Skip Navigation

Domain Name Scams: Part II – Best Practices for Prevention

By Sunny Handa, Eline Collard and Chloe Barrette
October 15, 2025
Overview
More information

Domain names have become a critical component of business branding, allowing a business’s website and email address to be easily identified by the public. Consequently, issues pertaining to fraudulent domain names are not a new occurrence. To minimize the risk of falling victim to scams, misleading customers or damaging your brand, it is essential for businesses to actively monitor for potential domain name fraud. Prompt intervention can often mitigate these risks.

In this three-part series, we provide an overview of domain name fraud as it stands today by focusing on the following topics: 

  • Part I: The current landscape of domain name fraud and helpful identification methods
  • Part II: Best practices for preventing and preparing for such threats
  • Part III (coming late October): Effective ways to respond once a fraudulent domain has been identified

Best Practices 

While there is no comprehensive legislation that prevents third parties from purchasing domain names that are confusingly similar to others, there are various preventative measures your organization may take to proactively mitigate the risk of an incident occurring.

1. Domain Name Registration and Renewal

Ensuring that your domain name remains registered is essential to mitigating domain name fraud. Losing active registration status gives fraudsters the opportunity to purchase the domain name for a low cost and impersonate your brand or organization. Each domain name registration authority (registrar) has established policies that govern the domain names registered under their services; these policies must adhere to the rules of the applicable registration authority that governs the top-level domain in question (e.g., “.com”, “.ca”, “.net”, etc.).

Certain registrars also take a more proactive approach to fraud prevention and facilitate timely notifications in case of an incident. Understanding these policies and practices, as well as the terms and conditions applicable to your domain name registration, is essential to maintaining an active registration status (see ICANN’s FAQs for Registrants).

Once registered, a domain name remains valid for the duration of the registration period, typically ranging from one to ten years. To ensure timely renewal, the following measures may be implemented:

  1. Track the expiration date: The domain name expiration date can be tracked using your internal calendar system. Alternatively, you may search your domain name on the Internet Corporation for Assigned Names and Numbers (ICANN) lookup page or, if you remain uncertain of your domain name’s expiration date, you may contact your registrar to confirm.
  2. Enable auto-renewal: Most registrars offer an auto-renewal option. This is a reliable option, as long as the banking information provided to the registrar is up to date.
  3. Act promptly upon expiration reminders: Certain registrars send reminders prior to the expiration of a domain name. To benefit from these alerts, ensure your contact information is up to date.

It is essential to follow these measures and monitor domain expirations, especially for inactive or redirect-only websites, which are often overlooked.

Another good practice is to register your domain names behind a privacy screen. Generally, domain name ownership information is publicly available on the domain name databases. Domain privacy services conceal your personal contact information from these public databases.

2. Registering Your Trademarks

Trademark registration in Canada is a legal process that grants exclusive rights to use a distinctive mark in relation to specific goods or services. Administered by the Canadian Intellectual Property Office (CIPO) and in accordance with the Canadian Trademarks Act, registration helps establish ownership, deter misuse and support enforcement. While not mandatory, it is a key consideration in branding and IP strategy. A registered trademark helps to secure rights nationally and provides legal proof of ownership, critical for combating fraudulent domain registrations and scams.

In domain name disputes, a registered trademark may provide evidence of prior rights, offering a strategic advantage in Uniform Domain-Name Dispute-Resolution Policy (UDRP) or similar arbitration proceedings. Consequently, to strengthen brand protection, businesses may consider registering their domain name or second-level domain (SLD), the portion of the web address excluding the top-level domain (e.g., “.com” or “.ca”), as a trademark. However, trademark registration for domain names is subject to applicable legal requirements, including that the domain name must be used in connection with goods or services in a way that distinguishes the brand from competitors. Merely owning a domain name does not automatically qualify it for trademark protection.

Given the complexities of trademark law, it is best practice to consult a trademark agent or legal counsel to discuss registering your trademarks.

3. Purchasing Similar Domain Names

An additional strategy to consider involves purchasing several domain names similar to those of your organization. Subsequently, you may consider establishing redirects from these similar domain names to your primary website. As mentioned in Part I of this series, however, there are numerous variations of a domain name that can be registered, making it challenging to secure every possible variation that a potential scammer might use in an attempted incident.

Additionally, your organization may consider proactively purchasing the domain names it anticipates using for a branding campaign to help pre-emptively secure and protect its rights, as well as prevent cybersquatting.

4. Cyber Preparedness Practices

In addition to the specific measures listed above, ensuring that your organization is generally prepared for cybersecurity incidents is a crucial preventative measure. The importance of effective preparation cannot be overstated. Drafting and enforcing a streamlined incident response plan can help mitigate damages and reduce the negative effects of associated email phishing schemes. This proactive approach can help prevent domain name fraud from resulting in serious privacy risks and threats to your organization’s IT infrastructure. Effective preparation and working alongside a breach coach, a lawyer whose role is to guide an organization through comprehensive cyber preparedness and cyber response, can help to reduce the risk of a breach occurring and, if one does occur, to mitigate its potential negative effects.

For more information on cybersecurity preparedness and response, please consult the Blakes Canadian Cybersecurity Trends Study 2024

For more information, please contact the authors or any other member of our Cybersecurity group.

Related Insights

Salary Deferral Arrangements: Key Risks and Mitigation Strategies
Five Under 5

Discover key insights to minimize the risk of deferred amounts being characterized as a salary deferral arrangement.
CSA Issues Temporary Relief From Proxy Delivery Requirements
Bulletins

Learn about the CSA’s temporary exemption from proxy delivery rules due to the Canada Post suspension.
British Columbia Proposes Significant Overhaul of the Heritage Conservation Act to Implement DRIPA
Bulletins

Learn about B.C.’s proposed amendments to the Heritage Conservation Act, expanding First Nations stakeholders’ roles and...
More insights

Blakes and Blakes Business Class communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. We would be pleased to provide additional details or advice about specific situations if desired.

For permission to republish this content, please contact the Blakes Client Relations & Marketing Department at [email protected].
© 2025 Blake, Cassels & Graydon LLP

Ask Our Lawyers

Practices

Save as PDF