{ "case_number": "CAC-UDRP-103493", "time_of_filling": "2021-01-05 12:57:26", "domain_names": [ "INTESA-SECURITY.COM" ], "case_administrator": "Denisa Bilík (CAC) (Case admin)", "complainant": [ "Intesa Sanpaolo S.p.A." ], "complainant_representative": "Intesa Sanpaolo S.p.A.", "respondent": [ "Carmelo Cavallaro" ], "respondent_representative": null, "factual_background": "FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:\r\n\r\nThe Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.\r\n\r\nIntesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 37,4 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 5,360 branches capillary and well distributed throughout the Country, with market shares of more than 21% in most Italian regions, the Group offers its services to approximately 14.6 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1.000 branches and over 7,2 million customers. Moreover, the international network specialised in supporting corporate customers is present in 26 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India. \r\n\r\n\r\n\r\nThe Complainant is also the owner, among the others, of the following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”: I. All of them are now connected to the official website http:\/\/www.intesasanpaolo.com.\r\n\r\n\r\n\r\nOn May 26, 2020, the Respondent registered the domain name .\r\n\r\nIt is more than obvious that the domain name at issue is identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”. As a matter of fact, INTESA-SECURITY.COM exactly reproduces my Client’s well-known trademark “INTESA”, with the mere addition of the English descriptive term “SECURITY”.\r\n\r\nAs underlined by countless WIPO decisions, “ is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See, in this concern, Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.\r\n\r\nSeveral WIPO decisions also stated that the “Use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith” (Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 \/ Lauren Terrado). In particular, the UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. In this sense, it shall also bear in mind WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa, where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N\/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.\r\n\r\nIn conclusion, even excluding any current “phishing” purposes or other illicit use of the domain name in the present case (which, however, has been confirmed by Google Safe Browsing with a warning page), there is no other possible legitimate use of . The sole further aim of the owner of the domain name under consideration might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).\r\n\r\nIn the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.", "other_legal_proceedings": "The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.", "no_response_filed": "NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.\r\n\r\nIn this case, the Provider has employed the required measures to achieve actual notice of the Complaint to the Respondent, and the Respondent was given a fair opportunity to present its case.\r\n\r\nBy the Rules, paragraph 5(c)(i), it is expected of a respondent to: “[r]espond specifically to the statements and allegations contained in the complaint and include any and all bases for the Respondent (domain name holder) to retain registration and use of the disputed domain name…”\r\n\r\nIn this proceeding, the Respondent has not used the opportunity provided to it under the Rules and has not submitted a substantive Response addressing the contentions of the Complainant and the evidence submitted by it.", "rights": "The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).", "no_rights_or_legitimate_interests": "The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).", "bad_faith": "The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).", "procedural_factors": "The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.", "decision": "Accepted", "panelists": [ "Dr. jur. Harald von Herget" ], "date_of_panel_decision": "2021-02-15 00:00:00", "informal_english_translation": "The Complainant is the owner, among others, of the following registrations for the trademarks “INTESA”:\r\n\r\n- International trademark registration n. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in class 36; and\r\n\r\n- EU trademark registration n. 12247979 “INTESA”, applied on October 23, 2013 and granted on March 05, 2014, in classes 9, 16, 35, 36, 38, 41 and 42.", "decision_domains": { "INTESA-SECURITY.COM": "TRANSFERRED" }, "panelist": null, "panellists_text": null }