Complainant is Verimatrix, Inc., United States of America (“United States”), represented by KPPB LLP, United States.
Respondent is Contact Privacy Inc. Customer 0156131035, Contact Privacy Inc. Customer 0156131035, Canada / Name Redacted1.
The disputed domain name <varimatrix.com> is registered with Tucows Inc. (the “Registrar”).
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on January 16, 2020. On January 16, 2020, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On January 16, 2020, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to Complainant on January 17, 2020, providing the registrant and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on January 22, 2020.
The Center verified that the Complaint, together with the amended Complaint, satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on January 22, 2020. In accordance with the Rules, paragraph 5, the due date for Response was February 11, 2020. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on February 12, 2020.
The Center appointed Lawrence K. Nodine as the sole panelist in this matter on February 17, 2020. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
Complainant is a global software security company with offices in France, the United States, Germany, and Singapore. Complainant owns numerous trademark registrations for VERIMATRIX in the United States, including, for example, Registration No. 3,024,002, registered on December 6, 2005, and Registration No. 3,496,359, registered on September 2, 2008. Since 2002, Complainant has used the VERIMATRIX mark in connection with its goods and services.
Respondent registered the disputed domain name <varimatrix.com> on November 4, 2019. The disputed domain name does not resolve to an active website.
On the day Respondent registered the disputed domain name, five third parties reportedly received emails from an address incorporating the disputed domain name (“[employee.name]@varimatrix.com”). The emails, purportedly from an employee of Complainant, asked the recipients to send details for payment. The signature block included Complainant’s logo and references to “Verimatrix, Inc” of San Jose, California.
Complaint asserts that it has established rights in the mark VERIMATRIX and that the disputed domain name is confusingly similar to its VERIMATRIX mark, merely replacing the “e” in Complainant’s mark with an “a”.
Complainant also asserts that Respondent lacks rights or legitimate interests in respect of the disputed domain name. Complainant has not licensed or authorized Respondent’s use of the VERIMATRIX mark. According to Complainant, Respondent has not used or made demonstrable preparations to use the disputed domain name in connection with a bona fide offering of goods or services, but has instead used the disputed domain name to send phishing emails to Complainant’s clients.
As to Respondent’s bad faith, Complainant contends that Respondent has used the disputed domain to conduct deceptive and illegal activity. According to Complainant, Respondent registered and is using the disputed domain name to steal money from Complainant’s clients by misleading them into believing Complainant has requested payment information. Complainant further contends that, at the time Respondent registered the disputed domain name, Respondent provided a false name to correspond to the name of one of Complainant’s employees.
Respondent did not reply to Complainant’s contentions.
Complainant’s trademark registrations establish that it has rights in the VERIMATRIX mark. The disputed domain name is confusingly similar to the VERIMATRIX mark. Replacing one letter in Complainant’s mark does not dispel the confusing similarity.
Complainant has satisfied paragraph 4(a)(i) of the Policy.
Complainant has presented a prima facie case for Respondent’s lack of rights or legitimate interests in the disputed domain name, which Respondent has failed to rebut. Use of a disputed domain name for phishing purposes “can never confer rights or legitimate interests on a respondent.” WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 2.13.
Complainant has satisfied paragraph 4(a)(ii) of the Policy.
Respondent registered and has used the disputed domain name in bad faith. The evidence establishes Respondent was aware of Complainant’s VERAMITRIX mark at the time Respondent registered the disputed domain name. On the same date that Respondent registered the disputed domain name, Respondent sent solicitations for payment via email to five of Complainant’s clients. Respondent included Complainant’s logo and the correct spelling of Complainant’s mark in the body of the emails. Respondent even used the name of one of Complainant’s employees to make the solicitation for payment more convincing. This evidence supports the inference that Respondent registered the disputed domain name to create a false association with Complainant to conduct a phishing scheme.
Phishing is clear evidence of bad faith registration and use. See L’OrĂ©al v. Cimpress Schweiz GmbH, WIPO Case No. DCO2017-0021(“It is established case law that the use of a disputed domain name for the purpose of defrauding Internet users by the operation of a ‘phishing scheme’ is perhaps the clearest evidence of registration and use of a domain name in bad faith.”).
The Panel finds that the disputed domain name was registered and used in bad faith.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <varimatrix.com> be transferred to Complainant.
Lawrence K. Nodine
Sole Panelist
Date: March 2, 2020
1 As Respondent may have been the victim of identity theft, the Panel has decided to redact Respondent’s name from the caption and body of this decision. However, the Panel has attached as Annex 1 to this Decision an instruction to the Registrar regarding transfer of the disputed domain name, which includes the name of the registrant according to the Registrar’s WhoIs database. See ASOS plc. v. Name Redacted, WIPO Case No. D2017-1520. The Panel has authorized the Center to transmit Annex 1 to the Registrar as part of the Decision in this proceeding and has indicated that Annex 1 to this Decision shall not be published due to the exceptional circumstances of this case.