Abank has won a legal battle against a China-based ‘cybersquatter’, who attempted to extort almost £100,000 from the business by buying a domain name they wanted.
Clydesdale Bank, which is based in Glasgow, was dismayed to find that a web address it wanted had been snapped up by Eric Cheng.
Mr Cheng bought the domain cybfx.co.uk after he spotted the bank had recently trademarked the name ‘cybfx’, with the intention of selling it back to them for a much higher fee. He used the page to drive traffic to other financial services websites.
Clydesdale was forced to take legal action after several attempts to retrieve the domain resulted in Mr Cheng demanding £95,000 for its transfer.
The UK’s domain name regulator, Nominet, which oversees all .co.uk domain names, ruled that there was “no obvious justification” for Mr Cheng’s purchase, and ordered the domain to be transferred to Clydesdale.
Although it is not illegal to register a domain name that does not already have an owner, the regulator hears hundreds of “abusive registration” cases each year, in which so-called cybersquatters buy domains without intending to use them.
Where a domain is deemed to have been bought in bad faith, Nominet has the authority to order its transfer.
In documents submitted to the hearing, Clydesdale said “the registration of the Domain Name was a deliberate attempt on the part of the respondent to seek private gain from the business by precluding the company from owning the domain unless we are willing to pay an extortionate sum of money.”
They said Mr Cheng had “seemingly no affiliation to the CYB (Clydesdale and Yorkshire Bank) group of companies” and added that the domain name was “registered with the primary purpose of selling or renting it specifically to the complainant (or a competitor) for more than the respondent paid for it”.
Mr Cheng, whose listed address is in Beijing, did not submit any response to the hearing.
A record 3,074 cybersquatting disputes were handled last year by the World Intellectual Property Organisation (WIPO). The most common industries for cybersquatting disputes were banking and finance, fashion, and internet and IT.
The top ten filing parties in 2017 included tobacco company Philip Morris, Michelin, Virgin Enterprises and Lego.
Cybersquatters typically buy domains when they spot new trademarks being registered, or when companies accidentally lose their ownership of domains by lapsing in subscription payments.
As well as holding domain names ransom and selling them back to legitimate owners, cybersquatters can use bogus sites to trick consumers into buying counterfeit products, or to steal information from the site’s visitors.
WIPO Director General Francis Gurry said: “By abusing trademarks in the Domain Name System, cybersquatting undermines legitimate commerce and harms consumers. This is true especially where squatters use domain names to offer counterfeit goods or for phishing, as is seen in numerous WIPO cases.”
Although regulators like the UK’s Nominet have the power to order the transfer of sites, they have no ability to hand down criminal charges, since the practice is technically legal.
It can also be difficult to determine the true identity of cybersquatters since there is often no identity verification process involved in the initial purchasing of domains. Professional cybersquatters can hide behind false companies or use a fake name when buying sites.
In November, a Telegraph investigation revealed that Wesley Perkins, a Birmingham-based cybersquatter, had bought thousands of domain names from companies that had lapsed on subscription payments. He demanded huge sums to return the domains, and in the meantime redirected the sites to hardcore Russian pornography.
One business, Suffolk-based fostering agency Little Acorns, feared for its reputation after Perkins replaced the website’s content with text reading ‘abuse’.