WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

Banca Mediolanum S.p.A. v. Rita Espsoto/ BlueHost.com- Inc

Case No. D2010-0966

1. The Parties

The Complainant is Banca Mediolanum S.p.A. of Milan, Italy, represented internally.

The Respondent is Rita Espsoto of Palermo, Italy.

2. The Domain Name and Registrar

The disputed domain name <bmediolanum.com> is registered with FastDomain, Inc.

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on June 11, 2010. On June 14, 2010, the Center transmitted by email to FastDomain, Inc. a request for registrar verification in connection with the disputed domain name. On June 14, 2010, FastDomain, Inc. transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on July 2, 2010 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amendment to the Complaint on July 5, 2010. The Center verified that the Complaint together with the amendment to the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2(a) and 4(a), the Center formally notified the Respondent of the Complaint, and the proceedings commenced on July 8, 2010. In accordance with the Rules, paragraph 5(a), the due date for Response was July 28, 2010. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on July 29, 2010.

The Center appointed Fabrizio Bedarida as the sole panelist in this matter on August 5, 2010. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant was established in 1997 and is now one of the leading Italian Banking groups.

The Complainant’s community trademark BANCA MEDIOLANUM & DEVICE was granted on October 1, 2008.

The disputed domain name was registered on June 1, 2010.

5. Parties’ Contentions

A. Complainant

The Complainant claims that:

1) The domain name <bmediolanum.com> is almost identical to the trademark BANCA MEDIOLANUM, as it combines the letter “B” , which is the first letter of the word “banca” (i.e. bank) with the term “mediolanum” which is identical to the distinctive part of the Complainant’s trademark.

2) The Respondent has no rights or legitimate interests in the domain name <bmediolanum.com>.

3) The Respondent is not commonly known by the disputed domain name. Moreover, the Respondent does not have any affiliation, association, sponsorship or connection with the Complainant and has not been authorized, licensed or otherwise permitted by the Complainant to register the concerned domain name and to use it.

4) The domain name <bmediolanum.com> is not used for bona fide offerings.

5) The domain name <bmediolanum.com> is registered and is being used in bad faith.

6) The Respondent has intentionally attempted to attract, for commercial gain, Internet users to her website, by creating a likelihood of confusion with the Complainant’s trademarks as to the source, sponsorship, affiliation, or endorsement of the website.

7) The Respondent had knowledge of the Complainant’s trademarks at the time of the registration of the disputed domain name.

8) The Respondent used the disputed domain name to start a phishing activity1.

9) The Respondent engaged a phishing attack to the Complainant’s clients, by sending fraudulent emails that redirect to the domain name at stake, to the URL “http://bmediolanum.com/ContoFreedom/HomeBanking/homebm.html”. In the above site, the Respondent recreated a page that looked very similar to the Complainant’s official site.

The Complainant requests to issue a decision that the domain name <bmediolanum.com> be transferred to Complainant.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

A. Identical or Confusingly Similar

The Complainant has established that it has prior rights in the trademark BANCA MEDIOLANUM and has stated that the disputed domain name is almost identical to it.

In order to substantiate this claim, the Complainant has argued that in Italy the abbreviation of the term “banca” is commonly made by using only the first letter, i.e. the letter “b”.

This Panel agrees with the Complainant’s contention that replacing the term “banca” with the sole letter “b” (that in this field often stands as an abbreviation for Banca/Bank/Banque), is not sufficient to avoid confusion.

Accordingly, the Panel finds that the Complainant has satisfied paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests

The Complainant must show that the Respondent has no rights or legitimate interests in respect of the disputed domain name. The respondent in a UDRP proceeding does not assume the burden of proof, but may establish a right or legitimate interest in a disputed domain name by demonstrating in accordance with paragraph 4(c) of the Policy:

(a) that before any notice to the respondent of the dispute, he or she used or made preparations to use the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services;

(b) that the respondent is commonly known by the domain name, even if he or she has not acquired any trademark rights; or

(c) that the respondent intends to make a legitimate, non commercial or fair use of the domain name without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark.

The Respondent has no connection or affiliation with the Complainant, which has not licensed or otherwise authorised the Respondent to use or apply for any domain name incorporating the Complainant’s trademark. The Respondent does not appear to be commonly known as “bmediolanum” or by a similar name and she has not alleged any facts or elements to justify rights and/or legitimate interest in the disputed domain name. The Respondent does not appear to make any legitimate use of the domain name for non commercial activities. Finally, the Respondent has not replied to the Complaint, proved or at least alleged in any other way any right in the disputed domain name.

Accordingly, the Panel finds that the Complainant has satisfied paragraph 4(a)(ii) of the Policy.

C. Registered and Used in Bad Faith

For the purpose of paragraph 4(a)(iii) of the Policy, the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:

(i) circumstances indicating that the holder has registered or has acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the Complainant who is the owner of the trademark or service mark or to a competitor of that Complainant, for valuable consideration in excess of the holder’s documented out-of-pocket costs directly related to the domain name; or

(ii) the holder has registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that the holder has engaged in a pattern of such conduct; or

(iii) the holder has registered the domain name primarily for the purpose of disrupting the business of a competitor; or

(iv) by using the domain name, the holder has intentionally attempted to attract, for commercial gain, Internet users to the holder’s web site or other online location, by creating a likelihood of confusion with the Complainant’s mark as to the source, sponsorship, affiliation, or endorsement of the holder’s web site or location or of a product or service on the holder’s web site or location.

Accordingly, for a complainant to succeed, the panel must be satisfied that the domain name has been registered and is being used in bad faith.

Considering the notoriety of the Complainant’s trademarks in Italy (where the Respondent is located), their extensive use also on the web through domain name registrations containing and/or corresponding to the Complainant’s trademarks and in the absence of contrary evidence, the Panel finds that the Respondent had actual knowledge of the Complainant’s trademarks when she registered the disputed domain name.

The Panel, in accordance with previous decisions issued under the UDRP, is of the opinion that actual knowledge of the Complainant’s trademarks and activities at the time of the registration of the disputed domain may be considered an inference of bad faith. See Parfums Christian Dior v. Javier Garcia Quintas and Christiandior.net, WIPO Case No. D2000-0226 and Sony Kabushiki Kaisha also trading as Sony Corporation v. Inja, Kil, WIPO Case No. D2000-1409 “It is inconceivable that the Respondent could make any active use of the disputed domain name without creating a false impression of association with the Complainant. The Respondent was not authorized by the Complainant to use neither its mark nor the disputed domain name”.

In addition, the Panel agrees with Complainant’s assertion and UDRP jurisprudence that phishing attacks constitute proof of both bad faith registration and use in bad faith. In this sense Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa WIPO Case No. D2006-0614 where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv). “Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities. See Halifax Plc. v. Sontaja Sanducl, WIPO Case No. D2004-0237; CareerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251; Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871; and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228.”

Accordingly, the Panel finds on the basis of the evidence presented that the Complainant has satisfied paragraph 4(a)(iii) of the Policy.

7. Decision

For all the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the domain name, <bmediolanum.com> be transferred to the Complainant.

Fabrizio Bedarida
Sole Panelist
Dated: August 11, 2010


1 In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. - Source Wikipedia.