The Complainant is KPMG International Cooperative, Netherlands, represented by Taylor Wessing, United Kingdom.
The Respondent is “Angelina Jolie”, Angeljolie LLC., United States of America.
The disputed domain name <kpmg-eu.com> is registered with BigRock Solutions Pvt Ltd. (the “Registrar”).
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on May 27, 2020. On May 27, 2020, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On May 28, 2020, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on June 3, 2020 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on June 4, 2020. In response to a notification by the Center that the Complaint was administratively deficient, the Complainant filed an amended Complaint on June 8, 2020.
The Center verified that the Complaint together with the amended Complaints satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on June 9, 2020. In accordance with the Rules, paragraph 5, the due date for Response was June 29, 2020. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on June 30, 2020.
The Center appointed Tobias Malte Müller as the sole panelist in this matter on July 7, 2020. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
The Complainant KPMG International Cooperative, based in the Netherlands, is one of the four worldwide leading providers of audit, tax and advisory services. The KPMG network is formed of member firms licenced by the Complainant to use the KPMG trademark and, according to the Complaint, currently the Complainant operates in approximately 147 countries, having more than 219,000 employees. The combined global revenues of KPMG member firms in 2018 were USD 28.96 billion.
The Complainant holds numerous trademark registrations consisting of the four letters KPMG worldwide such as:
- European Union Trademark registration number 1011220, filed on December 3, 1998 and registered on April 25, 2000, for goods and services in International Classes 9, 16, 35, 36, 41, 42; and
- United States of America Trademark registration number 2339547, filed on July 3, 1997 and registered on April 11, 2000, for goods and services in International Classes 9, 16, 35, 36, 41 and 42.
The Registrar disclosed in its verification response that the disputed domain name was registered on March 6, 2020. It further results from the Complainant’s documented allegations that the disputed domain name does not resolve to an active website, but was used for sending fraudulent emails.
The Complainant provided evidence of a fraudulent email being sent from an email address associated with the disputed domain name ([…] @kpmg-eu.com) on at least three occasions in an attempt to fraudulently obtain payment from one of the Complainant’s clients by way of an email scam. The Scam Email sought to illicit bank details from the recipient. It stated that the Respondent was contacting the client on behalf of KPMG UK impersonating a genuine employee of the Complainant in respect of an unpaid invoice issued in February 2020 and that the client should respond to the email as soon as possible. The Complainant's IT security team investigated this Scam Email and identified it as malware.
The Complainant contends that the disputed domain name is confusingly similar to the Complainant’s KPMG trademark, since it incorporates that trademark identically combined with the geographic indication “eu”. The inclusion of the letters “eu” with the name KPMG conveys the meaning that the disputed domain name relates to KPMG’s services within the European Union.
The Complainant further contends that the Respondent has no prior rights or legitimate interests in the disputed domain name. In particular, there is no evidence that the Respondent uses the disputed domain name in connection with a bona fide offering of goods or services. To the contrary, according to the Complainant’s non-contested allegations the disputed domain name is solely used for the purpose of hosting an email address which is used for a fraudulent phishing scam scheme. Furthermore, there is no credible evidence that the Respondent has been – or no credible legitimate basis on which the Respondent could be – commonly known by the disputed domain name.
Finally, the Complainant contends that the disputed domain name was registered and is being used in bad faith. In particular, the trademark KMPG is well-known so that the Respondent has registered the disputed domain name with full knowledge of the Complainant’s trademark KPMG. Furthermore, the Respondent has used the disputed domain name for a fraudulent phishing scam scheme and attempted to pass off as one of the Complainant’s employees to contact one of the Complainant’s clients and obtain undue information and benefits. According to the Complainant, using a domain name for purposes of phishing or other fraudulent activity constitutes solid evidence of bad faith use.
The Respondent did not reply to the Complainant’s contentions.
Paragraph 15(a) of the Rules instructs this Panel to “decide a complaint on the basis of the statements and documents submitted and in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable”. Paragraph 4(a) of the Policy requires a complainant to prove each of the following three elements in order to obtain an order that the disputed domain name be transferred or cancelled:
(i) the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and
(ii) the Respondent has no rights or legitimate interests in respect of the disputed domain name; and
(iii) the disputed domain name has been registered and is being used in bad faith.
The Panel will therefore proceed to analyze whether the three elements of paragraph 4(a) of the Policy are satisfied.
Pursuant to paragraph 4(a)(i) of the Policy, the Complainant must, first of all, establish rights in a trademark or service mark and, secondly, establish that the disputed domain name is identical or confusingly similar to a trademark in which the Complainant has rights.
It results from the evidence provided that the Complainant is the registered owner of several registered trademarks consisting of the four letters KPMG, namely European Union Trademark (No. 001011220, filed on December 3, 1998 and registered on April 25, 2000, for goods and services in International Classes 9, 16, 35, 36, 41, 42) and United States of America Trademark (No. 2339547, filed on July 3, 1997 and registered on April 11, 2000, for goods and services in International Classes 9, 16, 35, 36, 41 and 42). Both marks have been duly renewed and are in force. These trademarks largely predate the creation date of the disputed domain name, which is March 6, 2020.
Many UDRP panels have found that a disputed domain name is confusingly similar to a complainant’s trademark where the disputed domain name incorporates the complainant’s trademark in its entirety (e.g., “Dr. Martens” International Trading GmbH and “Dr. Maertens” Marketing GmbH v. Elliot Elliot, WIPO Case No. D2018-0213; F. Hoffmann-La Roche AG v. Jason Barnes, ecnopt, WIPO Case No. D2015-1305; Compagnie Générale des Etablissements Michelin v. Christian Viola, WIPO Case No. D2012-2102; Volkswagen AG v. Nowack Auto und Sport - Oliver Nowack, WIPO Case No. D2015-0070; The Chancellor, Masters and Scholars of the University of Oxford v. Oxford College for PhD Studies, WIPO Case No. D2015-0812; Rhino Entertainment Company v. DomainSource.com, Inc., WIPO Case No. D2006-0968; SurePayroll, Inc. v. Texas International Property Associates, WIPO Case No. D2007-0464). This Panel shares this view and notes that the Complainant’s registered trademark KMPG is fully included in the disputed domain name.
Finally, it is the view of this Panel that the combination of the trademark KPMG with the geographic term “eu” does not avoid the confusing similarity between the disputed domain name and the Complainant’s trademark. The term “eu” is the two-letter country abbreviation for the European Union. It will therefore be understood as a mere geographic term (see Association des Centres Distributeurs E. Leclerc - A.C.D. Lec v. pierre patron, WIPO Case No. D2019-2017).
In the light of the above, the Panel finds that the disputed domain name is confusingly similar to a trademark in which the Complainant has rights.
Pursuant to paragraph 4(a)(ii) of the Policy, the Complainant must secondly establish that the Respondent has no rights or legitimate interests in respect of the disputed domain name.
Paragraph 4(c) of the Policy contains a non-exhaustive list of circumstances which, if found by the Panel to be proved, shall demonstrate the Respondent’s rights or legitimate interests to the disputed domain name. In the Panel’s view, based on the undisputed allegations stated above, the Complainant has made a prima facie case that none of these circumstances are found in the case at hand and, therefore, that the Respondent lacks rights or legitimate interests in the disputed domain name:
First, the Panel notes that there is no evidence in the record or WhoIs information showing that the Respondent might be commonly known by the disputed domain name in the sense of paragraph 4(c)(ii) of the Policy.
Furthermore, no content is displayed on the website to which the disputed domain name resolves. Such use can neither be considered a bona fide offering of goods or services nor a legitimate noncommercial or fair use of the disputed domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue in the sense of paragraph 4(c)(i) and (iii) of the Policy (see, e.g., Sanofi, Genzyme Corporation v. Domain Privacy, WIPO Case No. D2016-1193). In addition, the Respondent’s concealment of its identity behind a privacy service is also taken in consideration, and this Panel finds that it is most likely that the Respondent selected the disputed domain name with the intention to take advantage of the Complainant’s registered trademark KMPG by registering a domain name consisting of that trademark with the intent to attract Internet users for commercial gain.
Finally, it results from the undisputed evidence before the Panel that the disputed domain name has been used for sending fraudulent emails. In fact, the Complainant submitted substantial evidence of such illegal activities by providing email correspondence sent from an email account under the disputed domain name. This email correspondence has been signed with the name of a genuine employee of the Complainant and in the name of “KPMG United Kingdom”. UDRP panels have categorically held that the use of a domain name for illegal activity can never confer rights or legitimate interests on a respondent (see Jcdecaux SA v. Whois Privacy Protection Foundation / Anderson Paul, WIPO Case No. D2019-1143 and WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”) at section 2.13.1 with further references). The Panel considers the evidence provided which has remained undisputed as sufficient to support the Complainant’s credible claim of the Respondent’s illegal activity.
Previous UDRP panels have found that once the Panel finds a prima facie case is made by a complainant, the burden of production under the second element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the disputed domain name. Since the Respondent in the case at hand failed to come forward with any allegations or evidence, this Panel finds, in the circumstances of this case, that the Respondent has no rights or legitimate interests in the disputed domain name.
The Complainant has therefore satisfied paragraph 4(a)(ii) of the Policy.
According to paragraph 4(a)(iii) of the Policy, the Complainant must thirdly establish that the disputed domain name has been registered and is being used in bad faith. The Policy indicates that certain circumstances specified in paragraph 4(b) of the Policy may, “in particular but without limitation”, be evidence of the disputed domain name’s registration and use in bad faith.
One of those circumstances are those specified in paragraph 4(b)(iv), i.e. where the domain name is used to intentionally attempt to attract, for commercial gain, Internet users to the respondent’s website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of the respondent’s website or location or of a product or service on the respondent’s website or location.
This Panel approves the approach taken by previous UDRP panels following which the use of a domain name for purposes other than to host a website may constitute bad faith. Such purposes include sending email, phishing, identity theft, or malware distribution. Many such cases involve the respondent’s use of the domain name to send deceptive emails, e.g., to obtain sensitive or confidential personal information from prospective job applicants, or to solicit payment of fraudulent invoices by the complainant’s actual or prospective customers (see WIPO Overview 3.0 at section 3.4). As explained under sections 5.B and 6.B. above, it results from the undisputed evidence submitted by the Complainant that the disputed domain name has been used for sending fraudulent phishing emails in the name of the Complainant by using its company name KPMG and the name of an existing employee. In addition, the use of the disputed domain name in such an illegal phishing scam scheme additionally demonstrates that the Respondent not only knew of the Complainant, its business and marks, but also attempted to pass itself off as the Complainant (see Jcdecaux SA v. Whois Privacy Protection Foundation / Anderson Paul, WIPO Case No. D2019-1143; Virgin Enterprises Limited v. Registration Private, Domains by Proxy, LLC / Name Redacted, WIPO Case No. D2018-0645).
Finally, the further circumstances surrounding the disputed domain name’s registration and use confirm the findings that the Respondent has registered and is using the disputed domain name in bad faith. In fact, (1) the Respondent originally used a privacy service hiding its identity; (2) it further registered the disputed domain name by using the name of a famous American actress, and, finally (3) the Respondent did not provide any response with conceivable explanation of its behavior.
Consequently, the Panel finds that the disputed domain name has been registered and is being used in bad faith pursuant to paragraph 4(a)(iii) of the Policy. The Complainant is therefore deemed to also have satisfied the third element, paragraph 4(a)(iii) of the Policy.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <kpmg-eu.com> be transferred to the Complainant.
Tobias Malte Müller
Sole Panelist
Date: July 21, 2020