Record rise in digital squatting fuels phishing wave

Digital squatting has reached record levels, with criminals using lookalike web addresses to impersonate brands and target customers through phishing and malware.

The World Intellectual Property Organisation handled 6,200 domain name disputes in 2025, the highest figure it has recorded. That also marked a 68% increase since 2020.

Decodo research links the rise in disputes to a broader security problem. Lookalike domains now feature in schemes that steal customer data, distribute malware and divert payments, affecting startups and mid-sized firms as well as global brands.

How squatting works

Digital squatting involves registering domain names that mimic established organisations. Attackers create addresses that look legitimate at a glance, particularly in emails, online adverts and search results.

One common method is typosquatting, which relies on misspellings that match typical typing errors. Another is combosquatting, which adds words to a brand name, such as "deals" or "login".

Criminals also use top-level domain squatting by registering the same name under different extensions such as .org or .net. Newer extensions such as .io and .ai have also become targets as businesses adopt them for product sites and developer services.

Another method is the homograph attack, which uses characters from different writing systems that look similar on screen. For example, a Cyrillic character can resemble a Latin character, making a fake domain harder to spot in a browser bar.

Decodo example

Decodo says its brand was targeted during and after a rebrand from Smartproxy. The company describes itself as a web data infrastructure provider with more than 135,000 users worldwide.

According to Decodo, impersonators registered domains including smartproxy.org and smartproxy.cn, deceiving customers into purchasing services through fraudulent sites. It says the incidents caused lost funds and reputational damage.

"We've spent years earning our customers' trust through reliable service and ethical practices," said Vytautas Savickas, CEO of Decodo. "Impersonators don't just steal money. They deliver low-quality services that fall far short of what real companies provide. Every fake site makes it harder for honest businesses to earn trust and for customers to know who to rely on."

Big-brand disputes

High-profile companies have also faced domain squatting disputes. Decodo cites cases involving Tesla, TikTok, Microsoft and Google. Such disputes can lead to lengthy legal proceedings, and some involve large settlements, although figures vary by jurisdiction and complaint route.

Security teams have also linked squatted domains to phishing operations. Attackers often use them in email campaigns that mimic invoice portals, customer support messages, recruitment outreach and software update notices.

Decodo cites an IBM report from 2025 that put the average cost of a phishing attack at USD $4.8 million. Costs can include incident response, business disruption, customer notification and remediation work across IT systems.

Defensive steps

One approach is to register brand names across multiple top-level domains rather than relying on a single .com address. That can include .org and .net, as well as newer extensions used by technology businesses.

Companies can also register common misspellings and hyphenated variants. Country-code top-level domains such as .co.uk, .de and .cn can also help firms that operate internationally or sell into those markets.

Monitoring is also central to many brand-protection strategies. This can include watching newly registered domains for close matches to brand names and reviewing certificates issued for similar domains. Customer education matters too, particularly for firms with online payment flows or self-service support portals.

"Digital squatting has evolved from a nuisance into a serious business risk that demands executive attention," said Vaidotas Juknys, chief commercial officer of Decodo. "We urge every company to audit its domain portfolio today, not tomorrow. Register the obvious variations, monitor for new threats, and educate your customers about how to find you safely. The squatters are counting on businesses to be reactive. The only way to win is to be proactive."

Decodo expects disputes and security incidents linked to lookalike domains to persist as criminals refine their tactics and businesses expand their online presence across more domain extensions.