Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
Few things feel more frustrating as a business owner than building a brand from scratch, only to discover someone else has registered a domain name that matches (or closely mimics) your business name.
This is often what people mean when they talk about cyber squatting (sometimes written as “cybersquatting”). For startups and SMEs, cyber squatting can create immediate headaches: confused customers, lost sales, reputational damage, and sometimes even pressure to “buy back” a domain that clearly relates to your brand.
The good news is you’re not powerless. With the right mix of early planning, intellectual property (IP) protection, and clear response steps, you can reduce the risk of cyber squatting and put yourself in a strong position if it happens.
Below, we break down what cyber squatting is, how it tends to show up in Australia, and what practical steps you can take to prevent and respond.
What Is Cyber Squatting?
Cyber squatting generally refers to the practice of registering, using or dealing in a domain name that targets someone else’s brand (or a name closely associated with their business) in a way that’s unfair, misleading, or done for profit.
In plain English, it often looks like this:
- Someone registers a domain name that matches your business name (or a close variation) before you do.
- They don’t have a legitimate reason to use that name.
- They try to profit from it, for example by selling it to you at an inflated price, diverting your customers, or earning ad revenue.
Common Cyber Squatting Scenarios For Small Businesses
Cyber squatting isn’t always obvious at first. For startups and SMEs, these are some of the most common scenarios we see:
- The “Pay To Get Your Domain Back” scenario: A third party registers your domain name (or a close variation) and offers to sell it to you for a large amount.
- The competitor diversion scenario: A competitor registers a similar domain and uses it to redirect traffic to their own website.
- The parked domain scenario: The domain is filled with ads or “coming soon” content, designed to generate clicks or build negotiating leverage.
- The phishing or scam scenario: The domain is used to impersonate your business (for example, sending fake invoices or “support” emails). This crosses into fraud and can become urgent very quickly.
Is Cyber Squatting Illegal In Australia?
Cyber squatting can be unlawful, but it depends on the facts.
In Australia, the key legal “hooks” often relate to:
- Trade mark rights (if you have them)
- Misleading or deceptive conduct under the Australian Consumer Law (ACL)
- Passing off (a type of common law claim about misrepresenting a connection to your business)
- Domain name dispute rules (including auDRP for many .au domains, depending on the domain space and auDA rules)
Because cyber squatting disputes are very fact-specific, your best next step is usually to assess (1) what rights you have, (2) what the domain is being used for, and (3) the fastest practical route to stop the harm.
Why Cyber Squatting Is A Real Risk For Startups And SMEs
Cyber squatters often target startups and growing businesses because brand momentum happens fast. You might launch with a great name, start advertising, build a social following, and only then realise the “perfect” domain is already taken.
And if you’re an SME, you may have been operating for years with word-of-mouth and then decide to invest in a new website or eCommerce store-only to find someone else has registered a domain close enough to cause confusion.
The Real Business Impacts (Beyond Annoyance)
Cyber squatting isn’t just an inconvenience. It can create real operational and legal risks, including:
- Lost leads and sales: Customers land on the wrong site and never make it back to you.
- Damage to trust: If the cybersquatter’s site is scammy or low quality, it can reflect poorly on your brand.
- Higher marketing costs: You may have to spend more on ads to “outbid” confusion or overcome mixed search results.
- Email and invoice fraud risk: Similar domains can be used to create convincing email addresses, increasing the risk of phishing.
- Distraction for founders: Time spent dealing with domain disputes is time not spent on product, customers, and growth.
For many businesses, the most cost-effective strategy is prevention first, then a structured response plan if something slips through.
How To Prevent Cyber Squatting Before It Happens
Preventing cyber squatting is often about being proactive and consistent. You don’t need to buy “every domain under the sun”, but you do want to lock down the core assets that customers will naturally search for or type into a browser.
1. Register Your Key Domain Names Early
If you’re naming a new business or product, domain registration should be part of your launch checklist (not an afterthought).
As a starting point, many Australian businesses consider registering:
- yourbrand.com.au
- yourbrand.com
- common misspellings of your brand name (if reasonably likely)
- a hyphenated version (if the non-hyphenated version is your primary)
- yourbrand.au (where relevant and available)
If you operate in a niche with high impersonation risk (for example, finance, health, or high-value B2B services), it can also be worth registering a handful of additional variations to reduce phishing opportunities.
2. Align Your Business Name, Company Name, And Domain Strategy
Many domain disputes start with a mismatch between what you’ve registered and what you actually trade under.
For example, you might have:
- a company name (the legal entity)
- a business name (the public-facing trading name)
- a brand name for a product or service
It’s worth understanding the difference between an entity name vs business name early, because your IP and online presence strategy often relies on consistent naming.
3. Register Your Trade Mark (And Do It Early)
Domain names can be registered by almost anyone on a “first come, first served” basis. Trade marks are different: a registered trade mark can give you stronger, enforceable rights in your brand name (and sometimes your logo) in connection with particular goods and services.
If your brand is central to your business-especially if you’re investing in marketing or planning to scale-trade mark registration is often one of the strongest tools for preventing and responding to cyber squatting.
Trade marks also help when:
- you need to show that a domain was registered to target your brand
- a platform or registrar asks for evidence of your rights
- you need to send a firm (but accurate) demand to stop misuse
4. Put A Simple Monitoring System In Place
You don’t need expensive software to start monitoring, but you should have a habit of checking:
- new domains similar to your brand (especially after a PR push or product launch)
- search results for your brand name
- paid ads that appear for your brand (if you’re running campaigns)
If you’re in a higher-risk category, you can also set up alerts for brand mentions and keep an eye on social handle availability (because cyber squatting also happens on social platforms).
What To Do If You Discover Cyber Squatting
If you’ve found a suspicious domain, your first reaction might be to contact the owner immediately or buy it back to “make the problem go away”. Sometimes that works, but it can also backfire by encouraging higher demands or tipping off a bad actor.
A better approach is to move through a few clear steps.
1. Gather Evidence (Before You Contact Anyone)
Start by documenting what’s happening, while the evidence is fresh.
Practical things to capture include:
- screenshots of the website content (including dates if possible)
- any redirects (for example, if it forwards to another website)
- ads displayed on the page
- any customer confusion you’ve seen (emails, complaints, misdirected enquiries)
- WHOIS or registrar details (where available)
If the domain is being used for phishing or fraud, keep records of the emails and headers, and act quickly to protect customers and your team.
2. Check What Rights You Actually Have
Before choosing your response pathway, it helps to understand what legal rights you can rely on, such as:
- registered trade marks
- business reputation and goodwill (especially if you’ve traded under the name for some time)
- copyright in brand assets (like your website copy or logos, where relevant)
It can also be relevant whether the squatter is operating in the same industry and whether there’s a real risk of confusion.
3. Consider The Fastest Practical Remedy (Not Just The “Most Correct” One)
In cyber squatting matters, speed matters. Your ideal solution is often the one that stops the harm quickly and gives you control of the domain.
Depending on the facts, your options might include:
- Negotiation: sometimes a commercial purchase is the quickest route (but it should be approached carefully and strategically)
- A formal letter demanding the conduct stop: often used where there are strong rights and clear misuse
- Domain dispute processes: for many .au domains, an auDRP complaint (or another auDA-approved process) may be available depending on the namespace and eligibility rules
- Court action: typically a later step, but sometimes necessary if there’s fraud, high-value damage, or refusal to comply
If you need to put a formal demand in writing, a carefully prepared cease and desist letter can be a practical way to set out your position clearly and put the other party on notice.
4. Be Careful About Making Public Accusations
It’s tempting to “call out” a cybersquatter publicly, especially if customers are being misled. But public allegations can create extra legal risk if they’re not accurate or properly framed.
Often, the safer approach is to focus on customer protection first (for example, by publishing a clear notice on your official website and sending a verified email to customers), while you handle the dispute through the appropriate channels.
5. If There’s Fraud Or Customer Harm, Escalate Quickly
If the domain is being used to impersonate your business (such as fake invoices or “support” scams), treat it as urgent:
- notify affected customers promptly
- update internal processes (for example, invoice verification steps)
- consider reporting to relevant authorities where appropriate
- seek legal help early to manage risk and communications
Cyber squatting can overlap with consumer protection issues if customers are being misled. It’s worth being aware of your obligations around misleading or deceptive conduct, especially if your response involves public statements or corrective advertising.
How Cyber Squatting Interacts With Trade Marks, Business Names, And Consumer Law
One reason cyber squatting is so confusing is that domains, business names, and trade marks all work differently-and small businesses often assume one automatically protects the others.
A Business Name Registration Does Not Automatically Give You Domain Rights
Registering a business name can be an important step for branding, but it doesn’t automatically stop someone from registering a similar domain name.
That’s why domain registration and trade mark strategy should sit alongside your business setup, not behind it.
Trade Marks Are Often The Strongest Foundation For Action
If you have a registered trade mark, you often have a clearer enforcement pathway. It can help show that:
- you have established rights in the name
- the other party is using (or holding) the domain in a way that targets those rights
- there’s a likelihood of confusion in the market
If you don’t have a registered trade mark, you may still have options, but it can become more evidence-heavy (you may need to show reputation, customer recognition, and confusion).
Australian Consumer Law Can Matter If Customers Are Being Misled
If the cybersquatter’s domain is set up in a way that implies an association with your business, it may raise Australian Consumer Law issues around misleading or deceptive conduct.
This is particularly relevant when the domain:
- uses your branding or similar branding
- offers the same (or very similar) products/services
- creates customer confusion (for example, fake support pages, fake discounts, or fake “official” announcements)
Cyber squatting disputes can also intersect with broader online compliance (like what you display on your website and how you handle customer information). If you collect personal information through your website, having a compliant Privacy Policy is an important baseline-especially if you need to reassure customers during a brand impersonation incident.
What Legal Documents And Practical Protections Help If You’re Scaling?
Cyber squatting risk tends to increase as you scale-more brand awareness means more incentive for bad actors to copy, divert, or impersonate.
Along with domains and trade marks, there are a few legal building blocks and operational controls that can make it easier to protect your brand and respond quickly if an impersonation issue arises.
Helpful Legal Documents (That Support, But Don’t Replace, Domain And Trade Mark Protection)
- Website Terms and Conditions: can help set expectations for users of your site and support action where your website content is copied or used in a way that causes confusion. They won’t, on their own, stop a third party registering a domain name.
- Privacy Policy: helps you communicate clearly about how you handle personal information, which can be particularly important if you need to reassure customers during a scam or impersonation incident.
- Employment Contract: if you’re hiring marketing or IT staff (or contractors), clear contracts help manage access, ownership, and offboarding procedures for key digital assets (like domain and hosting accounts). A tailored Employment Contract is a good foundation.
- Company Constitution and shareholder arrangements: useful for internal governance and decision-making as you grow (including who can approve major brand or IP decisions). Depending on your structure, a Company Constitution can help clarify decision-making rules.
Practical Operational Steps That Make A Big Difference
Not everything is legal paperwork. A few operational steps can significantly reduce cyber squatting fallout:
- Lock down domain access: restrict who can change DNS settings and enable multi-factor authentication on registrar accounts.
- Standardise your “official channels”: consistently use the same domain in email addresses, invoices, and support pages.
- Create an incident checklist: so your team knows what to do if a similar domain appears (who investigates, who communicates, who escalates).
These steps are especially useful if you’re running eCommerce, subscription services, or any model where customers expect ongoing communications from you.
Key Takeaways
- Cyber squatting is when someone registers or uses a domain name that targets your brand-often to profit, divert customers, or create confusion.
- The best prevention is early action: register key domains, align your naming strategy, and consider trade mark protection before you scale.
- If cyber squatting happens, gather evidence first, assess your rights, and choose a response pathway that stops harm quickly (negotiation, domain dispute processes, or formal legal steps).
- Trade marks and Australian Consumer Law principles can be highly relevant, especially where customers are being misled or your brand is being impersonated.
- Strong operational controls and well-drafted legal documents (like Website Terms and Conditions and a Privacy Policy) can support your response and reduce confusion risks-but domain registrations, trade marks, and the relevant dispute process are usually the key tools for resolving true cybersquatting.
If you’d like help preventing or responding to cyber squatting for your startup or small business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
