As online services Groupon and Facebook have recently learned, cybersquatters are more than a mere nuisance.  Cybersquatting can disrupt or delay business expansion or operations, or compromise security and user experience. 

Groupon’s planned expansion to Australia was delayed for months because a clone site in Australia named Scoopon purchased the Groupon.com.au domain name, took the company name Groupon Pty Limited, and tried to register the Groupon trademark (filing for the trademark seven days before Groupon in Australia).  Groupon was forced to file a lawsuit against this clone.  Groupon also filed a successful domain name proceeding with the World Intellectual Property Organization (WIPO) to recover the domain name Groupon.ie (the Ireland ccTLD), eventually winning a ruling in March that the domain should be returned.

Facebook also recently filed a domain name proceeding with WIPO, seeking the return of 21 “facebook+keyword” domain names, all belonging to professional “domainer” Mike Mann’s company Domain Asset Holdings.  The contested domain names include: aboutfacebook.com, facebookbabes.com, facebookcheats.com, facebookclub.com, facebookdevelopment.com, killfacebook.com, and many more.  Each was listed for sale at Mann’s DomainMarket.com for prices ranging from $350 to $8000 and up.   

What do you do if you find spoofed or squatting domain names and websites?  It depends on what your trademark is and how the cybersquatter is using it.

            Criminal uses.   If the domain name and website are being used to falsely collect secure information (often as part of a phishing scheme), you’ll almost certainly want to notify the appropriate authorities. Your attorney should be able to advise you on properly securing evidence residing on your servers, or gathering information that would be helpful to shutting down the site, alerting your customers to the scam, and preparing a criminal referral that will prompt law enforcement action.  You should also check with your attorney to see whether there are additional options, such as filing a “John Doe” lawsuit to obtain discovery from third parties who may hold information that will lead to the identity of a criminal phisher or spoofer.  Once the bad actor is identified, it may be possible to obtain a temporary restraining order or other emergency relief to get the site taken down.  If you are able to identify the company hosting the imposter site, you can also contact the hosting company and request that the site be shut down.

            Non-criminal, commercial uses.   For non-criminal commercial uses, there are generally two legal options you can pursue (after or in lieu of sending a cease-and-desist letter). 

            WIPO proceedings.  The first is a domain name arbitration referred to as a UDRP proceeding (which stands for Uniform Domain Name Dispute Resolution Policy).  This is a limited jurisdiction proceeding that is administered by a few organizations, such as WIPO and the National Arbitration Forum.  According to WIPO, in 2010, trademark holders filed 2,696 cybersquatting cases covering 4,370 domain names under procedures based on the UDRP, an increase of 28% over the 2009 level and of 16% over the previous record year, 2008.    The only relief available is the transfer or cancellation of the disputed domain name, so there are no damages, injunctions, costs or attorneys’ fees awarded.  This proceeding is mandatory for the domain name owner (as the owner agrees to participate when registering the domain name), but optional for the complainant. A UDRP proceeding is ideal for a typical cybersquatting scenario, where trademark rights are clear and the domain name is being used to host an imposter or infringing site, or a site with pay-per-click links and no substantive content. 

WIPO recently published a new overview of WIPO Panel Views on Selected UDRP Questions, Second Edition (“WIPO Overview 2.0”).  While neither this WIPO Overview nor prior panel decisions are binding on panelists, who make judgments in the particular circumstances of each individual proceeding, the overview nevertheless should be required reading for companies and practitioners employing the UDRP process.   The most recent listing of WIPO UDRP Domain Decisions  also provides an excellent  “at a glance” view of recent complainants, domain names and decisions.

UDRP proceedings are less effective, however, where the squatter is infringing a mark that is also a common English word or arguably descriptive, or if the website at the disputed domain name is not clearly infringing.  See, e.g., Can I Do Better Internet Corp. v. Blastapplications, WIPO Case No. D2011-0055 (complaint for disputed domain name candobetter.com denied, on grounds that complex competing claims between trademark and copyright owners arising from the similarities of competing business concepts and website layouts should be determined in other forums, not via UDRP).             

            Trademark infringement action.      The alternative to a UDRP proceeding is a trademark infringement and cybersquatting lawsuit (most commonly in federal court) under the federal Lanham Act (which contains the Anti-Cybersquatting Consumer Protection Act).  Unlike UDRP proceedings, as filed court actions, with discovery rights, ACPA actions permit a more extensive presentation of trademark rights, seniority, and infringement analysis, which are all beyond the scope of a UDRP proceeding.  Such matters, however, can be long, expensive and risky, since you may lose and then have a binding judicial decision with adverse findings about your trademark.  So there is a significant cost/benefit analysis to be done before you file such a lawsuit.

The two options are not necessarily mutually exclusive.  You can try a UDRP proceeding first, and if your complaint is denied (there is no appeal process in the UDRP setting), you can still file the infringement/cybersquatting lawsuit.  A UDRP panel’s decision is not binding on the court, although it will likely be persuasive evidence for the other side, who can attempt to admit it to support its arguments.  A court’s decision is, however, binding, so you cannot subsequently file a UDRP proceeding if you lose the lawsuit.

            Risk mitigation steps.  One way to try to avoid this scenario is to register your trademarks with all of the gTLDs (Top-Level Domain) and the major country-specific TLDs where you conduct or plan to conduct business.  While it is impossible to predict every permutation of your brand that a cybersquatter may dream up, you can at least make it harder for squatters to register a domain name that a consumer may believe to be yours by taking control of the most common domain names and extensions.

At the end of the day, it is essential to monitor registrations of domain names that contain your trademarks, and if the domain name hosts a website that could be confusing to a consumer, then you should carefully consider your options and take action against it to protect your trademark rights, reputation and goodwill.  Many major corporations with dozens or hundreds of marks to monitor and protect procure third party monitoring services from vendors who specialize in these efforts.