Domain squatting continues to bedevil IT sector

Like grunge and Pokémon, domain squatting is a phenomenon from the 1990s that refuses to die—and its latest iterations are giving cybersecurity pros major headaches.

Like its revoltingly named cousin slopsquatting, which uses open-source code repositories as an attack vector, domain squatting relies on user error and a lack of preparedness and security hygiene. Vaidotas Juknys, chief commercial officer at proxy platform provider Decodo, told IT Brew that the problem is large-scale, and has increased since the Covid-19 pandemic.

“For any given domain, such as Live.com or Amazon.com or Google.com, there is only a finite number of different squatting names,” Juknys said, adding, “most of these big websites already, around 12% to 14% of these possible permutations are already registered.”

Countdown to danger. Data from the World Intellectual Property Organization (WIPO) shows the domain disputes it manages have risen from 4,204 in 2020 to 6,282 in 2025.

Potential damage to major companies is a reason for cybersecurity experts and other IT pros to stay on top of the issue. As Claire Breheny, head of trade marks at Mathys & Squire, told Fashion Network in January, when attackers use established brands to take advantage of consumers, everyone loses (except the attacker).

“The explosion of new domain extensions is outpacing what most teams can monitor,” Breheny said. “That gap is giving fraudsters greater scope to exploit well-known brands.”

Use case. That’s a sign of the pervasiveness of the problem, Juknys told IT Brew.

Attackers use domain squatting for a variety of purposes, including for email address landing sites when phishing. They also deploy homograph attacks, using site URLs that look very similar to real ones (using “rn” instead of “m” in an address, for example) to lure unsuspecting users who are then asked to log in with their existing credentials.

“The quality of the attacks are getting more sophisticated; the designs, the cloning process, the actual content is getting more and more believable, partly due to AI,” Juknys said. “It’s become much easier to create large scale, legit-looking content.”

Mr. Fixit. For IT pros looking to lessen the danger and the damage, there are a few options. They can take legal action to contest the fraudulent domains, as with the WIPO; they can use the Uniform Rapid Suspension System to shut down a squatted domain more quickly.

As Jeremy Fuchs, a cybersecurity researcher and analyst with Avanan, told IT Brew in 2022, these attacks utilize life’s fast pace to their advantage. Funnily enough, one effective way to address the danger is to take a second before you click.

“It’s really all about slowing down,” Fuchs said. “We’re all moving so fast, that we don’t look at the things that are right in front of us, telling us that we shouldn’t click on it.”

Then there is the issue of addressing the problem for users and consumers. Communication is key, Juknys said: “There’s no silver bullet, just education and taking it one at a time.”