Cybersquatting Leads to Identity Theft

Robert Siciliano Identity Theft Expert

Ever click on a link in an email or while browsing online, and something just wasn’t right? The domain name in the address bar was off by a letter or two? Or a word was misspelled? Maybe there was a number tossed in for good measure? This is either cybersquatting or typosquatting, and it’s a problem.

Cybersquatting is the act of procuring someone else’s trademarked brand name online, either as a dot com or any other U.S.-based extension. Cybersquatters squat for many reasons, including for fun, because they are hoping to resell the domain, they are using the domain to advertise competitors’ wares, stalking, harassment or outright fraud. Social media identity theft, or grabbing someone else’s given name on social networks, is another form of cybersquatting or, when it occurs on Twitter, Twitter squatting.

In particularly malicious cases of cybersquatting, identity thieves will use a domain similar to that of a bank in order to create a spoofed website for phishing. If the domain isn’t available, typosquatting is the next best option. After launched, more than 200 similar domains were quickly snapped up.

This is just one more reason to actively protect yourself from identity theft.

This week, Computerworld discussed the havoc that cybersquatting can have on a brand’s reputation. Sometimes, criminals copy a brand’s entire website in order to collect usernames and passwords from unwitting visitors. Then, the hackers will test those names and passwords on other websites. Cybersquatting increased by 18% last year, with a documented 440,584 cybersquatting sites in the fourth quarter alone, according to MarkMonitor’s annual Brandjacking Index report.

Intellectual property owners can sue cybersquatters under the federal Anticybersquatting Consumer Protection Act, but it’s expensive and damages are limited to $100,000. They can try to shut down sites containing copyrighted content under provisions of the Digital Millennium Copyright Act, and in some cases, they might be able to pursue violators for trademark abuse under provisions of the Lanham (Trademark) Act.

I’ve written before about the time I was accused of cybersquatting. I wasn’t, I swear! It was the early 90’s, and I had an IBM PS1 Consultant 3.1 Microsoft operating system and a rockin’ 150 MB hard drive. I bought myself some domains. I sold some, others I regrettably gave up. And there was one that will haunt me ’till the day I die.

I owned for about 5-6 years. Led Zeppelin was and is my band, and as a fan, I bought the domain as a keepsake. I would get emails from people all over the world, saying things like, “I am Paulo from Brazil, I love the Led Zep!”

Then, when Clinton passed a law later making cybersquatting illegal, I knew it was only a matter of time. I had it for five years before anyone from the band’s team of lawyers approached me about it. And when they did, I didn’t know how to handle it. And my lawyer at the time, even less so. Ultimately, I gave it up without a fight, but I’m sure the band’s lawyers billed them for the one inch thick book of a lawsuit I was served with. Sorry, dudes. My bad.

In this case, the lawyers saw an opportunity to build a case against me, a fan who would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked out and called them, yelling that they could take it, that I never wanted that.

One of few regrets. But I have a nice one inch thick souvenir all about me and the band and why I’m an idiot.

Anyway, with cybersquatting on the rise, it makes sense to claim your name, your brand name, and your kids’ names on social networking sites and domain names as soon as possible. Just in case you get famous, you don’t want to have to fight a twit like me.

Protect your identity too.

  1. Get a credit freeze. Go to and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing stolen domain names on Fox News

Identity Theft Expert and Speaker on Personal Security Urges Holiday Shoppers to Beware of Malicious, Continually Growing Online Threats to Computer Security

(BOSTON, Mass. – Nov. 29, 2007 – Reports during November indicated that online threats such as spyware continue to increase in frequency and maliciousness. Robert Siciliano, a widely televised and quoted personal security and identity theft expert, said that even though computer users may hear more about computer threats during the shopping season, they must always exercise caution online.

“As the holiday shopping season sets into full swing,” said Siciliano, “news of dangers to online consumers will increase. This is a good thing; everyone needs a constant reminder of the security threats that lurk on the Web. But the vigilance must also be constant, evident throughout the year, and not just between Thanksgiving and the New Year.”

CEO of and a member of the Bank Fraud & IT Security Report’s editorial board, Siciliano leads Fortune 500 companies and their clients in workshops that explore consumer education solutions for security issues. An experienced identity theft speaker and author of “The Safety Minute: 01,” he has discussed data security and consumer protection on CNBC, on NBC’s “Today Show,” FOX News, and elsewhere.

As reported by darkREADING on Nov. 27, the Computing Technology Industry Association (CompTIA) surveyed 1,070 organizations and found that 55 percent had experienced an increase in spyware over the past year.

Also on Nov. 27, the SANS (short for “SysAdmin, Audit, Network, Security”) Institute, a self-described cooperative research and education organization, posted in a news release its picks for the “Top 20 Internet Security Risks of 2007.” One of the scenarios that SANS cited was a type of phishing attack known as spear phishing, which, by targeting specific individuals using company machines, infects those machines. This transforms the compromised machines to portals that give hackers access into organizations’ entire networks. (Keyloggers, zombies, and other threats with similarly exotic-sounding names also made SANS’ list.)

One new threat, reported in SC Magazine on Nov. 7, has masqueraded itself as a solution. According to the article, a banner ad prompts those who click on it to purchase putative anti-spyware software. But the landing page instead collects victims’ money and credit card information in exchange for a program that downloads a virus that collects the personal information from the infected computer over time.

Bogus sites with URLs similar to presidential campaigners’ have been reported as well. A Nov. 1st news release from Webroot Software, Inc. urged Internet users to use caution when searching online for information on presidential candidates. According to the release, the company has detected links to malicious software downloads from spoofed presidential candidate Websites.

Spoofed Websites, just as the term implies, are bogus. The same day of Webroot’s announcement, a ComputerWorld article speculated that hackers might use the fake sites to obtain a portion of campaign contributions, which increasingly take place online.

“Just as predicted, hackers are getting more and more sophisticated and clever,” said Siciliano. “Computer users can install all the antispyware, antivirus, and other software they want — and they should. But the ingredient really needed is common sense. Just because a computer has the latest, greatest protection installed doesn’t render it untouchable; a smart user does.”

Readers may view YouTube video below of Siciliano on “FOX News,” explaining how the ubiquity of Social Security numbers as universal identifiers helps thieves online and off-line. Those wishing to learn how to protect themselves against identity theft, a major concern for anyone who has fallen prey to online scammers, may view video of Siciliano at VideoJug.


Identity theft affects us all. Robert Siciliano, CEO of and member of the Bank Fraud & IT Security Report’s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients.

A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” CNN, MSNBC, CNBC, “FOX News,” “The Suze Orman Show,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” “The Howard Stern Show,” and “Inside Edition.” The Privacy Learning Institute features him on its Website. Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others.

Visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with Siciliano directly:

Robert Siciliano, Personal Security Expert
CEO of
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)

The media may also contact:

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557