Is Cybersquatting Legal? (2026 Updated)

Buying a domain name can feel like grabbing a prime piece of digital real estate.

But if the domain you’ve registered looks a lot like someone else’s brand (or you’ve registered it to sell back to them), you might be stepping into cybersquatting territory.

This guide is updated for 2026 to reflect current online brand risks and the way disputes are commonly dealt with in practice. We’ll walk you through what cybersquatting is, whether it’s “legal”, what laws can apply in New Zealand, and what you can do if it happens to you.

What Is Cybersquatting (And Why Do People Do It)?

Cybersquatting usually describes the practice of registering (or using) a domain name that matches or closely resembles someone else’s brand name, trade mark, or business name-often with the intention of:

• selling the domain to the brand owner for a profit;
• diverting web traffic away from the brand owner;
• confusing customers into thinking the site is connected to the brand; or
• damaging the brand’s reputation (sometimes called “typosquatting” or “brandjacking” depending on the behaviour).

Common examples include:

• registering yourbrand.co.nz when someone else owns yourbrand.co.nz as a trade mark;
• registering a “typo” domain like youbrand.co.nz or your-brand.co.nz;
• adding a descriptor like yourbrandshop.co.nz or yourbrandnz.co.nz to look official;
• registering the domain and running ads, affiliate links, or competitor content from it.

It can happen to anyone, but it’s especially common when:

• a small business is growing quickly and hasn’t secured key domain variations yet;
• a product goes viral and opportunists register similar domains; or
• a business expands from social media into a full online store without locking down its name.

Is Cybersquatting The Same As Trade Mark Infringement?

Not always, but they often overlap.

Trade mark infringement is a specific legal concept, and it depends on things like whether there’s a registered trade mark and whether the domain use is “in trade” and likely to confuse. Cybersquatting is a broader, more practical label that can include multiple types of brand misuse.

In many real-world disputes, the “cybersquatting” behaviour is dealt with using a mix of trade mark law, fair trading law, and domain dispute processes.

So, Is Cybersquatting Legal In New Zealand?

The frustrating (but honest) answer is: cybersquatting isn’t a single offence with one simple rule.

In other words, New Zealand doesn’t have a standalone “Cybersquatting Act” that automatically makes it illegal to register a domain name that resembles a business name.

However, cybersquatting can still be unlawful (or lead to you losing the domain and facing legal consequences) depending on:

• why the domain was registered (your intent matters);
• how the domain is used (e.g. misleading consumers, impersonation, commercial gain); and
• whether the name you’ve targeted is protected (especially by a registered trade mark).

Think of it like this: registering a domain name is easy. The legal risk usually comes from how close you are to someone else’s brand and what you do next.

When Might It Be “Legal” (Or At Least Not Unlawful)?

There are situations where a domain dispute feels like “cybersquatting” to one party, but it’s actually a legitimate conflict. For example:

• Generic words: if the domain is a common dictionary word and multiple businesses could fairly use it.
• Different industries: if the name is used in a genuinely different market and there’s no likely confusion.
• Legitimate interest: you share the name (e.g. your surname, a long-standing nickname, a bona fide business name) and you’re not trying to mislead anyone.
• Non-commercial use: a genuine fan site or commentary site can sometimes be defensible, but it’s still risky if it implies official endorsement.

That said, “I didn’t mean to” isn’t a great plan. If your domain looks like you’re trying to ride on another brand’s reputation, it can quickly become a legal problem.

What Laws Can Apply To Cybersquatting In NZ?

Cybersquatting disputes often come down to a few key legal frameworks. The relevant one for you depends on your facts, your industry, and how the domain is being used.

Trade Marks Act 2002 (And Trade Mark Infringement)

If a business has a registered trade mark, they may be able to take action where a domain name (or the website content behind it) is being used in a way that infringes their trade mark rights.

This typically becomes relevant where the domain is being used for commercial purposes-like selling products, running ads, or directing customers to competing services.

If you’re building a brand, registering a trade mark early can make a massive difference in domain disputes. If you’re already dealing with a confusingly similar name in the market, Trademark Infringement issues can escalate quickly, so it’s worth getting advice before you fire off emails or threaten legal action.

Fair Trading Act 1986 (Misleading Or Deceptive Conduct)

Even without a registered trade mark, cybersquatting behaviour can still cause legal issues under the Fair Trading Act 1986, especially if the domain (or the website) misleads customers.

For example, you might run into Fair Trading Act risk if the domain makes people think:

• your business is the “official” site for another brand;
• you’re affiliated with, endorsed by, or a reseller of another brand (when you’re not); or
• your products/services are the other brand’s products/services.

This law is particularly relevant for online businesses because confusion can happen fast-customers often click the first link and assume they’re in the right place.

Passing Off (Common Law Brand Protection)

New Zealand also recognises the common law cause of action called passing off. This is often used where someone is trading on the goodwill and reputation of another business and causing confusion.

Passing off claims can be complex and fact-specific, but they may be relevant if:

• your brand has reputation and goodwill (even without a registered trade mark);
• someone else’s domain/website misrepresents a connection; and
• your business suffers (or is likely to suffer) harm as a result.

Copyright, Content Misuse, And “Clone Sites”

Sometimes cybersquatting isn’t just about the domain name-it’s about copying your branding, images, website copy, or product listings to make the domain look “real”.

That can add extra legal issues, including copyright infringement. If you’re building brand assets (photos, copy, designs), it’s worth understanding how to protect what you create and how to respond when someone copies it. A Copyright Consult can help you map out your options if a clone site pops up.

Privacy And Data Risks (If They’re Collecting Information)

Some bad actors use confusing domains to collect personal information-think fake “returns” pages, sign-up forms, or checkout screens.

If personal information is being collected, privacy law can become part of the story. If you run an online business, you should also have your own data handling sorted, including a clear Privacy Policy and internal processes for handling suspicious activity and complaints.

How Domain Name Disputes Are Usually Resolved (Without Going To Court)

The good news is that many cybersquatting matters are resolved without full-scale court proceedings.

Most disputes follow a practical escalation path, such as:

1. Informal contact: the brand owner reaches out and asks for transfer/cancellation (sometimes with evidence of trade mark rights).
2. Cease and desist letter: a formal letter is sent requesting the domain be transferred and the conduct stop.
3. Dispute resolution process: depending on the domain extension and registrar policies, there may be an administrative pathway.
4. Court action: if the behaviour continues, or there’s serious loss, court proceedings may be considered.

Why “Buying The Domain Back” Can Be Tricky

If someone has registered a domain to sell it back to you, it’s tempting to just pay and move on.

But paying can create problems:

• it can encourage repeat behaviour (against you or others);
• it can increase the asking price over time; and
• it can complicate the narrative around intent and rights later.

That doesn’t mean paying is never the right commercial decision. It just means you should weigh the legal and practical risks before you do it-especially if you suspect the person is targeting your trade mark or customers.

When To Get Legal Help Early

It’s usually smart to get advice early if:

• the domain is actively diverting your customers;
• there’s a fake website or impersonation;
• the other party is demanding money;
• you’re being accused of cybersquatting and you believe you have a legitimate right to the name; or
• you’re expanding overseas and want to coordinate trade mark and domain strategy properly.

These disputes are often won or lost on the details, so having the right strategy upfront can save you time and avoid missteps that escalate the conflict.

How To Protect Your Brand From Cybersquatting (Practical Checklist)

If you’re building a brand in 2026, your domain name is part of your brand identity-so it deserves the same “from day one” thinking as your logo or product name.

Here are practical steps you can take to reduce the risk of cybersquatting.

1) Register Key Domains Early

At a minimum, consider registering:

• your main domain (e.g. yourbrand.co.nz);
• your main commercial extension if relevant (often .com);
• common misspellings (if your name is frequently mistyped);
• hyphen variations; and
• key product-line domains (if they’re likely to become brands).

This isn’t about buying every possible domain. It’s about covering the realistic ones a customer might type-and the ones a bad actor might use to confuse people.

2) Register Your Trade Mark (So You’re Not Relying On “Common Sense”)

Trade marks give you clearer, stronger legal tools in a dispute.

If your business name is important to you (and it usually is), a trade mark strategy can help protect your brand across:

• your domain name;
• social media handles;
• product packaging and marketing;
• marketplace listings; and
• future licensing or franchising opportunities.

If you’re not sure where to start, a Trade Mark Search Report can help you check whether you’re likely to run into conflicts before you invest heavily in branding.

3) Lock Down Internal Brand Ownership

Cybersquatting risk isn’t always external. It can also show up when:

• a founder registers domains personally;
• a contractor registers domains “for you”;
• a marketing agency controls logins; or
• there’s a dispute between business partners.

From day one, keep domain registrations in the correct legal owner’s name (often your company), and keep a clear record of logins and renewal dates.

If you’re operating through a company, a well-drafted Company Constitution and internal governance documents can reduce messy disputes about who controls business assets (including domains) when relationships change.

4) Use Strong Website Terms And Policies

While terms and policies won’t stop a third party from registering a confusing domain, they do help you:

• set clear rules for how your content can be used;
• support enforcement steps if someone copies your site; and
• show customers what’s legitimate (and what’s not).

For online businesses, having clear Website Terms and Conditions alongside your Privacy Policy is part of building a trustworthy brand presence.

5) Monitor For Copycats

You don’t need expensive tools to start. Even basic monitoring helps, such as:

• setting up Google Alerts for your business name;
• regularly searching your name with “.co.nz”, “.com”, and common variations;
• checking marketplaces and social platforms for copycat profiles; and
• keeping an eye on paid ads (where copycats sometimes bid on brand keywords).

The earlier you catch a bad domain, the easier it usually is to deal with.

What Should You Do If Someone Is Cybersquatting Your Domain?

If you’ve discovered a suspicious domain, it’s normal to feel annoyed (or panicked). The key is to respond in a way that protects your brand and doesn’t accidentally make things worse.

Step 1: Gather Evidence Before You Contact Anyone

Start by capturing:

• screenshots of the website (including any logos, branding, or claims);
• the URL and the date/time you accessed it;
• any misleading statements (e.g. “official site”, “authorised distributor”);
• proof of your brand rights (trade marks, business registrations, company records); and
• any customer confusion (emails, DMs, complaints, misdirected orders).

This evidence matters if the domain later changes content (which is common) or if you need to prove misleading conduct.

Step 2: Work Out What Rights You’re Relying On

Your strategy depends on what you’ve got to back you up. For example:

• If you have a registered trade mark, that often strengthens your position.
• If you don’t, you might rely more heavily on reputation/goodwill and misleading conduct arguments.
• If they’ve copied your website or content, IP enforcement may be available.

Where it’s unclear, it’s usually worth getting tailored advice before you send demands-especially because a poorly worded message can be forwarded, published, or used against you.

Step 3: Consider A Formal Letter (But Don’t DIY The Strategy)

A clear, legally grounded letter can be effective, particularly when the other party is trying to profit. But templates can backfire if they don’t match your circumstances.

This is one of those areas where getting a lawyer involved can save you time and avoid escalation.

Step 4: Secure Your Own Digital Assets

While you’re dealing with the domain dispute, you should also:

• change passwords on your email, hosting, and domain accounts;
• enable multi-factor authentication;
• check for lookalike social accounts; and
• make sure your customers can easily tell what’s official (clear branding, verified links, consistent handles).

Cybersquatting is sometimes paired with phishing, spoofing, or broader impersonation-so it’s worth tightening up your security while you’re at it.

Key Takeaways

• Cybersquatting isn’t a single “one rule” offence in New Zealand, but it can still be unlawful depending on intent, use, and whether consumers are misled.
• The Trade Marks Act 2002, the Fair Trading Act 1986, and passing off are common legal pathways used to challenge confusing or bad-faith domain activity.
• Many cybersquatting disputes are resolved without court through practical steps like evidence gathering, formal letters, and domain dispute processes.
• Registering key domains early and protecting your brand with a registered trade mark can significantly improve your position in a dispute.
• Keep domain ownership and access clearly controlled within your business so internal disputes don’t turn into accidental “domain hostage” situations.
• If you find a suspicious domain, gather evidence first and get advice before sending aggressive messages-strategy matters in these disputes.

If you’d like help responding to cybersquatting, protecting your brand, or putting the right IP and online legal foundations in place, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.