| Case number | CAC-UDRP-102909 |
|---|---|
| Time of filing | 2020-10-27 09:33:45 |
| Domain names | swinerton.biz |
Case administrator
| Organization | Iveta Špiclová (Czech Arbitration Court) (Case admin) |
|---|
Complainant
| Organization | Swinerton Incorporated |
|---|
Complainant representative
| Organization | RiskIQ, Inc. c/o Jonathan Matkowsky |
|---|
Respondent
| Organization | Douglas Wood |
|---|
Other Legal Proceedings
The Panel is not aware of any other legal proceeding related to the Disputed Domain Name.
Identification Of Rights
The Complainant has been the owner of the trademark SWINERTON in the US since 1923, including but not limited to the following registrations:
- U.S. Reg. No. 2,284,825, issued October 12, 1999, in Int'l Cl. 35, first use October 11, 1923, for SWINERTON (Standard Characters); U.S. Reg. No. 2,282,855, issued October 5, 1999, in Int'l Cl. 37, first use 1923, for SWINERTON (Standard Characters);
- U.S. Reg. No. 5,756,816, issued May 21, 2019, Int'l Cl. 35,37, first use in 2018 for SWINERTON (& Design).
The Complainant is also the owner of the domain name <swinerton.com>.
The Disputed Domain Name was registered on August 27, 2020.
- U.S. Reg. No. 2,284,825, issued October 12, 1999, in Int'l Cl. 35, first use October 11, 1923, for SWINERTON (Standard Characters); U.S. Reg. No. 2,282,855, issued October 5, 1999, in Int'l Cl. 37, first use 1923, for SWINERTON (Standard Characters);
- U.S. Reg. No. 5,756,816, issued May 21, 2019, Int'l Cl. 35,37, first use in 2018 for SWINERTON (& Design).
The Complainant is also the owner of the domain name <swinerton.com>.
The Disputed Domain Name was registered on August 27, 2020.
Factual Background
FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:
This Complaint is based on the following grounds:
[I] The Disputed Domain Name is Confusingly Similar to a Mark in which Complainants have Rights (paragraph 4(a)(i) of the Policy).
Recognized nationally in the U.S. since its founding in 1888, through its predecessors-in-interest and subsidiaries, Swinerton is one of the largest private companies across all industries--providing commercial construction and construction management services throughout the U.S.
[IA] The Disputed Domain Name is Identical to a Mark in which Swinerton has Rights (paragraph 4(a)(i) of the Policy).
Swinerton owns U.S. Reg. No. 2,284,825, issued October 12, 1999, in Int'l Cl. 35, first use Oct. 11, 1923, for SWINERTON (Standard Characters); U.S. Reg. No. 2,282,855, issued October 5, 1999, in Int'l Cl. 37, first use 1923, for SWINERTON (Standard Characters); U.S. Reg. No. 5,756,816, issued May 21, 2019, Int'l Cl. 35,37, first use in 2018 for SWINERTON (& Design). "Swinerton also has common law rights in the United States going as far back as 1923 based on the certified first-use dates in the '825 and '855 registrations".
• Swinerton has established trademark rights based on its use in commerce since at least 1923 and has had registered rights since at least 1999.
• Particularly given the global nature of the Internet and DNS, jurisdictions where the trademark is valid is not considered particularly relevant under the first element. Also, the goods and/or services for which the mark is registered or used in commerce, the filing/priority date, date of registration, and date of claimed first use, are also not considered particularly relevant to paragraph 4(a)(i) of the Policy.
• The Disputed Domain Name is identical to Swinerton's domain as registered for its own commercial website save for the Top-Level Domain (“TLD”). Swinerton has registered “.com”; Respondent has registered the unrestricted “.biz” TLD. The Disputed Domain Name is identical to Swinerton's SWINERTON name and mark as it fully and solely consists of the SWINERTON mark in its entirety. Accordingly, Swinerton satisfies the requirements of paragraph 4(a)(i) of the Policy in both establishing its rights in SWINERTON and demonstrating the Disputed Domain Name is identical to its name and trademark.
[II.] Respondent Has No Rights or Legitimate Interests in Respect of the Disputed Domain Name Because it was Registered and is Being Used for the Sole Purpose of Attempted BEC Fraud (paragraph 4(a)(ii) and (iii) of the Policy).
This is one of those cases where there is such clear indicia of bad faith that there cannot be any respondent rights or legitimate interests; therefore, the facts and circumstances of the case would benefit from a joint discussion of the second and third policy elements.
As background, the Disputed Domain Name was created for the sole purpose of using it against Swinerton and its vendors in a business e-mail compromise (BEC) scam, which is a sophisticated form of social engineering fraud. According to a public service announcement from the U.S. Federal Bureau of Investigation (FBI) released in September 2019, BEC (also known as Email Account Compromise (EAC)) continues to grow and evolve. In this case, Respondent intentionally exploited the relationship between Swinerton and one of its suppliers to then masquerade as Swinerton to send an email to Swinerton's supplier from a customized email account on the Disputed Domain Name using a fraudulent Swinerton signature block and logo as part of a an attempted fraudulent scheme to deceive Swinerton's supplier into providing a quote and completing a fraudulent financial transaction for the benefit of Respondent. Respondent has no rights or legitimate interests in using the Disputed Domain Name as a resource to conduct harmful cyber operations targeting Swinerton or its vendors with fraudulent communications to the detriment of both Swinerton and its supplier. The aim is to scam enterprises into sending confidential information to Respondent for the ultimate aim of receiving ill-gotten gains.
"Use of a domain name for illegal activity can never confer rights or legitimate interests on a Respondent". This includes lookalike domain names registered to illegitimately target a company with BEC; this, of course, is, considered to be registered and being used in bad faith under the Policy, and can never confer a legitimate interest. "Attempting to pass oneself off as a Complainant in emails to phish for confidential information is not considered a bona fide offering of goods or services under paragraph 4(c)(i) or (iii) of the Policy. While the Disputed Domain Name does not resolve to any website content at the time of submission of the Complaint, not only does this fail to constitute a bona fide use, but the email appearing to come from an officer of Swinerton using the Disputed Domain Name targeting a Swinerton vendor "was sufficiently suspicious as to cause the supplier to bring the email to the Complainant’s attention and inquire if it is a legitimate inquiry."
Respondent had actual knowledge of the Complainant’s rights in its asserted trademark that has industry recognition when it registered the Disputed Domain Name because it then used it to masquerade as Swinerton.
Respondent also disrupts Swinerton's business in pursuit of commercial gain based upon a likelihood of confusion with its trademarks under paragraph 4(b)(iii) and (iv) of the Policy. Using a domain to pass oneself off as a Complainant in emails attempting to further a fraudulent scheme is generally considered bad faith disruption as well as the seeking of commercial gain based on trademark confusion under paragraph 4(b)(iii) and (iv) of the Policy.
The mere registration of a domain name of a widely-known trademark by an unaffiliated entity creates a presumption of bad faith…,” which further supports the conclusion that the Disputed Domain Name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy. Under the circumstances of this case, merely configuring mail servers on a domain name evidences that the Domain is being used for the generation of vanity email accounts on the Disputed Domain Name, and bad faith regarding the use of a domain name can be found in relation to uses other than websites, such as where a Respondent uses a domain name as part of an attempted fraudulent scheme or harmful cyber activity with the desire to receive confidential information intended for Swinerton for the ultimate purpose of ill-gotten gain:
ANSWER SECTION:
- swinerton.biz. 38400 IN MX 100 us2.mx3.mailhostbox.com.
- swinerton.biz. 38400 IN MX 100 us2.mx2.mailhostbox.com.
- swinerton.biz. 38400 IN MX 100 us2.mx1.mailhostbox.com.
"Prior decisions have inferred an intent to use disputed domain names for...email based upon the creation of associated MX records." "This inference has been adopted in other decisions" to further support the conclusion that the Disputed Domain Name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy. Finally, the mere use of a proxy to initially register the Disputed Domain Name under the facts and circumstances of this case supports bad-faith registration and use.
CONCLUSION
For all of the foregoing reasons, Complainant has satisfied all three elements of the Policy.
This Complaint is based on the following grounds:
[I] The Disputed Domain Name is Confusingly Similar to a Mark in which Complainants have Rights (paragraph 4(a)(i) of the Policy).
Recognized nationally in the U.S. since its founding in 1888, through its predecessors-in-interest and subsidiaries, Swinerton is one of the largest private companies across all industries--providing commercial construction and construction management services throughout the U.S.
[IA] The Disputed Domain Name is Identical to a Mark in which Swinerton has Rights (paragraph 4(a)(i) of the Policy).
Swinerton owns U.S. Reg. No. 2,284,825, issued October 12, 1999, in Int'l Cl. 35, first use Oct. 11, 1923, for SWINERTON (Standard Characters); U.S. Reg. No. 2,282,855, issued October 5, 1999, in Int'l Cl. 37, first use 1923, for SWINERTON (Standard Characters); U.S. Reg. No. 5,756,816, issued May 21, 2019, Int'l Cl. 35,37, first use in 2018 for SWINERTON (& Design). "Swinerton also has common law rights in the United States going as far back as 1923 based on the certified first-use dates in the '825 and '855 registrations".
• Swinerton has established trademark rights based on its use in commerce since at least 1923 and has had registered rights since at least 1999.
• Particularly given the global nature of the Internet and DNS, jurisdictions where the trademark is valid is not considered particularly relevant under the first element. Also, the goods and/or services for which the mark is registered or used in commerce, the filing/priority date, date of registration, and date of claimed first use, are also not considered particularly relevant to paragraph 4(a)(i) of the Policy.
• The Disputed Domain Name is identical to Swinerton's domain as registered for its own commercial website save for the Top-Level Domain (“TLD”). Swinerton has registered “.com”; Respondent has registered the unrestricted “.biz” TLD. The Disputed Domain Name is identical to Swinerton's SWINERTON name and mark as it fully and solely consists of the SWINERTON mark in its entirety. Accordingly, Swinerton satisfies the requirements of paragraph 4(a)(i) of the Policy in both establishing its rights in SWINERTON and demonstrating the Disputed Domain Name is identical to its name and trademark.
[II.] Respondent Has No Rights or Legitimate Interests in Respect of the Disputed Domain Name Because it was Registered and is Being Used for the Sole Purpose of Attempted BEC Fraud (paragraph 4(a)(ii) and (iii) of the Policy).
This is one of those cases where there is such clear indicia of bad faith that there cannot be any respondent rights or legitimate interests; therefore, the facts and circumstances of the case would benefit from a joint discussion of the second and third policy elements.
As background, the Disputed Domain Name was created for the sole purpose of using it against Swinerton and its vendors in a business e-mail compromise (BEC) scam, which is a sophisticated form of social engineering fraud. According to a public service announcement from the U.S. Federal Bureau of Investigation (FBI) released in September 2019, BEC (also known as Email Account Compromise (EAC)) continues to grow and evolve. In this case, Respondent intentionally exploited the relationship between Swinerton and one of its suppliers to then masquerade as Swinerton to send an email to Swinerton's supplier from a customized email account on the Disputed Domain Name using a fraudulent Swinerton signature block and logo as part of a an attempted fraudulent scheme to deceive Swinerton's supplier into providing a quote and completing a fraudulent financial transaction for the benefit of Respondent. Respondent has no rights or legitimate interests in using the Disputed Domain Name as a resource to conduct harmful cyber operations targeting Swinerton or its vendors with fraudulent communications to the detriment of both Swinerton and its supplier. The aim is to scam enterprises into sending confidential information to Respondent for the ultimate aim of receiving ill-gotten gains.
"Use of a domain name for illegal activity can never confer rights or legitimate interests on a Respondent". This includes lookalike domain names registered to illegitimately target a company with BEC; this, of course, is, considered to be registered and being used in bad faith under the Policy, and can never confer a legitimate interest. "Attempting to pass oneself off as a Complainant in emails to phish for confidential information is not considered a bona fide offering of goods or services under paragraph 4(c)(i) or (iii) of the Policy. While the Disputed Domain Name does not resolve to any website content at the time of submission of the Complaint, not only does this fail to constitute a bona fide use, but the email appearing to come from an officer of Swinerton using the Disputed Domain Name targeting a Swinerton vendor "was sufficiently suspicious as to cause the supplier to bring the email to the Complainant’s attention and inquire if it is a legitimate inquiry."
Respondent had actual knowledge of the Complainant’s rights in its asserted trademark that has industry recognition when it registered the Disputed Domain Name because it then used it to masquerade as Swinerton.
Respondent also disrupts Swinerton's business in pursuit of commercial gain based upon a likelihood of confusion with its trademarks under paragraph 4(b)(iii) and (iv) of the Policy. Using a domain to pass oneself off as a Complainant in emails attempting to further a fraudulent scheme is generally considered bad faith disruption as well as the seeking of commercial gain based on trademark confusion under paragraph 4(b)(iii) and (iv) of the Policy.
The mere registration of a domain name of a widely-known trademark by an unaffiliated entity creates a presumption of bad faith…,” which further supports the conclusion that the Disputed Domain Name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy. Under the circumstances of this case, merely configuring mail servers on a domain name evidences that the Domain is being used for the generation of vanity email accounts on the Disputed Domain Name, and bad faith regarding the use of a domain name can be found in relation to uses other than websites, such as where a Respondent uses a domain name as part of an attempted fraudulent scheme or harmful cyber activity with the desire to receive confidential information intended for Swinerton for the ultimate purpose of ill-gotten gain:
ANSWER SECTION:
- swinerton.biz. 38400 IN MX 100 us2.mx3.mailhostbox.com.
- swinerton.biz. 38400 IN MX 100 us2.mx2.mailhostbox.com.
- swinerton.biz. 38400 IN MX 100 us2.mx1.mailhostbox.com.
"Prior decisions have inferred an intent to use disputed domain names for...email based upon the creation of associated MX records." "This inference has been adopted in other decisions" to further support the conclusion that the Disputed Domain Name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy. Finally, the mere use of a proxy to initially register the Disputed Domain Name under the facts and circumstances of this case supports bad-faith registration and use.
CONCLUSION
For all of the foregoing reasons, Complainant has satisfied all three elements of the Policy.
Parties Contentions
NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.
Rights
The Complainant has, to the satisfaction of the Panel, shown the Disputed Domain Name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).
First, the Complainant claims rights in the SWINERTON mark through its trademark registrations with the USPTO. By virtue of its trademark registrations with USPTO, Complainant has proved that it has rights in the mark under paragraph 4(a) of the Policy. See Avast Software s. r. o. v Milen Radumilo, 102384, (CAC 2019-03-12).
Second, the Complaint claims that the prominent part of the Disputed Domain Name is identical to its trademark registration and the prominent part of its primary domain name <swinerton.com>. The Panel accepts that the “.biz” generic top-level domain (“gTLD”) is irrelevant when establishing whether or not a mark is identical or confusingly similar for the purposes of paragraph 4(a)(i) of the Policy. See LESAFFRE ET COMPAGNIE v Tims Dozman, 102430, (CAC 2019-04-02).
For the foregoing reasons, the Panel finds the Complainant has satisfied paragraph 4(a)(i) of the Policy.
First, the Complainant claims rights in the SWINERTON mark through its trademark registrations with the USPTO. By virtue of its trademark registrations with USPTO, Complainant has proved that it has rights in the mark under paragraph 4(a) of the Policy. See Avast Software s. r. o. v Milen Radumilo, 102384, (CAC 2019-03-12).
Second, the Complaint claims that the prominent part of the Disputed Domain Name is identical to its trademark registration and the prominent part of its primary domain name <swinerton.com>. The Panel accepts that the “.biz” generic top-level domain (“gTLD”) is irrelevant when establishing whether or not a mark is identical or confusingly similar for the purposes of paragraph 4(a)(i) of the Policy. See LESAFFRE ET COMPAGNIE v Tims Dozman, 102430, (CAC 2019-04-02).
For the foregoing reasons, the Panel finds the Complainant has satisfied paragraph 4(a)(i) of the Policy.
No Rights or Legitimate Interests
The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the Disputed Domain Name (within the meaning of paragraph 4(a)(ii)of the Policy). More specifically, the complainant must first makes a prima facie case that the respondent lacks rights and legitimate interests in the domain names, and the burden of prove then shifts to the respondent to show it does have rights or legitimate interests. See PepsiCo, Inc. v Smith power production, 102378, (CAC 2019-03-08) ("The Panel finds that the Complainant has made out a prima facie case that arises from the considerations above. All of these matters go to make out the prima facie case against the Respondent. As the Respondent has not filed a Response or attempted by any other means to rebut the prima facie case against it, the Panel finds that the Respondent has no rights or legitimate interests in the disputed domain name.").
Despite the Complainant combines the second and third elements under paragraph 4(a) of the Policy to have a joint discussion considering the overlapping facts and circumstances of the case, the Panel intends to discuss the 2 elements separately for the sake of clarity of the present case.
First, the Complainant contends that Respondent has no rights or legitimate interests in the Disputed Domain Name, as the Disputed Domain Name was created for the sole purpose of using it against the Complainant and its vendors in a Business E-mail Compromise (BEC) scam, which is a sophisticated form of social engineering fraud. Having reviewing the sender and recipient email addresses, email signature and the content from the email evidence, the Panel agrees that Respondent’s use of the Disputed Domain Name in connection with a fraudulent phishing scheme fails to indicate a bona fide or fair use of the Disputed Domain Name under paragraph 4(c) of the Policy. See Novartis AG v. Anderson Paul, 102292, (CAC 2019-01-09).
The Panel finds that the Complainant has established a prima facie case that the Respondent has no rights or legitimate interests in the Disputed Domain Name and the Respondent has not rebutted the assertion.
For the foregoing reasons, the Panel finds the Complainant has satisfied paragraph 4(a)(ii) of the Policy.
Despite the Complainant combines the second and third elements under paragraph 4(a) of the Policy to have a joint discussion considering the overlapping facts and circumstances of the case, the Panel intends to discuss the 2 elements separately for the sake of clarity of the present case.
First, the Complainant contends that Respondent has no rights or legitimate interests in the Disputed Domain Name, as the Disputed Domain Name was created for the sole purpose of using it against the Complainant and its vendors in a Business E-mail Compromise (BEC) scam, which is a sophisticated form of social engineering fraud. Having reviewing the sender and recipient email addresses, email signature and the content from the email evidence, the Panel agrees that Respondent’s use of the Disputed Domain Name in connection with a fraudulent phishing scheme fails to indicate a bona fide or fair use of the Disputed Domain Name under paragraph 4(c) of the Policy. See Novartis AG v. Anderson Paul, 102292, (CAC 2019-01-09).
The Panel finds that the Complainant has established a prima facie case that the Respondent has no rights or legitimate interests in the Disputed Domain Name and the Respondent has not rebutted the assertion.
For the foregoing reasons, the Panel finds the Complainant has satisfied paragraph 4(a)(ii) of the Policy.
Bad Faith
The Complainant has, to the satisfaction of the Panel, shown the Disputed Domain Name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).
First, the Complainant argues that Respondent had actual knowledge of the Complainant’s rights in its asserted trademark that has industry recognition when it registered the Disputed Domain Name because it then used it to masquerade as the Complainant. The Panel notes that the Disputed Domain Name was registered on August 27, 2020 which is almost 100 years after the first commercial use of the SWINERTON trademark. Having reviewed the email evidence, the Panel notes that the Respondent included the company name and logo of the Complainant on the email signature which blatantly has actual knowledge of the Complainant and its SWINERTON trademark. See MAJE v. enchong lin, 102382 (CAC 2019-03-11). The Panel agrees the Disputed Domain Name was registered in bad faith.
Second, the Complainant asserts that despite the Disputed Domain Name does not resolve to any website content at the time of submission of the Complaint, the Respondent had used the Disputed Domain Name to send phishing email appearing to come from a senior officer of the Complainant targeting a vendor of the Complainant. Having reviewed the content of the email evidence, the Panel agrees that the Respondent uses the Disputed Domain Name as part of an attempted fraudulent scheme or harmful cyber activity with the desire to receive confidential information for commercial gain. See Pepsico, Inc. v. Fundacion Comercio Electronico, 101999 (CAC 2018-06-27). The Panel finds that Respondent's use of the Disputed Domain Name was in bad faith.
For the foregoing reasons, the Panel finds the Complainant has satisfied paragraph 4(a)(iii) of the Policy.
First, the Complainant argues that Respondent had actual knowledge of the Complainant’s rights in its asserted trademark that has industry recognition when it registered the Disputed Domain Name because it then used it to masquerade as the Complainant. The Panel notes that the Disputed Domain Name was registered on August 27, 2020 which is almost 100 years after the first commercial use of the SWINERTON trademark. Having reviewed the email evidence, the Panel notes that the Respondent included the company name and logo of the Complainant on the email signature which blatantly has actual knowledge of the Complainant and its SWINERTON trademark. See MAJE v. enchong lin, 102382 (CAC 2019-03-11). The Panel agrees the Disputed Domain Name was registered in bad faith.
Second, the Complainant asserts that despite the Disputed Domain Name does not resolve to any website content at the time of submission of the Complaint, the Respondent had used the Disputed Domain Name to send phishing email appearing to come from a senior officer of the Complainant targeting a vendor of the Complainant. Having reviewed the content of the email evidence, the Panel agrees that the Respondent uses the Disputed Domain Name as part of an attempted fraudulent scheme or harmful cyber activity with the desire to receive confidential information for commercial gain. See Pepsico, Inc. v. Fundacion Comercio Electronico, 101999 (CAC 2018-06-27). The Panel finds that Respondent's use of the Disputed Domain Name was in bad faith.
For the foregoing reasons, the Panel finds the Complainant has satisfied paragraph 4(a)(iii) of the Policy.
Procedural Factors
The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Principal Reasons for the Decision
Having established all three elements required under the UDRP Policy, the Panel concludes that relief shall be granted.
For all the reasons stated above, the Complaint is
Accepted
and the disputed domain name(s) is (are) to be
- SWINERTON.BIZ: Transferred
PANELLISTS
| Name | Mr Paddy TAM |
|---|
Date of Panel Decision
2020-11-23
Publish the Decision