WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
LogMeIn, Inc. v. Withheld for Privacy Purposes, Privacy service provided by Withheld for Privacy ehf / Felipe Jackson
Case No. D2021-2186
1. The Parties
Complainant is LogMeIn, Inc., United States of America (“United States”), represented by Day Pitney LLP, United States.
Respondent is Withheld for Privacy Purposes, Privacy service provided by Withheld for Privacy ehf, Iceland / Felipe Jackson, United States.
2. The Domain Name and Registrar
The Disputed Domain Name <auth-lastpass.com> is registered with NameCheap, Inc. (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on July 7, 2021. On July 8, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Disputed Domain Name. On July 8, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Disputed Domain Name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to Complainant on July 9, 2021, providing the registrant and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on July 13, 2021.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on July 19, 2021. In accordance with the Rules, paragraph 5, the due date for Response was August 8, 2021. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on August 12, 2021.
The Center appointed Richard W. Page as the sole panelist in this matter on August 18, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background
Complainant, along with all related subsidiaries and affiliates, is a leading global provider of software and software-as-a-service (“SaaS”) of cloud-based remote connectivity. Founded in 2003, Complainant has grown to become one of the world’s top SaaS companies, with platform and products that support two million users each day.
Complainant owns and operates the LastPass password manager, which is offered to customers over the Internet, via software plug-ins, and through mobile applications. In operation since 2008, LastPass is among the world’s most popular password managers, serving over 7 million users worldwide.
Complainant has widely used and promoted the LASTPASS Mark throughout the United States and internationally, and has secured trademark registrations for the same in connection with goods and services related to password management and security software.
Shortly after its registration in May 2021, Complainant became aware of the Disputed Domain Name, which included the LASTPASS Mark in its entirety paired only with the term “auth”.
The Disputed Domain Name was registered on May 12, 2021.
5. Parties’ Contentions
A. Complainant
Complaint contends that the Disputed Domain Name is confusingly similar to the LASTPASS Mark pursuant to paragraph 4(a)(i) of the Policy.
Complainant further contends that it has a registration for the LASTPASS Mark in the United States as Trademark Registration No. 4514427, registered on April 15, 2014 with a date of first use on August 15, 2008. In addition, Complainant own registrations of the LASTPASS Mark in Australia (Registration No. 1840784), Brazil (Registration No. 912200723), Canada (Registration No. TMA 1042981), the European Union (Registration No. 1341702), India (Registration No. 3540377) and the United Kingdom (Registration No. UK00801341702).
Complainant further contends that the Disputed Domain Name is confusingly similar because the entirety of the LASTPASS Mark is contained in the Disputed Domain Name. Complainant further contends that the term “auth” and the generic Top-Level Domain (“gTLD”) “.com” do not distinguish the Disputed Domain Name from the LASTPASS Mark. Complainant further contends that the term “auth” suggests that the source of the website content and/or communications is from an “authenticated” or “authorized” LastPass account.
Complainant asserts that Respondent lacks rights and legitimate interests in the Disputed Domain Name pursuant to paragraph 4(a)(ii) of the Policy.
Complainant’s initial concern over the Disputed Domain Name was increased when attempts to visit the website to which the Disputed Domain Name resolved displayed a warning: “Deceptive site ahead”, suggesting that “[a]ttackers on auth-lastpass.com may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone number, or credit cards)”. Similar notices appear regardless of the type of browser used to visit the Disputed Domain Name website.
Complainant’s concern was further heightened when an MX record search of the Domain Name System (“DNS”) record indicated that the Disputed Domain Name is configured for email capabilities.
Given the construction of the Disputed Domain Name, notice of deceptive content at the website and the Disputed Domain Name’s email capabilities, Complainant can only conclude that the Disputed Domain Name was registered and is being used to deceive unsuspecting victims into providing sensitive username and password information under the guise of being an “authorized” LastPass account.
Complainant further asserts that Respondent has used the website to which the Disputed Domain Name resolves to host malicious content, and/or set up for email capabilities presumably to exploit confusion with the LastPass password management software to further solicit login credentials from unsuspecting LastPass software users.
Complainant further asserts that the fact that MX records are associated with the Disputed Domain Name suggests that Respondent is capable of using the Disputed Domain Name to send emails, which cannot be bona fide as any email address using the Disputed Domain Name could only be use for confusing purposes.
Complainant further asserts that an infringing use of the LASTPASS Mark cannot give rise to a right or legitimate interest on the part of Respondent. Respondent is making an infringing use of the LASTPASS Mark connection with the term “auth” to suggest that the source behind the Disputed Domain Name is “authorized” or “authenticated” by Complainant’s LastPass software network.
Complainant further asserts Respondent is not commonly known by the name LASTPASS or AUTH-LASTPASS. Complainant further asserts Respondent has no relation with Respondent and there is nothing to suggest that Respondent has ever made use of the name LASTPASS, other than in connection with the unauthorized registration and suspected fraudulent use of the Disputed Domain Name.
Complainant further asserts that there is no evidence to suggest that Respondent owns any trademark or service mark registration for LASTPASS, nor any variation thereof. Respondent does not have a license, permission or authorization from Complainant to use the LASTPASS Mark.
Complainant further asserts that Respondent’s registration and use of the Disputed Domain Name cannot be considered “fair use” as it falsely suggests affiliation with Complainant and the LASTPASS Mark.
Complainant alleges that Respondent has registered and used the Disputed Domain Name in bad faith, pursuant to paragraph 4(a)(iii) of the Policy.
Complainant further alleges that the evidence of bad faith is in the elements not included in paragraph 4(b) of the Policy. Additional considerations include (a) the incorporation of the entire LASTPASS Mark plus a descriptive term in the Disputed Domain Name, (b) the content of any website to which the Disputed Domain Name resolves, (c) whether there is a credible explanation of Respondent’s choice of the Disputed Domain Name. Complainant cites section 3.2.1 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”).
B. Respondent
Respondent did not reply to Complainant’s contentions.
6. Discussion and Findings
Paragraph 15(a) of the Rules instructs the Panel as to the principles the Panel is to use in determining the dispute: “A Panel shall decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules, and any rules and principles of law that it deems applicable”.
Even though Respondent has failed to file a Response or to contest Complainant’s assertions, the Panel will review the evidence proffered by Complainant to verify that the essential elements of the claims are met. See section 4.3 of the WIPO Overview 3.0.
Paragraph 4(a) of the Policy directs that Complainant must prove each of the following:
i) that the Disputed Domain Name registered by Respondent is identical or confusingly similar to LASTPASS Mark in which Complainant has rights; and,
ii) that Respondent has no rights or legitimate interests in respect of the Disputed Domain Name; and,
iii) that the Disputed Domain Name has been registered and is being used in bad faith.
A. Identical or Confusingly Similar
Complainant contends that the Disputed Domain Name is confusingly similar to the LASTPASS Mark pursuant to paragraph 4(a)(i) of the Policy.
Section 1.2.1 of the WIPO Overview 3.0 states that registration of a trademark is prima facie evidence of Complainant having enforceable rights in the LASTPASS Mark.
Complainant has set forth several registrations of the LASTPASS Mark, which is undisputed by Respondent. Therefore, the Panel finds that complainant has enforceable rights in the LASTPASS Mark for purposes of this proceeding.
The Panel further finds that the entirety of the LASTPASS Mark is included within the Disputed Domain Name, with the addition of the term “auth”.
Section 1.7 of the WIPO Overview 3.0 says that inclusion of the entire trademark in a domain name will be considered confusingly similar. Also, section 1.8 of the WIPO Overview 3.0 instructs that the addition of other terms (whether descriptive, geographical, pejorative, meaningless or otherwise) does not prevent a finding of confusing similarity. Also, section 1.11.1 of the WIPO Overview 3.0 instructs that gTLDs such as “.com” may be disregarded for purposes of assessing confusing similarity.
Based upon this record, the Panel finds that the Disputed Domain Name is confusingly similar to the LASTPASS Mark and that Complainant has satisfied the requirements of paragraph 4(a)(i) of the Policy.
B. Rights or Legitimate Interests
Complainant contends that Respondent has no rights or legitimate interest in the Disputed Domain Name pursuant to paragraph 4(a)(ii) of the Policy.
Section 2.1 of the WIPO Overview 3.0 states that once Complainant makes a prima facie case in respect of the lack of rights or legitimate interests of Respondent, Respondent carries the burden of demonstrating it has rights or legitimate interests in the Disputed Domain Name. Where Respondent fails to do so, Complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy.
Paragraph 4(c) of the Policy allows three non-exclusive methods for the Panel to conclude that Respondent has rights or legitimate interests in the Disputed Domain Name:
(i) before any notice to you [Respondent] of the dispute, your use of, or demonstrable preparations to use, the Disputed Domain Name or a name corresponding to the Disputed Domain Name in connection with a bona fide offering of goods or services; or
(ii) you [Respondent] (as an individual, business, or other organization) have been commonly known by the Disputed Domain Name, even if you have acquired no trademark or service mark rights; or
(iii) you [Respondent] are making a legitimate noncommercial or fair use of the Disputed Domain Name, without intent for commercial gain to misleadingly divert consumers or to tarnish the LASTPASS Mark.
Complainant asserts that Respondent has used the website to which the Disputed Domain Name resolves to host malicious content, and/or set up for email capabilities presumably to exploit confusion with the LastPass password management software to further solicit login credentials from unsuspecting LastPass software users.
Complainant further asserts that the fact that MX records are associated with the Disputed Domain Name suggests that Respondent is capable of using the Disputed Domain Name to send emails, which cannot be bona fide as any email address using the Disputed Domain Name could only be use for confusing purposes.
Complainant further asserts that an infringing use of the LASTPASS Mark cannot give rise to a right or legitimate interest on the part of Respondent. Complainant alleges that Respondent is making an infringing use of the LASTPASS Mark connection with the term “auth” to suggest that the source behind the Disputed Domain Name is “authorized” or “authenticated” by Complainant’s LastPass software network.
Complainant further asserts that Respondent is not commonly known by the name LASTPASS or AUTH-LASTPASS. Complainant further asserts that Respondent has no relation with Complainant and there is nothing to suggest that Respondent has ever made use of the name LASTPASS, other than in connection with the unauthorized registration and suspected fraudulent use of the Disputed Domain Name.
Complainant further asserts that there is no evidence to suggest that Respondent owns any trademark or service mark registration for LASTPASS, nor any variation thereof. Respondent does not have a license, permission or authorization from Complainant to use the LASTPASS Mark.
Complainant further asserts that Respondent’s registration and use of the Disputed Domain Name cannot be considered “fair use” as it falsely suggests affiliation with Complainant and the LASTPASS Mark.
The Panel finds that Complainant has made a prima facie showing under paragraph 4(a)(ii) of the Policy.
Respondent has not contested Complainant’s assertions or offered any explanation why it registered the Disputed Domain Name.
Therefore, the Panel finds that Complainant has satisfied the requirements of paragraph 4(a)(ii) of the Policy.
C. Registered and Used in Bad Faith
Paragraph 4(b) of the Policy sets forth four non-exclusive criteria for Complainant to show bad faith registration and use of the Disputed Domain Name.
Complainant states that the evidence of bad faith is in the elements not included in paragraph 4(b) of the Policy. Additional considerations include (a) the incorporation of the entire LASTPASS Mark plus a descriptive term in the Disputed Domain Name, (b) the content of the website to which the Disputed Domain Name resolves contains malicious software, (c) there is no credible explanation of Respondent’s choice of the Disputed Domain Name. Complainant cites section 3.2.1 of the WIPO Overview 3.0.
The four criteria set forth in the Policy paragraph 4(b) are non-exclusive. See, Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003 (“Telstra”). In addition to these criteria, other factors alone or in combination can support a finding of bad faith.
The Panel finds that Complainant has shown sufficient evidence that Respondent is acting in bad faith under section 3.2.1 of the WIPO Overview 3.0. Respondent has offered no explanation of its registration and/or use of the Disputed Domain Name.
Therefore, the Panel finds that Complainant has proven the required elements of paragraph 4(a)(iii).
7. Decision
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Disputed Domain Name, <auth-lastpass.com> be transferred to Complainant.
Richard W. Page
Sole Panelist
Date: August 27, 2021