Volume 3, Issue 7 September 19, 2008

Download PDF Print Page

Direct Navigation

The Foundation for the Online Business of Brands and of Cybersquatters, Part 1 of 3


Direct Navigation, also known as type-in navigation, describes the process wherein a user opens their browser, goes to the address bar and types in a domain name that has either been communicated to them through marketing or is assumed to be a source for content they are looking for. For example, a user might type into their browser in order to determine what to wear to work that day, or type in to get the latest news on Roger Federer. The practice of Direct Navigation presents a new range of opportunities and concerns for brand owners. While the exact percentage of people who practice Direct Navigation is often debated, it is prevalent, and ignoring its implications can negatively affect brand management and create avenues for cybercriminals to victimize companies and consumers.

Direct Navigation exists in contrast to Search Navigation, wherein an Internet user chooses to search for a string of keywords or terms using a search engine such as Google, Yahoo!, or MSN. Search Navigation is used to varying degrees, ranging from users who only turn to search engines to find information they are unsure about, to users that go to search engines even to find directly communicated sites. In the first case, a user might search for the term, “DC florist with MD delivery.” This user does not have a clear idea of what Web site he or she wants to visit; rather, they are using a search engine to find a company that can meet a specific need. In the second case, a user may know the address of the Web site that they want to visit—, for example—and will still enter this complete URL into a search engine’s search box. They will arrive at their intended destination by clicking on the appropriate link from the search engine results (which may be a natural or paid search result depending on which they click).

FairWinds Partners has identified two types of Direct Navigation. The first is “Freestyle Navigation,” which refers to the growing practice of entering creative domain names directly into a browser in hopes of reaching more specific content. For example, a user looking for a download of the popular MSN Messenger program may type “” into their browser, which today resolves to a Microsoft sponsored Internet search page.1 Based on the traffic garnered by this site, FairWinds estimates that more than 4,000 users type this domain name into their browsers each month. In another instance, a user looking to track their UPS package may type “” into their browser, only to find a pay-per-click site. FairWinds estimates that more than 12,000 users visit each month.

The second type of Direct Navigation is “Evolved Navigation,” which refers to the practice of interacting with brands by typing an address and expecting relevant content from that brand. Evolved Navigation plays on a user’s expectations that a well-known brand will have registered domain names most relevant to their offered products and services. For example, a user who expects Sam’s Club to have developed a complete, optimal and relevant Internet experience for its consumers may type “” into their browser in order to find the online home of Sam’s Club photo processing. As of today, this site points to a pay-per-click Web site that, according to FairWinds estimates, receives over 1,000 visitors per month.2

Regardless of which type of navigation an Internet user practices, almost everyone will enter a domain name into the browser at some point. Even those that engage in Search Navigation often enter the domain name of their intended search engine, and the traffic to these search engines and common typos of their domain names is a testament to the advantages of fully leveraging Direct Navigation. As of September 2008, FairWinds estimates that the domain name “” was receiving over 70,000 visits monthly, while “” was receiving over 500,000 visits monthly. “” receives 40,000 visitors a month, while “” receives 20,000. Each of these examples highlights the potential benefits associated with Direct Navigation. However, they are also representative of the number of opportunities that cybercriminals have to infringe on your brand.


The Internet has changed greatly since its inception, and is arguably the fastest growing medium for the dissemination of information, communication, and global commerce. In addition to changes within the Internet landscape, there have been distinct changes in the behavior of Internet users. In order to use the Internet as effectively as possible, today’s brand owners must recognize the patterns in Internet behavior and browsing. The purpose of this paper is to closely examine the ways that users seek the content they are looking for and to identify the new and evolving set of problems facing brand owners who are trying to develop their online presence.

If Direct Navigation practices continue to grow and evolve, the value of domain names will increase in both actual price and intangible value to brands looking to portray a strong online presence. Naturally, not only brand owners, but also those who aim to disrupt e-Commerce and cause harm to companies can realize the value of domain names. Direct Navigation can be abused by cybersquatters (those who participate in the “bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks”3) through two main methods: typosquatting and combosquatting.

Typosquatting refers to the practice in which domain name brand infringers (cybersquatters) try to monetize traffic generated by spelling mistakes of popular Web sites by registering these domain names. They then set up a pay-per-click advertising site at the domain that may point to the Web site that the user intended to visit, or simply offer links to related searches where sponsors are willing to pay a fee to receive a new visitor. Each time a user follows one of the links on the pay-per-click site, the cybersquatter receives money. Unfortunately, the owners of the intended site are often the ones to pay these fees in order for their customers to reach them. Worse still, brands cannot realistically choose not to bid on those particular keywords - that would put them at a greater disadvantage because they may lose the visitor altogether.

Combosquatting refers to a similar practice in which cybersquatters register combinations of brand names (or typos of brand names) and select keywords picked to generate traffic. They may use generic keywords, such as “creditcard” in “,” or they may use keywords specific to the brand, such as “” (Playhouse Disney is a component of the Disney Channel geared towards preschoolers). After registering these sites, combosquatters will most often post a pay-per-click site in order to monetize the traffic. These sites allow combosquatters to make money in the same way that typosquatters do, at the expense of the brand owner.

Brands need to understand Direct Navigation and how cybersquatters can take advantage of this behavior so that they can create a targeted domain strategy that focuses on owning an optimal set of names that are top of mind for their Internet audience, and not a single name more. As cybersquatting becomes more profitable and technologically advanced, it is important for brand owners to take a proactive approach to brand protection by looking at enforcement options and monitoring the infringement based on the severity of its threat to the brand. If brands are able to effectively leverage Direct Navigation practices, the end result will be a more powerful online brand presence and tangible benefits to the brand itself.

Domain Names: What They Are and How They Work

Domain names are one of the most basic components of the Internet and are an essential contemporary marketing tool. Domain names are the gateway to Web sites, which are an invaluable medium used by various parties to quickly and inexpensively disseminate information. As a result, they are critical assets for all companies, individuals, and associations that operate online.

Domain names are defined as alphanumeric strings separated by dots that translate IP numbers into easier-to-remember labels. Domain names feature a hierarchy of levels, separated by dots. The root of the domain name is the portion of the name that follows the “www.” and precedes the extension. For example, “google” is the root of the domain name, The extension is the final portion of a domain name beyond the “domain root” and sometimes following the right-most “.” (for instance, the “.com” extension or the “.fr” extension). At other times the extension follows the second to last “.” when the “domain root” is followed by a third level extension (for instance the “” extension or the “” extension).

The life cycle of domain names begins when a name is registered for a period of time usually ranging from one to ten years. Domain names are typically registered through registrars, which are the retail commercial interface that work directly with domain name consumers. Registries operate more like wholesalers of domain names, selling names to businesses rather than to individual consumers. As the expiration/renewal date for a domain name approaches, the domain name owner is sent one or more reminders from their registrar indicating that they must renew the name if they wish to maintain ownership. If the name is renewed, its status continues to be listed as “registered.” If the name is not renewed and the domain name owner allows the registration to lapse, the domain name may be put on a registrar hold, depending on the TLD or extension.

Using .com as an example, during a registrar hold, another party cannot register the name and the site remains live. At this point, a “grace period” takes effect during which the original owner of the domain name can pay to renew their name. The domain name owner may be subject to reinstatement fees imposed by the registrar during this period. If the domain name is renewed during the grace period, it returns to “registered” status.

Following the initial grace period, there is an ICANN imposed “Redemption Grace Period” or RGP. ICANN developed the RGP because of the high level of fraud that resulted in unauthorized deletions of domain registrations. This gives holders of deleted names a 30-day grace period to detect and correct any mistaken deletions. During this time, the deleted name will be placed on REGISTRY-HOLD and the name will not be functional meaning that the site will no longer resolve. This feature helps ensure notice to the most recent registrant that the name is subject to deletion at the end of the RGP, even if the contact data the registrar has for the registrant is no longer accurate.

If the name is not renewed during the RGP, the registrar will subsequently delete the name. At this point, the name is about to return to the domain market and will once again become available for registration. Depending upon the perceived value of a particular domain name, there may be multiple parties lined up to obtain it as it is deleted. The process by which interested parties obtain names that are dropped is often referred to as “drop- catching.”

Life Cycle of a Domain Name

Figure 1: Life Cycle of a Domain Name4 [+]

Domain Names and Direct Navigation

With millions of domain names occupying and continuously changing the Internet, navigating the Web can be a challenging task. Given the omnipresence of sites such as Google and Yahoo!, one might assume that users primarily go to search engines to reach their intended destinations online. However, as mentioned previously, Direct Navigation is far more prevalent than many might think. According to a Forrester report, Direct Navigation accounts for 38 percent of Web site traffic.5 WebSideStory’s StatMarket division (now a part of Omniture) estimates that more than 67 percent of global Internet users arrive at Web sites through Direct Navigation.6 Because such a large percentage of users navigate without the aid of search engines, understanding the dynamics and impact of Direct Navigation is critical.

In order to comprehend how Direct Navigation works and how it can be leveraged, it is helpful to explore the mindset of an Internet user looking for content. Part of the reason why so many people choose to use Direct Navigation is the success they have with it. A large portion of Direct Navigation results in Web users finding the Web site or specific content that they were interested in. For instance, a user who types “” directly into the address bar will be brought to the Wal-Mart Financial Services page, where they can sign up or manage a Wal-Mart credit card. This is in contrast to an Internet user who uses a search engine to find the same content, since they would be forced to “click” multiple times to reach their intended destination.

In other cases, users who search with generic keywords are directed to sites that have been strategically purchased by corporations. For example, the domain leads to the site for researching and booking travel. Generic domains can be valuable assets for a company because they help yield more traffic and create the impression of market dominance. In both cases, the users found the content that they were looking for—a specific type of credit card and a general category of services. These successes reinforce the idea that users can type what they are looking for directly into their browsers and be rewarded with relevant content.

Direct Navigation and the Advertising Market

Direct Navigation has led to a multimillion-dollar business that combines advances in online advertising with the knowledge that Direct Navigation users will not always find the content they are looking for. Pay-per-click (PPC) advertising is a business model that was created in response to the vast revenue potential offered by the Direct Navigation market. PPC and recycled advertising refers to the process whereby Internet giants such as Google and Yahoo! serve ads to millions of sites ranging from legitimate sites, which offer content and advertisements, to sites that display ads and little other content. Companies originally purchase these ads to be placed on the Google and Yahoo! sites, and they are then used in ad services available through the search engines. When an Internet user clicks on one of the ads, the company that placed the original ad is charged a click fee, while the domain owner and any partners receive a commission.

The impact of such click fees on the corporations submitting the advertisements is substantial. Spending for online advertising is steadily increasing and is estimated to reach $29 billion by 2010 in the U.S. alone.7 The money corporations spend on each click is often shared between the provider of the advertisement and the owner of the site where the advertisement is served. This means that serving advertisements on PPC sites can be a very effective and lucrative means of utilizing a domain name. It is FairWinds’ experience that click-through rates of users who land on a site via Direct Navigation are high, and range from 20 percent to 50 percent based on the site category.

PPC and recycled advertising affect users of Direct Navigation through domain parking, which refers to the practice of hosting a page of advertisements or other temporary content on a Web site that does not yet have content. Domain name owners and advertisers use domain parking to monetize Direct Navigation either temporarily, until content is posted, or permanently. The increase in profitability from domain parking has led to an increase in PPC monetization.

Figure 2 depicts how PPC sites work and how users interact with these sites. This figure was provided by CADNA, a coalition of brand owners who are opposed to abuses of the domain name system. FairWinds is a founding member of CADNA and runs the coalition on a day-to-day basis.

Figure 2: Pay-Per-Click

Figure 2: Pay-Per-Click [+]

PPC advertisements are able to offer content based on the domain name itself, providing users with the ability to click through to the content they were looking for as opposed to trying a different domain name. Because users are able to reach what they are looking for, PPC sites are able to sustain profitable click rates. However, this is problematic for brand owners because consumers may reach their brands indirectly, and this traffic generates revenue for cybersquatters. Brands wishing to leverage the strength of a generic that have not sponsored ads with the ad host will not be visible to customers searching for products or services. In the case of brand names and trademarks, the brand is charged each time a user clicks through a PPC advertisement to reach their intended content. Maintaining a portfolio of strategic domain names can help companies both in terms of branding and advertising cost savings.

In addition to PPC advertisements, domain name monetization also utilizes pay-per-lead (PPL) and cost-per-action (CPA) strategies. PPL enables an advertiser to receive membership or advertising services in return for paying for each sales lead received from the marketing venue used. CPA is a marketing pricing scheme that only charges a fee when a certain action associated with an advertisement is performed. Actions that qualify as CPA might include a product being purchased or a form being filled out. CPA allows companies placing advertisements to pay only when they receive a specific result. They are able to advertise without any cost unless they are also gaining the benefits they are looking for.

Evaluating the Market

As domain names have become a strategic asset to all brand owners, understanding their valuation is key to developing a domain name strategy. At their most objective level, domain names are valued based on the amount of traffic and revenue they generate. Generic names and names incorporating trademarks or popular brands are often the most highly trafficked, while expired domains that have already become strongly ingrained in the minds of a particular audience can also attract large numbers of Internet users. The value of a domain name may also be based on its similarity to a commonly typed name. Therefore, misspellings, transposed characters and other variations of popular Web sites can also garner significant traffic. For example,, a typo of, attracts an estimated 3 million visits per year.

Monetization frequently takes place on third-party Web sites that are owned by individuals who do not necessarily have a business or personal connection to the site’s domain name. Instead, these individuals register the name in order to profit off of its market value, which could be derived from traffic-to-click conversion or sale of an appreciated asset. Individuals that accumulate domain names as a profession are referred to as domainers, and these individuals often amass large portfolios of domain names in order to increase profitability. In many cases, domainers sell their domain portfolios to traffic aggregators who end up owning large numbers of domain names, which leads to a marketplace that includes individuals and well-financed businesses. Individuals or companies that serve PPC advertisements on domain names maintain large portfolios in order to obtain high profit margins. Domain monetization is meant to be profitable on a large scale, with the incremental fees paid to each individual site pooling together to create sizeable returns. It is important to note that while the terms “domaining” and “cybersquatting” are often used interchangeably, these practices are defined differently. In FairWinds’ view, “domainers” tend to avoid trademark infringement, whereas “cybersquatters” tend to focus on brand infringing domains.

Among the largest and most profitable companies in the traffic aggregation space are NameMedia, Demand Media,, iREIT and Marchex. NameMedia owns an estimated 725,000 Web sites8 and Marchex spent $164 million on a single domain portfolio in 2004.9 All of these companies are hoping to capture some of the dollars in sales that Direct Navigation generates each year; according to RBC Capital in New York, Direct Navigation generated $650 million in sales in 2006.10 While the exact percentage of users who practice Direct Navigation is still debated, it is certain that the revenue potential of capitalizing on Direct Navigation is significant.

Traffic aggregators typically acquire names either through domain auctions or through domain name speculation, which is the purchase of domain portfolios from individuals with the intent of reselling or monetizing them. The main targets of domain name speculation in the domain community are generic words and geographic locations combined with product and service category terms. These names gain their value through their high type-in traffic and for the dominant position they would have in any field due to their descriptive nature. Professionals in this space also look to the news and current events to predict which terms will experience increased searches and traffic.

Domain auctions such as the T.R.A.F.F.I.C. conference11 and DomainFest attract the major players in the domain business. Many of these individuals are willing to spend thousands, and in some cases millions, of dollars to acquire names with proven or perceived value. Also in attendance at these conferences are traffic aggregation companies and occasionally buyers with legitimate business interests in a particular name. Domain name industry personalities such as Rick Schwartz, Kevin Ham and Frank Schilling have built careers around trading in domain names—Rick Schwartz is the CEO and co-founder of the World Association of Domain Name Developers and hosts the T.R.A.F.F.I.C conference. Many domain industry players purchased large numbers of domain names for reasonable prices as the Internet bubble burst. They then monetized the traffic to these pages and eventually sold some of these names for record-breaking amounts with the help of domain auctions and through private sales.

Domainers, aggregators and cybersquatters utilize specific methods and tools in order to more accurately determine the most profitable domain name investments for their businesses. Unlike many domainers and aggregators, cybersquatters purposefully infringe upon trademarks and brand name recognition to identify names with high value. Typically, these groups of domain profiteers research names that are about to expire to determine the amount of traffic they are receiving. There are multiple tools available to help monitor deleting domain names and traffic tools to indicate likely traffic to the site. Yahoo! Overture is one such tool that is useful in gauging the popularity of a name. Overture and similar tools are designed to search for free domain names in various root Internet zones and provide metrics for how often Web users search for certain terms.12 Traffic monitoring tools that provide ranking information and keyword identifiers help determine the appeal of a domain and which keywords should be placed on a Web site or advertisement supported by the domain.

Other available tools include trademark registries and “typo” generators that can be found on Web sites such as Trademark registries can be used to determine what words and phrases have trademarks associated with them, while “typo” generators identify possible typographical errors that users may make including switched characters, duplicate letters, missing characters and keyboard proximity errors.13 Domain speculators also use search engines to determine which search terms are most popular, and then translate these terms into domain names. Generally, words or terms receiving one million page results are considered to be a sound investment.14All of these tools could be used for legitimate purposes, but opportunists have found ways to take advantage of each one to make the highest profit possible.

After determining their value, names are acquired through numerous methods including drop-catching, tasting, kiting and open registration. Drop-catching refers to a process that takes advantage of the three-month redemption period after a gTLD expires. During this window, a name is analyzed to determine where it is in the redemption period and if it is still receiving traffic. If the name is still receiving sufficient traffic, the speculator will attempt to “catch” or register the name as soon as it is dropped.15 While drop-catching is technically allowed, it paves the way for unscrupulous activities such as domain name tasting and domain name kiting.

Domain name tasting and kiting are typically viewed as ways to exploit the 5-day add/drop grace period that is mandated by the Internet Corporation for Assigned Names and Numbers (ICANN) to test-drive a domain name. This provision is aimed at protecting registrars from instances when a registrant mistakenly registers a name he or she does not wish to keep or pay for or when credit card companies refuse payment to the registrar due to being notified of a lost or stolen credit card (a credit card charge back). It also allows registrars to test the operability of their systems. Domain name tasting is a tactic used by some cybersquatters and domainers whereby participants leverage ICANN’s 5-day add/drop grace period to judge the profitability of a domain name. If a Web site does not generate enough click fees to cover the annual cost, the registrant will cancel the registration before the fifth day at virtually no cost. Domain name kiting is a similar practice whereby participants leverage the grace period to keep names at no cost by perpetually adding and dropping them. Because of this virtually costless way to keep a domain, the name can generate minimal revenue and still remain profitable to the owner. ICANN recently approved a policy aimed at curbing this abuse, but it is still too early for FairWinds to ascertain whether it will have any measurable impact.

Cybercrime in the Market

Many cybersquatters have used these practices in order to build their multi-million dollar business. Cybersquatting is commonly defined as the “bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks,”16 and has led to an entire range of harmful activities that threaten today’s brand owner. Initially, cybersquatting was built on a “ransom” model in which individuals registered names bearing famous trademarks. They then held them ransom in order to drive up the price that the rightful trademark owner was willing to pay in order to get the name back. However, the cybersquatting business model has evolved as trademark owners have become increasingly aggressive in pursuing arbitration and litigation to regain domain names bearing their marks.

Unfortunately, this evolution has further complicated the problems associated with cybersquatting. Cybersquatters have become more nimble and developed tactics that allow them to continue to use distinctive marks via less conspicuous methods. Cybersquatters use the domain names in their portfolios to divert and monetize traffic, create confusion and ultimately profit from the names that bear famous marks through recycled sponsored advertisements on pay-per-click Web sites.


As mentioned earlier, one of these evolved techniques is typosquatting. Typosquatting is defined as “the practice of registering domain names that are typos of their target domains, which usually host popular Web sites with significant traffic.”17 Typosquatters take advantage of multiple forms of typing mistakes, including instances when users repeat a letter, switch two letters, or drop letters from domain names. Typosquatters also take advantage of users who enter the wrong TLDs, such as a “.com” instead of a “.org.” Examples of such mistakes include,,, and Once typosquatters register these names, they monetize them in predictable fashion, pointing users to pay-per-click advertisements or other content harmful to user opinions of the brand in question. Following this report, FairWinds Partners will release the results of its recent study on typosquatting (part 2 of this series), aimed at gleaning significant trends from typo domain registration. By examining the mistakes that typosquatters most frequently use to create typo domains, we hope to provide brand owners with the information needed to evaluate their exposure to typosquatting and to develop an effective defense against it.


A second type of abuse is combosquatting, which specifically takes advantage of the practice of Evolved Navigation. As more Internet users are entering creative domain names and expecting relevant content from companies they know and trust, combosquatters are registering domain names that combine a popular brand or typographical variation of a brand with either a generic term associated with that brand, or a specific product or campaign marketed by the brand. One example is “” FairWinds has found that around 49 percent of well-known brand name and keyword combinations receive equal or greater Direct Navigation traffic than search queries. This means roughly half of users looking for brand content are expecting companies to have registered these keyword combinations, especially in the .com extension. This figure clearly shows the potential for harm caused by combosquatting both in terms of monetization and damage caused to brand image. We hope the release of our forthcoming study on combosquatting (part 3 of this series) and our analysis of trends associated with this practice will better inform brand owners of the potential harms posed by combosquatting and provide them with strategies to combat it.


Diversion is one of the more harmful business consequences of cybersquatting that occurs once a user has reached a squatted page. Diversion can be viewed broadly as any time a user is directed to content other than that which they had initially intended. However, it is most harmful to brand owners in more specific instances in which a customer’s original search for content related to a specific brand is shifted towards another brand or other misleading content. One can argue that any time a user is directed to a pay-per-click site instead of meaningful brand content, a user has been diverted away from the brand and that brand has been harmed. Nevertheless, diversion in its more specific sense not only directs users to content counter to what they are looking for, but also reminds users of alternative products and services that compete with those of the rightful brand.

It is this type of diversion that is most damaging to brands and consumers alike. For example, in Figure 3, a user looking for Capital One card services and promotions who enters into their browser is immediately redirected to a pay-per-click site with Capital One branding and colors.18 Instead of finding Capital One, the user is presented with several ads for refinancing and credit card options from Capital One competitors including JPMorgan Chase & Co. and Bank of America Corporation. If the user clicks through the Chase ad and finds that a Chase service will meet the same needs as Capital One and consequently chooses Chase over Capital One, Capital One suffers the immediate loss of a customer. Another unfavorable possibility is that a customer that is diverted to content while looking for another intended brand may assume that the site that they eventually reach is associated with or sponsored by that intended brand. This can be problematic for many reasons. Potential harms range from decreased consumer confidence in the brand to liability in fraud cases such as phishing.

Figure 3: Screen shot of

Figure 3: Screen shot of capitalonerewards.com19 [+]

Other Tactics

What is most important to understand about cybersquatting in today’s business world is that its practitioners are constantly developing their techniques and providing new challenges to brand owners. By aggregating domain names and turning the slightest of profits into a sustainable business, cybersquatters have made the monetization of domain names and cybersquatting permanent fixtures in the online industry.

Outside of the specific tactics discussed above, cybersquatters have become increasingly quick to develop and adapt their strategies to keep up with brand owners. Another harmful technique used by cybersquatters takes advantage of companies that are trying to promote their brands with generic domain names. When a brand has registered a useful generic, but failed to cover all domain names that users are likely to type in to reach the brand’s content, cybersquatters are quick to exploit this situation and seek to siphon this traffic.

Potential Harm

Outside of clear monetary harms caused to brand owners that must pay advertising fees to direct users to their appropriate Web sites, cybersquatting has led to several other types of harm. Many of these harms are intangible, leading to decreases in brand equity or consumer loyalty. Navigating to a cybersquatted page often leaves a user with a negative impression. Such an experience leads to an uncomfortable “hijacking” experience because users are taken to unexpected and possibly inappropriate content. This negative impression makes the user reluctant to visit such a site again, thus avoiding the originally targeted domain.20 Because attracting Web traffic is vital to success in the online space, the loss of users due to negative impressions may bear significant consequences for a company. Additionally, the practice of diversion may remind users of a brand’s competitors, and serve as a force to drive customers to those competitors instead of the originally intended brand. More alarming than these effects are the distinctly criminal activities associated with cybersquatting. These practices include depositing spyware or malware, phishing attempts and the recently elevated issue of email interception. In the case of email interception, there is the possibility that the owner of the typo can intercept email sent to when they accidentally type instead of


Phishing is defined as attacks using “both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials.”21 By registering names bearing famous marks, phishers can send emails and run Web sites seemingly originating from the brand owner. This is particularly problematic for financial services companies. Cybersquatters use phishing schemes to lead consumers to spoofed company sites that request personal or financial information from visitors. Oftentimes consumers are prompted to visit these sites due to emails claiming that users’ accounts have been breached or will be closed. These emails are intended to create panic so that consumers will readily provide their social security number, banking account numbers, credit card numbers or other privileged information such as passwords and personal identification numbers (PINs). Once phishers obtain this information they are able to make purchases under the consumer’s name, steal the consumer’s identify and deplete his or her accounts.

The practice of phishing is very lucrative. According to a survey conducted by Gartner, Inc., the average phishing victim in the United States lost $866 in 2007, with total losses from phishing attacks soaring to $3.2 billion.22 The financial impact is not limited to consumers. Brand owners suffer far greater damages as a result of phishing. They are saddled not only with the direct costs of the attack, but also with the costs of enforcement, detection and lost consumer confidence.

In terms of indirect consequences, a loss in consumer confidence weakens the foundation of the online retail industry. Internet retailers depend on consumer trust in order to conduct business. An online shopper must feel confident that the information he or she divulges online will be properly used. The increased usage and profitability of phishing damages the confidence that users have in the integrity of the Internet. Studies indicate that 30 percent of Internet users limit online transactions, and 24 percent limit online banking transactions. Not only do online retailers and financial institutions lose money directly through lost sales, but there is also a decline in Internet business forces companies investing more money back into higher-cost stores and banks. Without consumer trust and support, companies are unable to fully utilize the low costs and high returns of Internet retail.


Another common criminal activity associated with cybersquatting is the use of Trojans. The APWG defines phishing-based Trojans as crimeware code designed with the intent of collecting information on the end-user in order to steal that user’s credentials.23Phishing-based keyloggers have tracking components that attempt to monitor both specific actions and specific organizations such as financial institutions, online retailers and eCommerce merchants in order to get targeted information. The ultimate goal is to gain access to financial based Web sites, eCommerce sites, and Web-based mail sites.24Rather than a phishing attack that spoofs an email and asks users to reply with details or go to a spoofed Web site, a Trojan imbeds itself onto the machine and takes the information it wants as the user types it into their computer. Trojan programs are becoming increasingly prevalent as criminals concentrate their efforts on the Internet and send emails linked to malicious Web sites rather than infected mail.

Combating Cybercrime

The tremendous market potential associated with Direct Navigation combined with the inherent value of some of the world’s most famous brands make domaining, aggregating and cybersquatting extremely lucrative businesses. Cybersquatting is by far the most problematic business that has been built to capitalize on Direct Navigation and leads to numerous other cyber-crimes that are harmful to both consumers and brand owners alike. In response to continued complaints from brand owners suffering losses in both revenue and reputation, we are seeing the enactment of legislation aimed at controlling cybersquatting and cyber-crime.

Brand owners can use the U.S. Anticybersquatting Consumer Protection Act (ACPA), which was passed in 1999, as an alternative to traditional trademark enforcement. The ACPA defines cybersquatting as “the bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks,” and provides brand owners with a simpler way to act against infringers. However, it has done little to deter cybersquatting, and places a large burden on the rightful brand owners to prove that infringement has occurred.25

The ACPA defines the numerous purposes of cybersquatting that it was designed to prohibit. They include demanding payment from the rightful owner of the mark that is forced to pay for the right to conduct e-commerce under their brand name; selling or auctioning the name to the highest bidder either publicly or discretely; serving illicit content on sites; engaging in confusion-creating tactics and preying on customer confusion; engaging in mass registration of well-known marks or “warehousing;” and defrauding consumers by methods including counterfeiting.26 Most importantly, the ACPA requires demonstration of bad-faith registration.

There are nine elements under the ACPA used in demonstrating absence of bad faith or proving bad faith intent. In an ACPA case, the court will consider all of these in its final decision. The first four factors help the court determine whether infringement has actually occurred. They include the intellectual property rights of the domain name owner, legal name vs. nickname, legitimacy of goods or services sold and noncommercial or fair use. The remaining five elements assist the court in determining if the domain names were registered with intent to harm the rightful brand owner. These include intention to divert customers, sale of the domain name for gain, provision of false contact information, multiple confusingly similar domain names, and the use of distinctive or famous marks.27

While the ACPA has made it easier for brand owners to pursue action against infringers because it clearly defines cybersquatting and has established some clear legal precedents and case law, it has done little to deter cybersquatting. Cybersquatters are persistent primarily because they can go undetected for a period of time and because the financial benefit of capitalizing on Direct Navigation outweighs the risks. Unfortunately, much of the burden of recovering infringed names is placed on the brand owners. They are responsible for performing all due diligence in monitoring the use of their brands in order to recover names and are left facing financial and other intangible costs. As soon as they have successfully recovered one set of names, another ten, hundred, or thousand infringing names are registered.

It is therefore beneficial for trademark owners to push for more favorable legislation and consider new, potentially more effective avenues for enforcement. In a past Perspectives (Volume 3, Issue 1), FairWinds explored the enforcement options available to brand owners with Bob Shaughnessy of Williams & Connolly LLP, a Washington, D.C. litigator who has represented trademark owners against cybersquatters. One suggestion put forth in that Perspectives was for brand owners to consider banding together to pool their resources and go after some of the most problematic cybersquatters more aggressively. However, as with all aspects of a brand’s online strategy, it is important to make informed decisions and take appropriate actions specifically tailored to each particular case.

Navigating Ahead

We have seen that the inherent value of the Direct Navigation market continues to drive profit for numerous businesses, most notably those dealing in domain names. The struggle for these valuable domain names is ongoing. Since valuable domains tend to be the most intuitive ones, the majority of quality domain names are already registered. Many people dealing in domains have turned to infringement and/or various means of acquisition including auctions, drop-catching or outright purchase to increase their holdings. Certain domains containing brand names, brand names combined with generics, generic terms and variations thereof are invaluable to brand owners, traffic aggregators, domainers and cybersquatters. If the climate of the Direct Navigation market continues along this path, domain names will continue to see a steady increase in value and provide businesses with both an effective and succinct way to reach their audiences and a generous return on investment.

FairWinds Partners remains focused on analyzing the underlying causes of cybersquatting and the patterns associated with this practice in order to better serve the public interest and assist brand owners looking to effectively leverage Direct Navigation. By keeping the public and brands abreast of important information regarding Direct Navigation, we can ensure that Internet users are consistently provided with safe and expected online experiences and that brand owners are equipped with the tools needed to develop optimal and cost-effective domain strategies. We will explore the issues of typosquatting and combosquatting in greater detail in forthcoming studies and provide additional insights into how companies can proactively tap into the value of Direct Navigation. We hope that you will be able to use both this discussion and those studies to understand the benefits and challenges of the tasks that lie ahead.