Decision for dispute CAC-UDRP-105163

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.

The Complainant is the owner, among others, of the following registrations for the trademarks “INTESA SANPAOLO” and “INTESA”:

- International trademark registration n. 920896 “INTESA SANPAOLO”, granted on March 7, 2007 and duly renewed, in connection with classes 9, 16, 35, 36, 38, 41 and 42;

- International trademark registration n. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in connection with class 36;

- EU trademark registration n. 5301999 “INTESA SANPAOLO”, filed on September 8, 2006, granted on June 18, 2007 and duly renewed, in connection with the classes 35, 36 and 38;

- EU trademark registration n. 12247979 “INTESA”, filed on October 23, 2013 and granted on March 5, 2014, in connection with classes 9, 16, 35, 36, 38, 41 and 42.

The Complainant is also the owner, among others, of the following domain names containing the marks “INTESA SANPAOLO” and “INTESA”: INTESASANPAOLO.COM, .ORG, .EU, .INFO, .NET and .BIZ; INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET and .BIZ, and INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME. All of them are connected to the website http://www.intesasanpaolo.com.

The Complainant's contentions can be summarised as follows:

IDENTICAL OR CONFUSINGLY SIMILAR

The disputed domain name is confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA” exactly reproducing the well-known trademark “INTESA SANPAOLO”, with the mere addition of the generic Italian expression “SBLOCCATO CARTA” (meaning “unlocked card”) referencing the banking and financial services provided by Intesa Sanpaolo S.p.A. to its customers.

THE RESPONDENT HAS NO RIGHTS OR LEGITIMATE INTERESTS IN RESPECT OF THE DISPUTED DOMAIN NAME

The Respondent has no rights in the disputed domain name. Nobody has been authorized or licensed by the Complainant to use the disputed domain name.

The disputed domain name does not correspond to the name of the Respondent and the Respondent is not commonly known as “INTESASANPAOLO-SBLOCCATO-CARTA”.

There are no fair or non-commercial uses of the dispute domain name.

THE DISPUTED DOMAIN NAME WAS REGISTERED AND IS USED IN BAD FAITH

The webpage connected to the disputed domain name is currently blocked by Google Safe Browsing because of suspected phishing activity.

The Complainant’s trademarks “INTESA SANPAOLO” and “INTESA” are distinctive and well known all around the world. The fact that the Respondent has registered a domain name that is confusingly similar to them indicates that the Respondent had knowledge of the Complainant’s trademark at the time of registration of the disputed domain name. In addition, if the Respondent had carried even a basic Google search in respect of the wordings “INTESA SANPAOLO” and “INTESA”, the same would have yielded obvious references to the Complainant. This raises a clear inference of knowledge of the Complainant’s trademark on the part of the Respondent. Therefore, it is more than likely that the disputed domain name would not have been registered if it were not for Complainant’s trademark. This is a clear evidence of registration of the domain name in bad faith.

In addition, the disputed domain name is not used for any bona fide offerings. More particularly, there are present circumstances indicating that, by using the disputed domain name, the Respondent has intentionally attempted to attract, for commercial gain, Internet users to her web site, by creating a likelihood of confusion with the Complainant's mark as to the source, sponsorship, affiliation, or endorsement of his web site (par. 4(b)(iv) of the Policy).

The disputed domain name is not used for any bona fide offerings, considering that the same is connected to a website which has been blocked by Google Safe Browsing through a warning page.

It is clear that the main purpose of the Respondent was to use the above website for “phishing” financial information in an attempt to defraud the Complainant’s customers and that Google promptly stopped the illicit activity carried out by the Respondent.

As underlined by countless WIPO decisions, “<Phishing> is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.

Several WIPO decisions also state that the “Use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith” (see Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado). In particular, the UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. See also WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa, where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.

Even excluding any current “phishing” purposes or other illicit use of the domain name in the present case (which, however, has been confirmed by Google Safe Browsing with a warning page) there is no other possible legitimate use of INTESASANPAOLO-SBLOCCATO-CARTA.COM. The sole further aim of the owner of the disputed domain name might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).

In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.

NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

The disputed domain name registered in 2022 is confusingly similar to the Complainant's INTESA SANPAOLO mark (registered, inter alia, in the EU for financial services since 2007) adding only the generic Italian term “SBLOCCATO CARTA” (meaning “unlocked card”) and the gTLD .com neither of which prevents confusing similarity between the Domain Name and the Complainant's mark. 

The Respondent is not authorised by the Complainant or commonly known by the disputed domain name. 

The site attached to the disputed domain name has been blocked for phishing which cannot be a bona fide offering of goods or services or a non commercial legitimate fair use. It is registration and use in bad faith per se.