Decision for dispute CAC-UDRP-108209

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.

The Complainant owns several trademarks for the word 'ISY' as well as trademarks for 'ISY' in combination with other words, such as 'BANK', 'PRIME', 'SMART', 'LIGHT' and 'TECH'. These include EU trademark registration no. 018640470 'ISYBANK', which was registered on January 1, 2025, for various services in class 36 (hereinafter referred to as the "Trademark").

The Complainant is a leading Italian banking group. It is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two Italian banking groups. The Complainant has a market capitalization exceeding 101,38 billion Euro, provides its services to approximately 13,9 million customers, and is the leader in Italy with a network of approximately 2,800 branches and a market share of more than 13% in most Italian regions. Isybank S.p.A. is the Complainant's digital bank, dedicated to simplifying the management of
its customers’ accounts and banking operations. The main website of Isybank S.p.A. is available at https://www.isybank.com/it/,

The disputed domain name was registered on June 6, 2025, and is being used in connection with a phishing website.

COMPLAINANT:

The Complainant contends that the disputed domain name is identical to the Trademark, as it reproduces the well-known Trademark exactly.

Furthermore, the Complainant contends that the Respondent has no rights or legitimate interests in the disputed domain name. In this regard, the Complainant states that the disputed domain name does not correspond to the Respondent's name, that the Respondent is not commonly known as 'ISYBANK', and that the Respondent's use of the disputed domain name is neither non-commercial nor fair.

Finally, the Complainant contends that the disputed domain name was registered and is being used in bad faith. In this regard, the Complainant contends that the Trademark is distinctive and well known around the world, that it is more than likely that the disputed domain name would not have been registered if it were not for the Trademark, and that the Respondent had knowledge of the Trademark at the time of registering the disputed domain name.

 As to bad faith use, the Complainant states that the Respondent's use of the disputed domain name in connection with a phishing website is not bona fide under the Policy but rather indicates that the Respondent has intentionally attempted to attract, for commercial gain, Internet users to his web site, by creating a likelihood of confusion with the Trademark.

RESPONDENT:

No administratively compliant Response has been filed.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

Under paragraph 4(a) of the Policy, the Complainant must prove that each of the following three elements is present:

(i) the disputed domain name is identical or confusingly similar to the Complainant's trademark; and

(ii) the Respondent has no rights or legitimate interests in respect of the disputed domain name; and

(iii) the disputed domain name has been registered and is being used in bad faith.

1. The Panel accepts that the disputed domain name is identical to the Trademark as the second level of the disputed domain name comprises the Trademark alone. It is well established that the specific top-level domain name is generally not an element of distinctiveness that can be taken into consideration when evaluating the identity or confusing similarity between the complainant’s trademark and the disputed domain name.

2. The Complainant has substantiated that the Respondent has no rights or legitimate interests in the disputed domain name. The Panel finds that the Complainant has fulfilled its obligations under paragraph 4(a)(ii) of the Policy. The Respondent did not deny these assertions in any way and therefore failed to prove any rights or legitimate interests in the disputed domain name.

Based on the evidence before the Panel, the Panel cannot find any rights or legitimate interests of the Respondent either. In particular, it is categorically proven that the use of a domain name for illegal activity, i.e. for 'phishing' can never confer rights or legitimate interests on a respondent. Accordingly, the Panel finds that the Complainant has proven that the Respondent has no rights or legitimate interests in respect of the disputed domain name under paragraphs 4(a)(ii) and 4(c) of the Policy.

3. The Panel is also satisfied that the Respondent registered the disputed domain name with full knowledge of the Complainant and its rights in the Trademark as the Trademark is highly distinctive and well established and as the Respondent is deliberately targeting the Complainant's digital bank and the corresponding app. It is inconceivable that the disputed domain name was registered without having the Complainant and the Trademark in mind.

As to bad faith use, by using the disputed domain name in connection with a phishing website, the Respondent was, in all likelihood, trying to divert traffic intended for the Complainant’s website to its own for commercial gain as set out under paragraph 4(b)(iv) of the Policy. The use of a domain name in connection with a phishing website is widely recognised as constituting bad faith under paragraph 4(b)(iv) of the Policy.