Domain name theft, also known as domain hijacking, happens when cyberattackers completely overtake a domain and anything attached to it. This can cause permanent damage to your business, as you will not be able to gain control back, and attackers can do what they please, including phishing or even theft. It is important to know what legal steps to take after domain name theft, and Rome LLP can help.

What to Do Prior to Taking Legal Action

Taking legal action is the last step after a domain name theft. Before you do that, make sure you contact your domain registrar and gather all documentation related to the domain registration. If your domain has a copyright, go through the Uniform Domain Name Dispute Resolution Policy (UDRP) process via the World Intellectual Property Organization (WIPO) to get your domain back. 

It is important to have different kinds of documentation to prove that the hijacked domain name is yours and that you have trademark rights for it.

Types of documentation to provide include:

• Billing records or email confirmations to prove you purchased the domain
• Advertising that links the domain name to your organization
• Legal documentation with the domain name on it
• Web logs or archives from years past that show that the domain name is through your organization

Filing a Complaint With WIPO Through the UDRP

It is pertinent to file a complaint through the UDRP to resolve domain name theft. According to WIPO, 6,168 cases were filed under the UDRP for domain names in 2024. This was the second busiest year since the UDRP’s creation in 1999, and it only decreased by less than 1% since 2023. 

Take the following steps to file a complaint:

1. Go to WIPO’s website and complete a Model Complaint.
2. Submit the form through email or WIPO’s online form.
3. Pay the required fees when you submit the Model Complaint. Fees can range from $1,500 to $5,000 or more, depending on how many domain names are included in the complaint and how many panelists will decide on the case.
4. You will receive an acknowledgement email with the case number that is assigned to your case.

As a part of the Model Complaint, you must be able to prove that you have trademark rights to your domain, the registrant does not have trademark rights, and that the domain is being used in bad faith. Make sure to include evidence of bad faith use and your trademark rights with the Model Complaint before submitting it.

You can hire a domain theft lawyer to help you fill out the Model Complaint and submit it. You can also go to court for the dispute if a response to the complaint takes too much time, or you are dissatisfied with the initial outcome. 

Pursuing Legal Action Through the ACPA

One way to pursue legal action for domain name theft is to use the Anticybersquatting Consumer Protection Act, or the ACPA. The ACPA allows those whose domains are being used in bad faith to pursue legal action and get their domain back or secure damages for the harm caused. 

In some cases, you can even file an action against the domain name itself instead of an individual or business. There are many ways a domain name can be used in bad faith, including the following:

• The cybersquatter has trademark rights for the domain.
• There is no fair use or noncommercial usage for the domain.
• The cybersquatter directs traffic from the initial website to their own website.
• Selling the domain to someone else for a higher profit

FAQs

What Happens if Someone Steals Your Domain Name?

If a cyberattacker steals your domain name, they will have access to not only your website but also possibly emails linked to the domain name and other data. They can use your domain for phishing scams or redirecting traffic to their website. It is important to take action as soon as you are aware of the domain name theft, especially because cyberattackers will hide behind your domain name to trick clients and/or employees into thinking their fraudulent emails are legit.

How Do You Resolve a Domain Name Dispute?

You can file a complaint through the UCRP and/or pursue legal action under the ACPA to resolve a domain name dispute. To do both, make sure you can prove that you have trademark rights for your domain and provide documentation to show it. Contact your domain’s registrar to inform them of what has happened prior to taking any action.

How Long Does a UCRP Complaint Take to Reach a Resolution?

Depending on when the initial complaint is made, how long a response takes, and how long the panel’s decision takes, it can take about two months for a UCRP complaint to reach a resolution from the day the complaint is received. After a decision is made, the panel takes further action for a domain to be transferred back to its initial owner or cancelled altogether.

What Is the ACPA?

The Anticybersquatting Consumer Protection Act (ACPA) is a federal law that states it is illegal for a registered domain to be used in bad faith. If your domain name is stolen and used for things like phishing and theft, that is considered bad faith use and can be resolved by taking legal action or filing a complaint with WIPO.

Hire a Domain Theft Lawyer Today

Domain theft is a serious and severe threat to your business. Cyberattackers can cause irreversible damage, so it is very important to take action immediately to prevent any further harm caused by a domain hijacker. Make sure to have sufficient evidence and documentation to prove the domain is yours so you can get it back.

The attorneys at Rome LLP have extensive experience with domain theft disputes and a track record of success. At our boutique law firm, we can defend your rights with ease. Don’t wait. If your domain has been hijacked, schedule a consultation today through our contact form, by phone, or by visiting our office at 2029 Century Park East in Los Angeles.