Complainant is Independent Health Association Inc. of Williamsville, New York, United States of America (“United States”), represented by CSC Digital Brand Services AB, Sweden.
Respondent is Registration Private, Domains By Proxy, LLC of Scottsdale, Arizona, United States / [K. A.] of Buffalo, New York, United States.
The disputed domain name <independenthealthcorporation.com> (the “Disputed Domain Name”) is registered with GoDaddy.com, LLC (the “Registrar”).
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on August 10, 2016. On August 11, 2016, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On the same date, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent (Registration Private, Domains By Proxy, LLC) and contact information in the Complaint. The Center sent an email communication to Complainant on August 12, 2016 providing the registrant ([K. A.]) and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on August 12, 2016.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on August 19, 2016. In accordance with the Rules, paragraph 5, the due date for Response was September 8, 2016. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on September 9, 2016.
The Center appointed Douglas M. Isenberg as the sole panelist in this matter on September 22, 2016. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
Complainant states that it is “a not-for-profit health plan founded in 1977” that changed its name to “Independent Health Association, Inc.” on September 28, 1978; that it “covers close to 400,000 individuals, both in New York and across the United States, with more than 100 plans, services and products”; that it was recognized by J.D. Power in 2016 as “the highest-ranked plan for member satisfaction in the New York-New Jersey region”; and that it “maintains a strong web presence through its website located at its primary domain name <independenthealth.com>,” which received more than 10 million visits in May 2016.
Complainant states, and provides evidence to support, that it is the owner of numerous trademark registrations that consist of or include the words “independent health” (the “INDEPENDENT HEALTH Trademark”), including United States Reg. No. 1,814,250 (registered December 28, 1993) for use in connection with “health care services rendered by a health maintenance organization.”
The Disputed Domain Name was created on February 17, 2016.
Complainant states, and provides evidence to support, that the Disputed Domain Name is not being used in connection with an active website but is being used “to send emails as part of a phishing scheme, fraudulently creating the impression that such emails originated from Complainant,” specifically, that the emails used the email address “humanresource@independenthealthcorporation.com” and “informed the recipient that they were being considered for a job opening and requested they join a remote interview session being hosted through Google-Hangouts.”
Complaint contends, in relevant part, as follows:
- The Disputed Domain Name is confusingly similar to the INDEPENDENT HEALTH Trademark because, inter alia,inclusion of the word “corporation” in the Disputed Domain Name is simply a “generic, descriptive term” that “is closely linked and associated with Complainant’s brand and trademark only serves to underscore and increase the confusing similarity between the Disputed Domain Name and the Complainant’s trademark.”
- The Respondent has no rights or legitimate interests in respect of the Disputed Domain Name because, inter alia, “Respondent is not sponsored by or affiliated with Complainant in any way”; “Respondent is not commonly known by the Disputed Domain Name” according to “Whois data for the Disputed Domain Name”; Respondent “has not demonstrated any attempt to make legitimate use of the domain name and website, which evinces a lack of rights or legitimate interests in the Disputed Domain Name”; and Respondent “has used the Disputed Domain Name to send emails as part of a phishing scheme, fraudulently creating the impression that such emails originated from Complainant.”
- In relation to the phishing scheme, Complainant states that “it is important to note that the individual names used in the phishing email are in fact real people. […] At a minimum, it demonstrates that Respondent is attempting to pose as various real people so as to lend the phishing scheme more legitimacy with the intended recipient”. Complainant has annexed a screenshot of a “Linked-In” profile of the person whose name was used for the registration of the Disputed Domain Name and names used in the phishing emails.
- The Disputed Domain Name was registered and is being used in bad faith because, inter alia, “Respondent has demonstrated a knowledge of and familiarity with Complainant’s brand and business” and “[i]n light of the facts set forth within this Complaint, it is ‘not possible to conceive of a plausible situation in which the Respondent would have been unaware of’ the Complainant’s brands at the time the Disputed Domain Name was registered”; “at the time of registration of the Disputed Domain Name, the Respondent knew, or at least should have known, of the existence of the Complainant’s trademarks and that registration of domain names containing well-known trademarks constitutes bad faith per se”; “Respondent has registered and used the Disputed Domain Name for purposes of launching a phishing attack, which is clear evidence of bad faith registration and use”; “passively holding a domain name can constitute a factor in finding bad faith registration and use”; “[t]he Disputed Domain Name can only be taken as intending to cause confusion among Internet users as to the source of the Disputed Domain Name, and thus, the Disputed Domain Name must be considered as having been registered and used in bad faith”; “Respondent, at the time of initial filing of the Complaint, had employed a privacy service to hide its identity, which past Panels have held serves as further evidence of bad faith registration and use”; and “it is more likely than not that the Respondent knew of and targeted Complainant’s trademark, and Respondent should be found to have registered and used the Disputed Domain Name in bad faith.”
Respondent did not reply to Complainant’s contentions.
Pursuant to the Policy, Complainant is required to prove the presence of each of the following three elements to obtain the relief it has requested: (i) the Disputed Domain Name is identical or confusingly similar to a trademark or service mark in which Complainant has rights; (ii) Respondent has no rights or legitimate interests in respect of the Disputed Domain Name; and (iii) the Disputed Domain Name has been registered and is being used in bad faith. Policy, paragraph 4(a).
The Panel notes Complainant’s evidenced submission that the Disputed Domain Name was registered by a third-party without the involvement of the person identified by the Registrar as the underlying registrant of the Disputed Domain Name. Under these circumstances, the Panel finds that this person is not the proper Respondent in this case. Accordingly, the Panel has redacted the name of that person from this decision, references to Respondent in this decision are to the unknown person who registered the Disputed Domain Name.
Based upon the trademark registrations cited by Complainant, it is apparent that Complainant has rights in and to the INDEPENDENT HEALTH Trademark.
As to whether the Disputed Domain Name is identical or confusingly similar to the INDEPENDENT HEALTH Trademark, the relevant comparison to be made is with the second-level portion of this domain name only (i.e., “independenthealthcorporation”), as it is well established that the Top-Level Domain (i.e., “.com”) may generally be disregarded for this purpose. See the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition (“WIPO Overview 2.0”), paragraph 1.2 (“[t]he applicable top-level suffix in the domain name (e.g., ‘.com’) would usually be disregarded under the confusing similarity test (as it is a technical requirement of registration), except in certain cases where the applicable top-level suffix may itself form part of the relevant trademark.”)
As previous UDRP panels have found, inclusion of the word “corporation” in a disputed domain name is a “nondistinctive word[]” that “do[es] nothing to differentiate the Domain Name or to diminish or negate the confusing similarity between the Domain Name and Complainant’s trademark.” Allstate Insurance Company v. lowprintruns.com denny lee / PrivacyProtect.org, WIPO Case No. D2011-0897 (transfer of <theallstatecorporation.com>). See also, e.g., Red Bull GmbH v. Mario Maranda, WIPO Case No. D2008-0941 (transfer of <redbullcorporation.com>).
Accordingly, the Panel finds that Complainant has proven the first element of the Policy.
Complainant has argued that Respondent has no rights or legitimate interests in respect of the Disputed Domain Name because, inter alia, “Respondent is not sponsored by or affiliated with Complainant in any way”; “Respondent is not commonly known by the Disputed Domain Name” according to “Whois data for the Disputed Domain Name”; Respondent “has not demonstrated any attempt to make legitimate use of the domain name and website, which evinces a lack of rights or legitimate interests in the Disputed Domain Name”; and Respondent “has used the Disputed Domain Name to send emails as part of a phishing scheme, fraudulently creating the impression that such emails originated from Complainant.”
Under the Policy, “a complainant is required to make out a prima facie case that the respondent lacks rights or legitimate interests. Once such prima facie case is made, the burden of production shifts to the respondent to come forward with appropriate allegations or evidence demonstrating rights or legitimate interests in the domain name. If the respondent fails to come forward with such appropriate allegations or evidence, a complainant is generally deemed to have satisfied paragraph 4(a)(ii) of the UDRP.” WIPO Overview 2.0, paragraph 2.1.
The Panel finds that Complainant has established its prima facie case and without any evidence from Respondent to the contrary, the Panel is satisfied that Complainant has satisfied the second element of the Policy.
Whether a domain name is registered and used in bad faith for purposes of the Policy may be determined by evaluating four (non-exhaustive) factors set forth in the Policy:
(i) circumstances indicating that the respondent has registered or the respondent has acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of the respondent’s documented out-of-pocket costs directly related to the domain name; or
(ii) the respondent has registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that the respondent has engaged in a pattern of such conduct; or
(iii) the respondent has registered the domain name primarily for the purpose of disrupting the business of a competitor; or
(iv) by using the domain name, the respondent has intentionally attempted to attract, for commercial gain, Internet users to the respondent’s website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of the respondent’s website or location or of a product or service on the registrant’s website or location.
Policy, paragraph 4(b).
In this case, Complainant argues that bad faith exists pursuant to, among other things, paragraph 4(b)(iv) of the Policy. While the Panel believes that there are multiple grounds on which it could find bad faith, the Panel is most strongly persuaded by the undisputed fact that Respondent has used the Disputed Domain Name in connection with a phishing attack using the Disputed Domain Name as an email address “to masquerade as Complainant in an attempt to solicit sensitive information from unsuspecting people” as part of an employment scam. Numerous previous UDRP panels have not hesitated to find such conduct bad faith. For example, in Accor v. Paul Hocevar, WIPO Case No. D2012-0025, the panel wrote:
“Though the Domain Name is inactive, the Respondent uses an email address in relation with the Domain Name for recruitment services as an official member of Complainant to attract job hunters to apply for jobs through said email address. The Panel finds that the Respondent’s behavior may cause consumers to mistakenly believe that the Domain Name is owned by the Complainant and the bad faith is established.”
See also, e.g., Vifor (International) Ltd. v. Glenn Freeman, WIPO Case No. D2014-2065 (“Complainant has produced evidence that the disputed domain name has been used as a support to an email address used for impersonating Complainant, which was linked to bogus job advertisements on a third party website purportedly posted by Complainant”).
Accordingly, the Panel finds that Complainant has proven the third element of the Policy.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Disputed Domain Name, <independenthealthcorporation.com>, be transferred to Complainant.
Douglas M. Isenberg
Sole Panelist
Date: October 4, 2016