • TLD Squatting: Using different extensions, such as registering a .net or .org version of a famous .com business.
  • Homograph Attacks: Using visually similar characters from different alphabets to create undetectable fakes.

Research from SecPod revealed a 19-fold increase in malicious campaigns between late 2024 and mid-2025.

Their analysis showed that 99% of these squatted domains were used for credential phishing or delivering malware.

The experience of Decodo (formerly Smartproxy) highlights the severity of this issue. Decodo, a leading web data provider, faced aggressive impersonation by bad actors in China.

Scammers registered domains like smartproxy.org and smartproxy.cn to mimic the legitimate service.

Customers who fell for these clones handed over money for services they never received. Worse, when the fake services failed, angry users blamed the legitimate company, severely damaging Decodo’s trust rating.

“Impersonators don’t just steal money,” said Vytautas Savickas, CEO of Decodo. “Every fake site makes it harder for honest businesses to earn trust.”

Notable High-Profile Domain Disputes

Company Squatter / Domain Outcome / Details
Tesla tesla.com Operated as teslamotors.com for years; eventually acquired tesla.com after a reported multi-million dollar settlement.
TikTok tiktoks.com Two individuals registered the domain for $2,000; ByteDance won the WIPO dispute after a refused $145,000 offer.
Microsoft mikerowesoft.com Registered by teenager Mike Rowe; settled amicably with an Xbox gift after public backlash against Microsoft.
Amul amuldistributor.com Scammers used fake domains to run job and franchise fraud rings from 2018–2020.

The damage goes beyond lost sales. Phishing attacks, often launched from these fake domains, cost organizations an average of $4.8 million per breach in 2025.

Victims often unknowingly hand over login credentials or download ransomware, leading to massive financial losses.

Experts urge businesses to stop being reactive. Vaidotas Juknys, CCO at Decodo, advises companies to audit their domain portfolios immediately. Protection strategies include:

  1. Defensive Registration: Buying common misspellings and various extensions (like .io, .ai, and .co.uk) before scammers do.
  2. Monitoring: Using services that scan the web for new domain registrations that look like your brand.
  3. Customer Education: Clearly listing official domains on your website and warning users about known impostors.

In 2026, a company’s domain is its front door. Leaving it unguarded allows criminals to pick the lock, resulting in costs that no business can afford to pay.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.