By Vaidotas Juknys, Chief Commercial Officer, Decodo
In 2025, the World Intellectual Property Organization handled a record 6,200 domain name disputes, the highest in its history. Cybersquatting cases have surged 68% since the pandemic. But these statistics only scratch the surface of a threat that has evolved from trademark nuisance into a full-scale criminal enterprise.
Digital squatting is no longer about opportunists hoping to flip domains for quick profit. Today’s squatters operate sophisticated phishing networks, steal customer data, distribute malware, and systematically destroy brand reputations that took decades to build. And most businesses remain woefully unprepared.
The anatomy of modern domain fraud
The playbook has grown disturbingly complex. Typosquatters register common misspellings, such as gooogle.com instead of google.com. Combosquatters add keywords to legitimate brands, creating convincing fakes like bestbuy-coupon.com. The most malicious actors use homograph attacks, substituting Cyrillic characters for Latin ones to create URLs that appear identical to the human eye but lead to criminal operations.
Research from SecPod identified a 19-fold increase in malicious campaigns using certain domain extensions between late 2024 and mid-2025. Their analysis found nearly 1,400 malicious subdomains across 450 base domains, with over 99% used for credential phishing or malware delivery. The targets include the world’s most recognized brands: Microsoft, Adobe, Google, and government agencies.
The financial toll is catastrophic. IBM’s Cost of a Data Breach Report found that phishing attacks, many relying on squatted domains, cost organizations an average of $4.8 million per breach in 2025. On average, these attacks take 254 days to detect and contain.
When impersonators strike close to home
The threat became personal for Decodo, formerly known as Smartproxy, a leading web data infrastructure provider serving over 135,000 users worldwide. Impersonators in China registered lookalike domains, including smartproxy.org and smartproxy.cn, creating fraudulent websites to deceive customers seeking the legitimate service.
The damage extends far beyond lost sales. Victims who pay for services on fake sites receive nothing, or worse, receive low-quality products that tarnish the real brand’s reputation. Reviews on Trustpilot tell the story: customers warning others about scams, describing poor English-speaking “support teams,” and reporting payments sent to addresses the fraudsters claim not to recognize.
“Impersonators don’t just steal money,” notes Vytautas Savickas, CEO of Decodo. “They deliver low-quality services that fall far short of what real companies provide. Every fake site makes it harder for honest businesses to earn trust.”
A pattern affecting the world’s biggest names
Even the most well-resourced organizations have struggled. Tesla operated under teslamotors.com for years while a squatter controlled tesla.com, reportedly requiring a multi-million-dollar settlement to resolve. TikTok’s parent company, ByteDance, won a WIPO dispute after refusing a $145,000 demand for tiktoks.com. India’s largest dairy brand, Amul, discovered squatters had registered domains to collect fees from job seekers applying for fake positions and entrepreneurs paying for franchise opportunities that didn’t exist.
The connection between domain squatting and organized cybercrime has become impossible to ignore. The Anti-Phishing Working Group tracked over one million phishing attacks in Q1 2025 alone, the highest quarterly total since late 2023. According to Keepnet Labs, 68% of phishing websites use typosquatting or compromised brand domains. The FBI’s Internet Crime Complaint Center recorded over 193,000 phishing complaints in 2024, with Business Email Compromise accounting for $2.77 billion in losses.
The uncomfortable truth about protection
Legal frameworks exist, such as UDRP arbitration, the Anticybersquatting Consumer Protection Act, and Uniform Rapid Suspension, but they’re reactive by design. At WIPO, only 5% of disputes were denied, suggesting legitimate trademark holders usually prevail. But prevailing takes time, money, and attention that most businesses can’t spare, while squatters operate freely.
Prevention offers the only cost-effective approach. Businesses must secure their brands across major TLDs, .org, .net, .io, and .ai, before opportunists do. Common misspellings deserve protection. Country-code domains matter for international operations. Monitoring services can flag new registrations resembling your brand, enabling faster response.
Technical defenses add critical layers. Email authentication protocols like DMARC, SPF, and DKIM help prevent spoofing. Clear communication with customers about official domains helps them identify impostors.
The cost of inaction
The domain represents the front door to your digital presence. When criminals can pick that lock, or simply install a convincing replica next door, they don’t just steal individual transactions. They erode the trust that makes commerce possible.
Every business with an online presence faces this threat. The question isn’t whether squatters will target your brand. It’s whether you’ll be prepared when they do.
