Cybersquatting and Opportunism: The Heightened Threat During Coronavirus

The following article was written by Safenames’ James Taylor.

As we are all aware, the world is battling a deadly outbreak of a novel coronavirus, COVID-19. The virus is dominating our lives, and it may do for some time yet.

Despite the harm caused by COVID-19, many have found it to be a chance to show the best of humanity. Stories of generosity and charity abound across the world.

On the other hand, we have the scammers who take any opportunity to deceive for their own gain. Domain names, as the ‘indicators of origin’ for the internet, are used as vehicles to deliver fraud to unwary, and often vulnerable, online users.

There is an enticing commercial opportunity to cash-in on a trend, movement, or even a crisis. Just as the word ‘Brexit’ dominated news headlines, there were those who tried making a quick buck: from Brexit-related merchandise to Brexit-related scams.

We often see a rush of trademark registrations when a trending word or phrase appears. The same is true for domain names – unsurprising given the internet is now the medium most used to transmit and take advantage of worldwide trends.

There is evidence of an increase in terms such as ‘coronavirus’ and ‘COVID-19’ being used in domain names, often combined with a trusted brand name or trademark. Many such domain names aim to deceive the public. The use of established brands in domain names, termed ‘cybersquatting’, is the Trojan horse which enables fearmongering, financial fraud and counterfeits to thrive online.

Fortunately, there are ways for brand owners to combat what we refer to as ‘opportunistic cybersquatting’.

How are brand owners affected?

It is vital to be aware of the ways in which misleading domain names can be used to hurt brands and businesses.

Take, for example, the typical ‘CEO’ phishing attack: this is where scammers use a deceptive domain name to fake the email address of a company’s CEO, or other Board member, to scam the company’s employees. This scam can be very potent in the current chaotic business climate; unusual requests for account details or financial transactions may seem more legitimate.

Thankfully, registrars and financial authorities are taking action to stem the flow of fraud1. Proactive brand owners are also starting to enforce their rights against infringing domain names. This can be done through domain name arbitration, such as the Uniform Domain Name Dispute Resolution Policy (‘UDRP’), which results in malicious domain names being transferred to the rightful owner.

The first ‘coronavirus’ UDRP case was filed on March 19th, regarding “”. Google have already recovered “” through the UDRP, after the owner consented to the transfer of the domain name. In addition to these two Google cases, fellow tech giant Facebook are involved in a dispute over “”.

Both Google and Facebook have seen the potential threat behind these domain names. Both companies are involved in a constant herculean struggle against campaigns of misinformation, which present a real danger to the public2. This epidemic has, perhaps inevitably, brought to shore a fresh wave of misleading articles, malicious conspiracy theories and misplaced advice about treatments for COVID-19.

Pharmaceutical companies in particular must be wary of cybersquatting threats. Fraudsters take advantage of hype about drugs that are rumoured to treat COVID-19. Counterfeits of these drugs can be sold online, using trademarked names for the drugs in the domain name to attract internet traffic and imply endorsement.

We may already have an example of the above. There are three ongoing UDRP cases involving the “KALETRA” drug. In one case, the disputed domain names resolve to a website advertising the drug for sale, within the context of treating coronavirus. “KALETRA” has been subject to scientific study regarding its capability to combat the virus, but no clear benefit in taking the drug was found3 We eagerly await the full facts of this case to emerge.

It is clear that tackling trademark misuse in domain names, in the current climate, is not just about guarding against brand tarnishing or dilution – it is a fight for public safety. As global lockdowns keep people indoors, their internet exposure will only increase. It is crucial that this digital medium stays secure, instead of being used for deception and fraud.

Beware of heightened brand exposure

In the midst of the outbreak, there are a few fortunate companies that will see an increase in business. One prominent example is videoconferencing software Zoom. Popular with those working from home, Zoom has gained fame for its now widespread use.

Increased public awareness causes brands to become a bigger target for scammers and cybersquatters. Since the middle of March, daily registrations of domain names containing the word ‘Zoom’ have soared. 4

This is no coincidence. We have seen similar patterns before: when Facebook announced its planned cryptocurrency, Libra, registrations of domain names containing the ‘Libra’ term similarly surged.

This is not to say that all of these ‘Zoom’ registrations will be harmful, particularly given the word itself is generic. However, we will inevitably find an increase in domain names that constitute a targeted attack against Zoom, given its rise in popularity.

Thankfully, domain name arbitration policies are prepared for such cases. Panels under the UDRP explicitly recognise the principle of ‘opportunistic bad faith’. We will likely see this principle applied in coronavirus-related UDRP cases.

Put simply, ‘opportunistic bad faith’ is found where the domain name was clearly registered to take commercial advantage of a recent and widely publicised event.

For example, take a company that excitedly announces a new brand, perhaps for a product or merger. Cybersquatters will jump at the chance to register domain names containing the new brand, particularly if trademarks have not been registered. Anything that heightens the public’s awareness of a brand will be a trigger for opportunistic bad faith registrations.

Panels will take into account that a domain name was registered pursuant to notable media exposure. For example, in the Fenty Beauty case, 5 the Panel specifically alluded to the fact that “” had been registered “correspond[ing] exactly to the Complainant’s soon-to-be launched product line, [a] day after that product line was announced”.

Given the complainant’s new brand had been “extensively covered by the media”, there was clear evidence of opportunistic bad faith. This can apply even if the relevant trademarks were not registered at the time the domain name was created.

Of course, opportunistic bad faith does not outweigh other factors needed to be proven under the UDRP. Any possible rights or legitimate interests the respondent may have in its use of the domain name must be taken into account.

Nevertheless, brand owners can rest assured that their trademarks can be protected through arbitration policies, such as the UDRP, quickly and fairly. This is true even amidst the current crisis; service providers such as Forum and the World Intellectual Property Organisation continue to administer the UDRP in a timely and orderly manner.

It is paramount that brands have an active policy to fight against trademark misuse in the domain name system during the coronavirus outbreak. This includes a proactive strategy, such as domain name monitoring and defensive registrations. Be particularly vigilant of domain names that take advantage of current events to attack your brand’s integrity.

1 and

2 See and




GDI Content Partners

Interested in becoming a GDI Content Partner? Contact Simon at

Global Dating Insights is part of the Industry Insights Group. Registered in the UK. Company No: 14395769