Case number | CAC-UDRP-100921 |
---|---|
Time of filing | 2015-02-04 12:05:16 |
Domain names | US-TEVA.COM |
Case administrator
Name | Lada Válková (Case admin) |
---|
Complainant
Organization | TEVA PHARMACEUTICAL INDUSTRIES LTD. |
---|
Complainant representative
Organization | Matkowsky Law PC |
---|
Respondent
Organization | WHOIS PRIVACY PROTECTION SERVICE, INC. |
---|
Other Legal Proceedings
None
Identification Of Rights
US. Reg. No. 1,567,918 (filed Feb. 17, 1989, issued Nov. 28, 1989), in Class 5
Factual Background
FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:
The Complainant TEVA PHARMACEUTICAL INDUSTRIES LTD. (“Complainant,” together with its subsidiaries, collectively, “Teva” or the “Teva Group”).
The Complainant states that when the proceeding was initiated, Whois Privacy Protection Service (eNom's backend service provider for proxy registration services) was the domain holder. A "proxy service" is a service through which a registered name holder licenses use of a registered name to the privacy/proxy customer in order to provide such customer use of the domain name, and the registered name holder's contact information is displayed in the Whois, rather than the privacy/proxy customer's contact information.
During the registrar verification process with eNom, however, it became clear that the beneficiary/customer/licensee of Whois Privacy Protection Service (defined in the 2013 as the "P/P Customer") use the account "cuvert.robert@gmail.com" to submit the registration request in the name of "Drew Lewis" in California, USA, but that according to historical Whois records (e.g., Annex 6, at BN29M-BN29P), the account "cuvert.robert@gmail.com" (the email address of the P/P customer) has also been used to register domain names in the name of "Cuvert Robert" in Front Royal, Great Britain, and "Edie Gross" in New York, USA. Therefore, the Complainant is reluctant to identify the Respondent (domain holder) by the name submitted to the proxy service by the P/P Customer because it may be an innocent persons' identity that was being misused to register the domain name.
Trademark/Service Mark Information:
Teva is a leading global pharmaceutical company, committed to increasing access to high-quality healthcare by developing, producing and marketing affordable generic drugs as well as innovative and specialty pharmaceuticals and active pharmaceutical ingredients. Headquartered in Israel, Teva is the world's leading generic drug maker, with a global product portfolio of more than 1,000 molecules and a direct presence in approximately 60 countries. Its specialty medicines businesses focus on central nervous system, respiratory, oncology, pain, and women's health therapeutic areas as well as biologics. The Teva Group currently employs approximately 45,000 people around the world and reached $20.3 billion in net revenues in 2013.
The disputed domain name was registered on January 19, 2015.
Well before the disputed domain was registered, the Complainant has been continuously the registered proprietor of the trademark TEVA in numerous countries, including in the United States of America, the location of the proxy service that the Respondent used to register the disputed domain name. Therefore, the Complainant is of the opinion it has established rights in its registered trademark under the Policy as of at least the filing date of its U.S. registration.
1. Confusing similarity.
According to the Complainant the disputed domain name is confusingly similar to the TEVA mark in which the Complainant has rights.
2. Rights to or Legitimate Interests.
The Complainant states the Respondent has no right to or legitimate interests in using the disputed domain name for cybercriminal activities consisting of phishing attacks on its own team members (or on anyone outside of the Teva Group).
While the disputed domain name has not yet been used to Complainant's knowledge to re-direct or host a phishing website per se, use of the dispute domain name as part of phishing email campaign (as opposed to a phishing website) to compromise corporate credit card information is no more of a legitimate interest than re-directing the domain name to a phishing website, or hosting a phishing site on the domain name. Until it was temporarily suspended by eNom after initiation of the proceeding, a reply to the email account hosted on the domain name was actually (unless disrupted already by Complainant) routed to the Respondent, and the mailbox constitutes an online location. Unless transferred, the Respondent can transfer the domain to another registrar and re-implement the phishing attack via other providers.
3. Registered and used in Bad Faith.
According to the Complainant the domain was registered with the malicious intent of profiting by disrupting Teva's business, specifically by spoofing its identity in executing phishing attacks within the Teva Group. Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal personal identity data and financial account credentials. The Respondent employed social engineering by pretending to be the head of talent acquisition within the U.S. subsidiary of the Teva Group. The Respondent employed technical subterfuge by using an email account "drew.lewis@us-teva.com" and using the disputed domain name to send emails attacking Teva team members with fraudulent travel requests in order to compromise corporate credit card information.
Respondent’s motive is to cash in on personal data obtained through cybercriminal activities. While any possible criminal aspect lies beyond the scope of the UDRP, use of a domain name to execute email phishing attacks is clearly a violation of the bad faith registration. There is also a deliberate attempt to use false contact information, which has at times been found to be grounds for bad faith use and registration under the Policy. The evidence on false contact information is additional grounds for bad faith registration and use in this case. Id. While this is not one of the enumerated grounds for bad faith under the Policy in paragraphs 4(b)(i-iv), paragraph 15(a) of the Rules gives the Panel the authority to find additional bad faith grounds where appropriate.
Therefore, Complainant has discharged its burden of proof under paragraph 4(a)(iii) of the Policy to show that the Respondent has registered and is using the disputed domain name in bad faith.
The Complainant TEVA PHARMACEUTICAL INDUSTRIES LTD. (“Complainant,” together with its subsidiaries, collectively, “Teva” or the “Teva Group”).
The Complainant states that when the proceeding was initiated, Whois Privacy Protection Service (eNom's backend service provider for proxy registration services) was the domain holder. A "proxy service" is a service through which a registered name holder licenses use of a registered name to the privacy/proxy customer in order to provide such customer use of the domain name, and the registered name holder's contact information is displayed in the Whois, rather than the privacy/proxy customer's contact information.
During the registrar verification process with eNom, however, it became clear that the beneficiary/customer/licensee of Whois Privacy Protection Service (defined in the 2013 as the "P/P Customer") use the account "cuvert.robert@gmail.com" to submit the registration request in the name of "Drew Lewis" in California, USA, but that according to historical Whois records (e.g., Annex 6, at BN29M-BN29P), the account "cuvert.robert@gmail.com" (the email address of the P/P customer) has also been used to register domain names in the name of "Cuvert Robert" in Front Royal, Great Britain, and "Edie Gross" in New York, USA. Therefore, the Complainant is reluctant to identify the Respondent (domain holder) by the name submitted to the proxy service by the P/P Customer because it may be an innocent persons' identity that was being misused to register the domain name.
Trademark/Service Mark Information:
Teva is a leading global pharmaceutical company, committed to increasing access to high-quality healthcare by developing, producing and marketing affordable generic drugs as well as innovative and specialty pharmaceuticals and active pharmaceutical ingredients. Headquartered in Israel, Teva is the world's leading generic drug maker, with a global product portfolio of more than 1,000 molecules and a direct presence in approximately 60 countries. Its specialty medicines businesses focus on central nervous system, respiratory, oncology, pain, and women's health therapeutic areas as well as biologics. The Teva Group currently employs approximately 45,000 people around the world and reached $20.3 billion in net revenues in 2013.
The disputed domain name was registered on January 19, 2015.
Well before the disputed domain was registered, the Complainant has been continuously the registered proprietor of the trademark TEVA in numerous countries, including in the United States of America, the location of the proxy service that the Respondent used to register the disputed domain name. Therefore, the Complainant is of the opinion it has established rights in its registered trademark under the Policy as of at least the filing date of its U.S. registration.
1. Confusing similarity.
According to the Complainant the disputed domain name is confusingly similar to the TEVA mark in which the Complainant has rights.
2. Rights to or Legitimate Interests.
The Complainant states the Respondent has no right to or legitimate interests in using the disputed domain name for cybercriminal activities consisting of phishing attacks on its own team members (or on anyone outside of the Teva Group).
While the disputed domain name has not yet been used to Complainant's knowledge to re-direct or host a phishing website per se, use of the dispute domain name as part of phishing email campaign (as opposed to a phishing website) to compromise corporate credit card information is no more of a legitimate interest than re-directing the domain name to a phishing website, or hosting a phishing site on the domain name. Until it was temporarily suspended by eNom after initiation of the proceeding, a reply to the email account hosted on the domain name was actually (unless disrupted already by Complainant) routed to the Respondent, and the mailbox constitutes an online location. Unless transferred, the Respondent can transfer the domain to another registrar and re-implement the phishing attack via other providers.
3. Registered and used in Bad Faith.
According to the Complainant the domain was registered with the malicious intent of profiting by disrupting Teva's business, specifically by spoofing its identity in executing phishing attacks within the Teva Group. Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal personal identity data and financial account credentials. The Respondent employed social engineering by pretending to be the head of talent acquisition within the U.S. subsidiary of the Teva Group. The Respondent employed technical subterfuge by using an email account "drew.lewis@us-teva.com" and using the disputed domain name to send emails attacking Teva team members with fraudulent travel requests in order to compromise corporate credit card information.
Respondent’s motive is to cash in on personal data obtained through cybercriminal activities. While any possible criminal aspect lies beyond the scope of the UDRP, use of a domain name to execute email phishing attacks is clearly a violation of the bad faith registration. There is also a deliberate attempt to use false contact information, which has at times been found to be grounds for bad faith use and registration under the Policy. The evidence on false contact information is additional grounds for bad faith registration and use in this case. Id. While this is not one of the enumerated grounds for bad faith under the Policy in paragraphs 4(b)(i-iv), paragraph 15(a) of the Rules gives the Panel the authority to find additional bad faith grounds where appropriate.
Therefore, Complainant has discharged its burden of proof under paragraph 4(a)(iii) of the Policy to show that the Respondent has registered and is using the disputed domain name in bad faith.
Parties Contentions
NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.
Rights
The Complainant has, to the satisfaction of the Panel, shown the Domain Name is identical or confusingly similar to a trademark or service mark in which the complainant has rights (within the meaning of paragraph 4(a)(i)of the Policy).
No Rights or Legitimate Interests
The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the Domain Name (within the meaning of paragraph 4(a)(ii)of the Policy).
Bad Faith
The Complainant has, to the satisfaction of the Panel, shown the Domain Name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii)of the Policy).
Procedural Factors
At the time of the commencement of this administrative proceeding, the publically available WhoIs details for the Domain Name recorded PRIVACY PROTECTION SERVICE, INC as registrant. In response to the CAC’s Registrar Verification request, the Registrar identified the underlying registrant as one “Drew Lewis”. The Complainant in its Complaint puts forward arguments as to why it should not be required to change the Respondent’s name in the Complaint. The Panel agrees that if the Complainant does not wish to change the Respondent’s name in the Complaint, it should not be forced to do so (see RapidShare AG, Christian Schmid v. PrivacyAnywhere Software, LLC, Mikhail Berdnikov WIPO Case No D2010-0894 and CAC decision No. 100221) .
Otherwise, the Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Otherwise, the Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Principal Reasons for the Decision
This is case where the Domain Name is confusingly similar to the Complainant's trade mark in that it incorporates the Complainant's trade mark in full. The Domain Name also incorporates the term US (which would most likely be read as an abbreviation for the United States) and the “.com” top level domain. However, these do not so change the way in which the Domain Name can be read so as to prevent a finding of confusing similarity (as to why this is the case see Research in Motion Limited v. One Star Global LLC WIPO Case No. D2009-022).
The Panel accepts the Complainant's contention that the Domain Name has being registered and used to dishonestly impersonate the Complainant. Evidence of that dishonest impersonation is provided in the form of an email in which the Respondent falsely claimed to be the "Head of Talent Acquisition - US" for the Complainant. In the circumstances, the Respondent has no right or legitimate interest in the Domain Name and the Domain Name's registration and use is in bad faith (see, for example, National Westminster Bank plc v. Royal Bank of Scotland WIPO Case No. D2013-0123).
The Panel accepts the Complainant's contention that the Domain Name has being registered and used to dishonestly impersonate the Complainant. Evidence of that dishonest impersonation is provided in the form of an email in which the Respondent falsely claimed to be the "Head of Talent Acquisition - US" for the Complainant. In the circumstances, the Respondent has no right or legitimate interest in the Domain Name and the Domain Name's registration and use is in bad faith (see, for example, National Westminster Bank plc v. Royal Bank of Scotland WIPO Case No. D2013-0123).
For all the reasons stated above, the Complaint is
Accepted
and the disputed domain name(s) is (are) to be
- US-TEVA.COM: Transferred
PANELLISTS
Name | Matthew Harris |
---|
Date of Panel Decision
2015-04-08
Publish the Decision