537 Phishing Domains Taken Down: Inside the Largest WIPO Cybersquatting Cases of 2026

On March 31, 2026, the World Intellectual Property Organization (WIPO) published one of the largest cybersquatting decisions in its history. Empower Annuity Insurance Company successfully challenged 537 domain names — all typosquats of the Empower brand used in a coordinated phishing scheme.

What makes this case remarkable isn't just the number. It's the second WIPO decision involving more than 500 domains decided *this month*. That's not a coincidence — it's a signal that cybersquatting at industrial scale is accelerating, and brand owners are fighting back harder than ever.

What Happened in the Empower Case

Empower Annuity Insurance Company, one of the largest retirement plan providers in the United States, discovered hundreds of domain names that were slight misspellings and variations of their brand. These weren't parked pages or generic advertising landing pages. They were configured for active phishing operations — designed to trick Empower's customers into entering credentials, personal information, or financial data.

The 537 domains followed classic typosquatting patterns:

• Character substitutions (replacing letters with visually similar ones)
• Added or removed characters from the brand name
• Common misspellings that users might type accidentally
• Variations across multiple TLD extensions

Empower filed a complaint under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), and the WIPO panel ruled in their favor, ordering the transfer of all 537 domains.

Why 500+ Domain Cases Are Becoming Common

A decade ago, a UDRP case involving more than 100 domains was considered exceptional. In 2026, we're seeing cases with 500+ domains decided routinely. Several factors are driving this:

1. Automated Domain Registration at Scale

Registering domains has never been cheaper or easier. With bulk registration tools and APIs, bad actors can register hundreds of typosquatting variants in minutes. Some registrars offer bulk pricing as low as $1-2 per domain for the first year, making it economically viable to register 500+ domains targeting a single brand.

2. Phishing-as-a-Service Infrastructure

Modern phishing operations aren't run by lone hackers. There's an entire underground ecosystem of phishing kits, hosting infrastructure, and even customer support for cybercriminals. A single operator can spin up hundreds of convincing phishing sites using templates, automatically deploying them across hundreds of typosquatting domains.

3. UDRP Panels Are Consolidating Cases

WIPO and other UDRP providers have become more efficient at handling bulk complaints. Rather than filing 537 separate cases (which would cost a fortune in filing fees), brand owners can consolidate related domains into a single proceeding. This makes enforcement more practical and cost-effective.

4. Financial Services Are Prime Targets

Companies like Empower that handle sensitive financial data are especially attractive targets for phishing. The potential payoff for criminals is enormous — access to retirement accounts, personal financial information, and account credentials. This makes financial services brands disproportionately targeted by typosquatting operations.

The Real Cost of Cybersquatting in 2026

Let's put some numbers on what cases like this actually cost:

For the brand owner:

• WIPO filing fees for a single-panelist case with 500+ domains: approximately $15,000-$20,000
• Legal fees for preparing the complaint: $10,000-$50,000 depending on complexity
• Internal investigation and evidence gathering: significant staff time
• Reputation damage from customers who fell for phishing: potentially millions

For domain registrants:

• Registration costs for 537 domains: as low as $537-$1,074 at bulk rates
• Revenue from phishing operations before takedown: potentially hundreds of thousands of dollars

The economics are starkly asymmetric. It costs a criminal around $1,000 to register 500 phishing domains, but it costs the brand owner $25,000-$70,000 or more to take them down through UDRP. And that doesn't account for the customer harm in between.

What This Means for Domain Name Owners

If you own domain names — whether as an investor, a business owner, or a developer — the Empower case has several important implications:

Legitimate Domain Investors: Stay Clean

The line between a legitimate domain investment and cybersquatting has never been more scrutinized. If you're registering domains that contain brand names, variations of brand names, or common misspellings of well-known brands, you're taking a significant legal risk.

UDRP panels are increasingly sophisticated at identifying patterns that suggest bad faith:

• Registering multiple variations of the same brand
• Using privacy protection services to hide registrant identity
• Parking pages with advertising related to the brand
• Registering domains shortly after a brand gains prominence

Business Owners: Register Defensively

If you're building a brand, consider registering common misspellings and variations of your domain name proactively. The cost of registering 10-20 defensive domains ($100-$200/year) is trivial compared to the cost of fighting a phishing operation later.

Key defensive registrations to consider:

• Common misspellings of your brand name
• Your brand name across major TLDs (.com, .net, .org, .co, .io, .ai)
• Hyphenated and non-hyphenated versions
• Singular and plural forms

You can use DomyDomains' bulk domain search to check availability across multiple extensions simultaneously.

Developers: Secure Your Project Names Early

Open-source projects and developer tools are increasingly targeted by typosquatting — both in domain names and in package registries (as the recent Axios NPM compromise demonstrated). If you're launching a developer tool or open-source project, secure the matching domain name early, across multiple TLDs.

The Bigger Picture: UDRP in 2026

The Empower case fits into several broader trends we've been tracking in the domain dispute landscape this year:

Reverse Domain Name Hijacking (RDNH) is also rising. While legitimate brand owners are fighting real cybersquatting, some companies are abusing UDRP to try to take domains they have no right to. Earlier this month, a body armor company called ArmorIQ was found to have filed a UDRP complaint in bad faith. Panelists are getting better at identifying — and penalizing — these attempts.

Personal name domains are contested territory. Robinhood CEO Vlad Tenev recently filed a federal lawsuit over VladTenev.com after losing a UDRP complaint. Personal name domains sit in a legal gray area that UDRP wasn't designed to handle well.

GoDaddy's auction clawback issues continue. A federal court has ordered GoDaddy to disclose information about prior domain auction reversals, raising questions about trust and reliability in the aftermarket. When you're evaluating domain marketplaces, it's worth understanding the risks involved.

How to Check If Your Brand Is Being Typosquatted

If you're concerned about typosquatting targeting your brand, here are practical steps:

1. Run systematic searches. Use DomyDomains' domain search to check common variations of your brand across multiple TLDs.

1. Set up monitoring. Services like WIPO's UDRP Alert and various brand monitoring tools can notify you when domains similar to yours are registered.

1. Check WHOIS records. Use a WHOIS lookup tool to investigate suspicious domains and identify patterns in registration.

1. Document everything. If you find typosquatting domains, document the registration dates, content, and any evidence of phishing or brand confusion before contacting a lawyer.

1. Assess your options. UDRP is effective but not free. For a small number of domains, direct negotiation or purchase might be more cost-effective. For large-scale phishing operations like the Empower case, UDRP or legal action is typically the only option.

Looking Ahead

The Empower case is a reminder that as the domain name ecosystem grows — with new gTLD applications opening in April 2026 — the attack surface for typosquatting grows with it. Every new TLD extension is another variation a phisher can register.

For brand owners, the message is clear: proactive domain portfolio management isn't optional anymore. For domain investors, it's a reminder to build value through legitimate means. And for everyone building on the web, understanding domain name disputes is part of digital literacy in 2026.

The 537-domain Empower case won't be the last mega-UDRP of the year. If anything, it's setting the pace for what's to come.

---

*Want to secure your brand's domain presence? Start with a free domain search on DomyDomains to check availability across hundreds of extensions. Use our domain value estimator to assess existing domains, or explore domain pricing trends to understand the current market.*

🔍 Looking for a cybersquatting domain?

Search 400+ extensions instantly. See prices. Register in seconds.

📚 Keep Reading