Case number | CAC-UDRP-103241 |
---|---|
Time of filing | 2020-09-02 09:32:00 |
Domain names | INTESA-SANPAOLO.CLOUD |
Case administrator
Name | Olga Dvořáková (Case admin) |
---|
Complainant
Organization | Intesa Sanpaolo S.p.A. |
---|
Complainant representative
Organization | Perani Pozzi Associati |
---|
Respondent
Name | CARLO CORTESE |
---|
Other Legal Proceedings
The Panel is not aware of any other legal proceedings pending or decided which relate to the disputed domain name.
Identification Of Rights
The Complainant is the owner, among others, of the following registrations for the trademarks “INTESA” and “INTESA SANPAOLO”:
- International trademark registration n. 793367 “INTESA”, granted on September 04, 2002 and duly renewed, in class 36;
- International trademark registration n. 920896 “INTESA SANPAOLO”, granted on March 07, 2007 and duly renewed, in classes 9, 16, 35, 36, 41, 42;
- EU trademark registration n. 12247979 “INTESA”, applied on October 23, 2013 and granted on March 05, 2014, in classes 9, 16, 35, 36, 38, 41 and 42;
- EU trademark registration n. 5301999 “INTESA SANPAOLO”, applied on September 08, 2006, granted on June 18, 2007 and duly renewed, in classes 35, 36 and 38.
Moreover, the Complainant is also the owner, among others, of the following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”: INTESASANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ, INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ and INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME. All of them are now connected to the official website http://www.intesasanpaolo.com.
- International trademark registration n. 793367 “INTESA”, granted on September 04, 2002 and duly renewed, in class 36;
- International trademark registration n. 920896 “INTESA SANPAOLO”, granted on March 07, 2007 and duly renewed, in classes 9, 16, 35, 36, 41, 42;
- EU trademark registration n. 12247979 “INTESA”, applied on October 23, 2013 and granted on March 05, 2014, in classes 9, 16, 35, 36, 38, 41 and 42;
- EU trademark registration n. 5301999 “INTESA SANPAOLO”, applied on September 08, 2006, granted on June 18, 2007 and duly renewed, in classes 35, 36 and 38.
Moreover, the Complainant is also the owner, among others, of the following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”: INTESASANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ, INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ and INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME. All of them are now connected to the official website http://www.intesasanpaolo.com.
Factual Background
FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:
The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.
Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 29,9 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 3,700 branches capillary and well distributed throughout the Country, with market shares of more than 15% in most Italian regions, the Group offers its services to approximately 12 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1.000 branches and over 7,2 million customers. Moreover, the international network specialised in supporting corporate customers is present in 25 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.
On April 15, 2020, the Respondent registered the domain name INTESA-SANPAOLO.CLOUD.
It is more than obvious that the domain name at issue is identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”. As a matter of fact, INTESA-SANPAOLO.CLOUD exactly reproduces my Client’s well-known trademark “INTESA SANPAOLO”.
The Respondent has no rights on the disputed domain name, and any use of the trademarks “INTESA SANPAOLO” and “INTESA” has to be authorized by the Complainant. Nobody has been authorized or licensed by the above-mentioned banking group to use the domain name at issue.
The domain name at stake does not correspond to the name of the Respondent and, to the best knowledge of the Complainant, the Respondent is not commonly known as “INTESA-SANPAOLO”.
The domain name INTESA-SANPAOLO.CLOUD was registered and is used in bad faith.
The Complainant’s trademarks “INTESA” and “INTESA SANPAOLO” are distinctive and well known all around the world. The fact that the Respondent has registered a domain name that is confusingly similar to them indicates that the Respondent had knowledge of the Complainant’s trademark at the time of registration of the disputed domain name. In addition, if the Respondent had carried even a basic Google search in respect of the wordings “INTESA” and “INTESA SANPAOLO”, the same would have yielded obvious references to the Complainant. The Complainant submits an extract of a Google search in support of its allegation. This raises a clear inference of knowledge of the Complainant’s trademark on the part of the Respondent. Therefore, it is more than likely that the domain name at issue would not have been registered if it were not for Complainant’s trademark. This is a clear evidence of registration of the domain name in bad faith.
In addition, the Disputed domain name is not used for any bona fide offerings. More particularly, there are present circumstances indicating that, by using the domain name, the Respondent has intentionally attempted to attract, for commercial gain, Internet users to his web site, by creating a likelihood of confusion with the Complainant's mark as to the source, sponsorship, affiliation, or endorsement of his web site (par. 4(b)(iv) of the Policy).
The contested domain name is not used for any bone fide offerings, considering that the same is connected to a website which has been blocked by Google Safe Browsing through a warning page.
It is clear that the main purpose of the Respondent was to use the above website for “phishing” financial information in an attempt to defraud the Complainant’s customers and that Google promptly stopped the illicit activity carried out by the Respondent.
As underlined by countless WIPO decisions, “<Phishing> is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See, in this concern, Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.
Several WIPO decisions also stated that the “Use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith” (see, as Annex E, Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado). In particular, the UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. In this sense, it shall also bear in mind WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa (see Annex F), where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.
In conclusion, even excluding any current “phishing” purposes or other illicit use of the domain name in the present case (which, however, has been confirmed by Google Safe Browsing with a warning page), there are no other possible legitimate use of INTESA-SANPAOLO.CLOUD. The sole further aim of the owner of the domain name under consideration might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).
Lastly, it shall be noted that on April 23, 2020 the Complainant’s attorneys sent to the to the Respondent’s Registrar a cease and desist letter, asking to forward the document to the domain name owner in order to require the voluntary transfer of the domain name at issue. Despite such communication, the Respondent did not comply with the above request.
In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.
The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.
Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 29,9 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 3,700 branches capillary and well distributed throughout the Country, with market shares of more than 15% in most Italian regions, the Group offers its services to approximately 12 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1.000 branches and over 7,2 million customers. Moreover, the international network specialised in supporting corporate customers is present in 25 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.
On April 15, 2020, the Respondent registered the domain name INTESA-SANPAOLO.CLOUD.
It is more than obvious that the domain name at issue is identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”. As a matter of fact, INTESA-SANPAOLO.CLOUD exactly reproduces my Client’s well-known trademark “INTESA SANPAOLO”.
The Respondent has no rights on the disputed domain name, and any use of the trademarks “INTESA SANPAOLO” and “INTESA” has to be authorized by the Complainant. Nobody has been authorized or licensed by the above-mentioned banking group to use the domain name at issue.
The domain name at stake does not correspond to the name of the Respondent and, to the best knowledge of the Complainant, the Respondent is not commonly known as “INTESA-SANPAOLO”.
The domain name INTESA-SANPAOLO.CLOUD was registered and is used in bad faith.
The Complainant’s trademarks “INTESA” and “INTESA SANPAOLO” are distinctive and well known all around the world. The fact that the Respondent has registered a domain name that is confusingly similar to them indicates that the Respondent had knowledge of the Complainant’s trademark at the time of registration of the disputed domain name. In addition, if the Respondent had carried even a basic Google search in respect of the wordings “INTESA” and “INTESA SANPAOLO”, the same would have yielded obvious references to the Complainant. The Complainant submits an extract of a Google search in support of its allegation. This raises a clear inference of knowledge of the Complainant’s trademark on the part of the Respondent. Therefore, it is more than likely that the domain name at issue would not have been registered if it were not for Complainant’s trademark. This is a clear evidence of registration of the domain name in bad faith.
In addition, the Disputed domain name is not used for any bona fide offerings. More particularly, there are present circumstances indicating that, by using the domain name, the Respondent has intentionally attempted to attract, for commercial gain, Internet users to his web site, by creating a likelihood of confusion with the Complainant's mark as to the source, sponsorship, affiliation, or endorsement of his web site (par. 4(b)(iv) of the Policy).
The contested domain name is not used for any bone fide offerings, considering that the same is connected to a website which has been blocked by Google Safe Browsing through a warning page.
It is clear that the main purpose of the Respondent was to use the above website for “phishing” financial information in an attempt to defraud the Complainant’s customers and that Google promptly stopped the illicit activity carried out by the Respondent.
As underlined by countless WIPO decisions, “<Phishing> is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See, in this concern, Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.
Several WIPO decisions also stated that the “Use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith” (see, as Annex E, Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado). In particular, the UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. In this sense, it shall also bear in mind WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa (see Annex F), where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.
In conclusion, even excluding any current “phishing” purposes or other illicit use of the domain name in the present case (which, however, has been confirmed by Google Safe Browsing with a warning page), there are no other possible legitimate use of INTESA-SANPAOLO.CLOUD. The sole further aim of the owner of the domain name under consideration might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).
Lastly, it shall be noted that on April 23, 2020 the Complainant’s attorneys sent to the to the Respondent’s Registrar a cease and desist letter, asking to forward the document to the domain name owner in order to require the voluntary transfer of the domain name at issue. Despite such communication, the Respondent did not comply with the above request.
In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.
Parties Contentions
NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.
Rights
The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights (within the meaning of paragraph 4(a)(i)of the Policy).
This is a case of "typosquatting“, i.e. the disputed domain name contains the Complainant’s trademark INTESA SANPAOLO in it's entirety with the mere addition of a hyphen between INTESA and SANPAOLO. It is well established that the specific top level of a domain name such as “.com”, “.org” or in casue “.cloud” does not affect the domain name for the purpose of determining whether it is identical or confusingly similar.
Previous panels have found that the slight spelling variations does not prevent a domain name from being confusingly similar to the Complainant’s trademark. Adding the hyphen, does not take away the confusing similarity between the domain name and the trademark.
Simple exchange or adding of letters or special characters is not a sufficient element to escape the finding that the disputed domain name is confusingly similar to the Complainant’s trademarks and domain names.
This is a case of "typosquatting“, i.e. the disputed domain name contains the Complainant’s trademark INTESA SANPAOLO in it's entirety with the mere addition of a hyphen between INTESA and SANPAOLO. It is well established that the specific top level of a domain name such as “.com”, “.org” or in casue “.cloud” does not affect the domain name for the purpose of determining whether it is identical or confusingly similar.
Previous panels have found that the slight spelling variations does not prevent a domain name from being confusingly similar to the Complainant’s trademark. Adding the hyphen, does not take away the confusing similarity between the domain name and the trademark.
Simple exchange or adding of letters or special characters is not a sufficient element to escape the finding that the disputed domain name is confusingly similar to the Complainant’s trademarks and domain names.
No Rights or Legitimate Interests
The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).
The Complainant contends that the Respondent is not affiliated with him nor authorized by him in any way to use his trademarks in a domain name or on a website. The Complainant does not carry out any activity for, nor has any business with the Respondent.
The Complainant contends that the Respondent is not affiliated with him nor authorized by him in any way to use his trademarks in a domain name or on a website. The Complainant does not carry out any activity for, nor has any business with the Respondent.
Bad Faith
The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).
Given the circumstances of the case, including the provided information of the use and reputation of the Complainant’s trademark INTESA SANPAOLO and the distinctive nature of this mark, it is inconceivable to the Panel in the current circumstances that the Respondent registered the disputed domain name with prior knowledge of the Complainant and the Complainant’s mark. The Panel therefore finds that the disputed domain name was registered in bad faith.
The disputed domain name currently resolves to a website blocked by Google for security reasons. The disputed domain name enables the Respondent to send emails using an e-mail address that contains the disputed domain name.
It is inconceivable that the Respondent can use the e-mails connected to the disputed domain name for good faith use of the disputed domain name as part of an e-mail address. The Panel notes in this connection that "passive" holding of a domain name does not prevent a finding of bad faith use under paragraph 4(a)(iii) of the Policy, it does not change that view of the Panel that the disputed name is "inactive" due to a blocking by Google rather the opposite.
Given the circumstances of the case, including the provided information of the use and reputation of the Complainant’s trademark INTESA SANPAOLO and the distinctive nature of this mark, it is inconceivable to the Panel in the current circumstances that the Respondent registered the disputed domain name with prior knowledge of the Complainant and the Complainant’s mark. The Panel therefore finds that the disputed domain name was registered in bad faith.
The disputed domain name currently resolves to a website blocked by Google for security reasons. The disputed domain name enables the Respondent to send emails using an e-mail address that contains the disputed domain name.
It is inconceivable that the Respondent can use the e-mails connected to the disputed domain name for good faith use of the disputed domain name as part of an e-mail address. The Panel notes in this connection that "passive" holding of a domain name does not prevent a finding of bad faith use under paragraph 4(a)(iii) of the Policy, it does not change that view of the Panel that the disputed name is "inactive" due to a blocking by Google rather the opposite.
Procedural Factors
The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Principal Reasons for the Decision
1. The three essential issues under the paragraph 4(a) of the Policy are whether:
i. the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and
ii. the Respondent has no rights or legitimate interests with respect to the disputed domain name; and
iii. the disputed domain name has been registered and is being used in bad faith.
2. The Panel reviewed carefully all documents provided by the Complainant. The Respondent did not provide the Panel with any documents or statements. The Panel also visited all available websites and public information concerning the disputed domain name, namely the WHOIS databases.
3. The UDRP Rules clearly say in its Article 3 that any person or entity may initiate an administrative proceeding by submitting a complaint in accordance with the Policy and these Rules.
4. The Panel therefore came to the following conclusions:
a) The Complainant states and proves that the disputed domain name is confusingly similar to its trademarks and its domain names. Indeed, the trademark is fully incorporated in the disputed domain name.
The disputed domain name is therefore deemed identical or confusingly similar.
b) The Respondent is not generally known by the disputed domain name and have not acquired any trademark or service mark rights in the name or mark, nor is there any authorization for the Respondent by the Complainant to use or register the disputed domain name.
The Panel therefore finds that the Respondent does not have rights or legitimate interest with respect to the disputed domain name.
c) It is clear that the Complainant's trademarks and website(s) were used by the Complainant long time before the disputed domain name was registered. There is no present use of the disputed domain name but there are indications that the disputed domain name is likely used as part of e-mail addresses for fraudulent purposes. It is concluded that the Respondent makes bad faith use of the disputed domain name.
The Panel therefore finds that the disputed domain name has been registered and is being used in bad faith.
For the reasons stated above, it is the decision of this Panel that the Complainant has satisfied all three elements of paragraph 4(a) of the Policy.
1. The three essential issues under the paragraph 4(a) of the Policy are whether:
i. the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and
ii. the Respondent has no rights or legitimate interests with respect to the disputed domain name; and
iii. the disputed domain name has been registered and is being used in bad faith.
2. The Panel reviewed carefully all documents provided by the Complainant. The Respondent did not provide the Panel with any documents or statements. The Panel also visited all available websites and public information concerning the disputed domain name, namely the WHOIS databases.
3. The UDRP Rules clearly say in its Article 3 that any person or entity may initiate an administrative proceeding by submitting a complaint in accordance with the Policy and these Rules.
4. The Panel therefore came to the following conclusions:
a) The Complainant states and proves that the disputed domain name is confusingly similar to its trademarks and its domain names. Indeed, the trademark is fully incorporated in the disputed domain name.
The disputed domain name is therefore deemed identical or confusingly similar.
b) The Respondent is not generally known by the disputed domain name and have not acquired any trademark or service mark rights in the name or mark, nor is there any authorization for the Respondent by the Complainant to use or register the disputed domain name.
The Panel therefore finds that the Respondent does not have rights or legitimate interest with respect to the disputed domain name.
c) It is clear that the Complainant's trademarks and website(s) were used by the Complainant long time before the disputed domain name was registered. There is no present use of the disputed domain name but there are indications that the disputed domain name is likely used as part of e-mail addresses for fraudulent purposes. It is concluded that the Respondent makes bad faith use of the disputed domain name.
The Panel therefore finds that the disputed domain name has been registered and is being used in bad faith.
For the reasons stated above, it is the decision of this Panel that the Complainant has satisfied all three elements of paragraph 4(a) of the Policy.
For all the reasons stated above, the Complaint is
Accepted
and the disputed domain name(s) is (are) to be
- INTESA-SANPAOLO.CLOUD: Transferred
PANELLISTS
Name | Lars Karnoe |
---|
Date of Panel Decision
2020-10-02
Publish the Decision