Decision for dispute CAC-UDRP-103393

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.

The Complainant claims ownership of over 900 active trademark registrations for PEPSI-variant marks including the following:

- PEPSI, United States of America Trademark Registration No. 824,150, dated February 14, 1967, in Class 32;

- PEPSICO (& DESIGN), United States of America Trademark Registration No. 3026568, dated December 13, 2005, Classes 16, 18, and 25; and

- PEPSICO (& Design), European Union Trademark Registration No. 013357637, dated March 13, 2015, Classes 16, 29, 30, 32, 35, 36, and 41.

The Complainant is one of the world's most iconic and recognized consumer brands globally. It was founded in 1898 and has become a leading supplier of food and beverage products, including its flagship PEPSI soft drinks which were created in 1911. Products produced by the Complainant are enjoyed by consumers more than one billion times a day in more than 200 countries and territories around the world. The Complainant also owns numerous registrations for its PEPSI and PEPSICO trademarks, both in standard characters as well as with design elements covering a variety of food and beverage products as well as related goods. Widespread recognition and numerous awards and honors have been enjoyed and bestowed upon the Complainant.

The disputed domain name <pepsicoinc.com> was created on September 30, 2020. The disputed domain name does not resolve to any website content. However, phishing emails have been sent to some of the Complainant’s suppliers using an address that incorporates the <pepsicoinc.com> domain name.

NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

A. The disputed domain name is confusingly similar to a trademark or service mark in which the Complainant has rights

Paragraph 4(a)(i) of the Policy requires that the Complainant demonstrates its ownership of trademark rights and that the disputed domain name is confusingly similar to such trademark. Boehringer Ingelheim Animal Health France / Merial v. S Jon Grant, 103255 (CAC Sep. 30, 2020) (“it is imperative that the Complainant provides evidence that it has rights in a trade mark or service mark, following which the Panel shall assess whether or not the disputed domain name is identical or confusingly similar to the Complainant’s trade mark(s).”).

The Complainant has submitted screenshots from the website of the United States Patent and Trademark Office (“USPTO”) as evidence that it owns rights to its asserted trademarks. The disputed domain name, which was registered long subsequent to the existence of the Complainant’s trademark rights, reproduce Complainant’s trademarks in their entirety and merely add the letters “inc” as a suffix, as well as the “.com” TLD. Thus, the Complainant asserts that the second level of the disputed domain name is confusingly similar to the asserted trademarks and will lead internet users to wrongly believe that the disputed domain name is endorsed by the Complainant. Prior panels have found confusing similarity under similar fact situations. RTI Surgical, Inc. v. Brent C Fisher, William D. Tressel, D2020-2397 (WIPO Nov. 9, 2020) (“The addition of the dictionary term “inc” does not prevent a finding of confusing similarity with Complainant’s mark.”).

Also, the extension “.com” typically adds no meaning to the second level of a disputed domain name and may be disregarded in the paragraph 4(a)(i) analysis. Novartis AG v. Wei Zhang, 103365 (CAC Dec. 9, 2020) (“it is generally accepted that the addition of the top-level suffix in the domain name (e.g., ‘.com’) is to be disregarded under the confusing similarity test”).

Accordingly, the Panel finds that the Complainant has rights to its claimed trademarks and that the addition made thereto in the disputed domain name is insufficient to avoid a finding that it is identical or confusingly similar to the Complainant’s trademarks. Thus, the Complainant has satisfied paragraph 4(a)(i) of the Policy.

B. The Respondent has no rights or legitimate interests in respect of the disputed domain name

Pursuant to paragraph 4(a)(ii) of the Policy, a complainant has the burden of making a prima facie showing that the respondent has no rights or legitimate interests in a domain name. Cephalon, Inc. v. RiskIQ, Inc., 100834 (CAC September 12, 2014). Once this burden is met, it then shifts to the respondent to demonstrate that it does have rights or legitimate interests in the domain name.

Paragraph 4(c) of the Policy offers the Respondent several examples of how to demonstrate its rights or legitimate interests to the disputed domain name.

With reference to Paragraph 4(c)(ii) of the Policy the Complaint states that the Respondent has not received any license or authorization to use the Complainant´s trademarks. The Respondent has not participated in this case and so it does not contest this. As such, the Panel concludes that the Respondent is not affiliated with the Complainant, nor is it authorized or licensed to use the Complainant’s trademark or to seek registration of any domain name incorporating the aforementioned trademarks. Furthermore, the Whois record for the disputed domain name identifies the Registrant as Tim Keana. There is no evidence that the Respondent is known otherwise. Based upon the available evidence in this case, the Panel cannot conclude that the Respondent is commonly known by the disputed domain name or that it has any rights to the Complainant’s trademark.

Next, under Paragraphs 4(c)(i) and 4(c)(iii) of the Policy the Panel considers whether the Respondent is using the disputed domain name to make a bona fide offering of goods or services or whether it is making a legitimate non-commercial or fair use of the disputed domain name. Attempting to pass oneself off as a Complainant in phishing emails seeking to acquire goods from one of the Complainant’s vendors is not considered a bona fide offering of goods or services under paragraph 4(c)(i) or (iii) of the Policy. See Emerson Electric Co. v. Adilcon Rocha, FA 1735949 (FORUM July 11, 2017) (finding that the Respondent’s attempt to pass itself off as the Complainant through emails does not constitute a bona fide offering of goods or services and, as such, the Respondent lacked rights or legitimate interests in the disputed domain name). The disputed domain name does not resolve to any website content. However, the Complainant claims that the Respondent has engaged in “Business Email Compromise (BEC) fraud – also known as email account compromise (EAC)”. The Complainant has provided a copy of an email, sent from the address procurement@pepsicoinc.com within less than a month from when the disputed domain name was created, that seeks “pricing for the following items” from one of the Complainant’s suppliers, and then goes on to list certain data servers, hard drives, and memory modules. This was sufficiently suspicious as to cause the supplier to bring the email to the Complainant’s attention and inquire if it is a legitimate inquiry. The Complainant also notes the use of a false alias name in this email followed by the title “Executive Vice President and Chief Science Officer, PepsiCo, Inc”. For its part, Respondent has filed no Reply or made any other submission in this case to explain its actions or otherwise refute Complainant’s claims. Therefore, based upon a preponderance of the available evidence, the Panel finds that the Respondent does not use the disputed domain name for any bona fide offering of goods or services under Policy paragraphs 4(c)(i) or (iii).

Further, the Complainant points out that the disputed domain name does not resolve to any website content. Resolving a disputed domain name to an error page or to no content at all is also not a bona fide use thereof. See Kohler Co. v xi long chen, FA 1737910 (FORUM Aug. 4, 2017) (where the disputed domain name resolves to an inactive webpage displaying the message “website coming soon!” the Panel held that the ”Respondent has not made a bona fide offering of goods or services, or a legitimate non-commercial or fair use of the domain.”) In light of the other circumstances of this case, the non-resolution of the confusingly similar disputed domain name leads the Panel to find further support for the conclusion that the Respondent has not demonstrated any rights or legitimate interests therein under Policy paragraphs 4(c)(i) or (iii).

For all of the above-stated reasons, this Panel finds, by a preponderance of the evidence, that the Complainant has made a prima facie showing under Paragraph 4(a)(ii) of the Policy and that the Respondent has not refuted this to show that it has any rights or legitimate interests in the disputed domain name.

C. The disputed domain name was registered and is being used in bad faith

The Complainant argues that the Respondent registered the disputed domain name in bad faith, as it had actual knowledge of the Complainant’s rights in its asserted trademarks at that time. Actual knowledge of rights in a trademark at the time of registering a disputed domain name is generally sufficient as a foundation upon which to build a case for bad faith under Policy paragraph 4(a)(iii), and can be demonstrated through such actions as a respondent’s use of a well-known mark in its disputed domain name to send phishing emails to business partners of a Complainant. See AutoZone Parts, Inc. v. Ken Belden, FA 1815011 (FORUM Dec. 24, 2018) (the “Complainant contends that Respondent’s knowledge can be presumed in light of the substantial fame and notoriety of the AUTOZONE mark, as well as the fact that Complainant is the largest retailer in the field. The Panel here finds that Respondent did have actual knowledge of Complainant’s mark, demonstrating bad faith registration and use under Policy paragraph 4(a)(iii).”) See also Spectrum Brands, Inc. v. Guo Li Bo, FA 1760233 (FORUM January 5, 2018) (“[T]he fact Respondent registered a domain name that looked identical to the SPECTRUM BRANDS mark and used that as an email address to pass itself off as Complainant shows that Respondent knew of Complainant and its trademark rights at the time of registration.”) The Complainant argues that in light of the notoriety and global fame of its trademarks, along with the Respondent’s use of the disputed domain name to send a fraudulent email to the Complainant’s own supplier, the Respondent must have registered the disputed domain name with actual knowledge of the Complainant’s trademark rights. The Complainant submits into evidence documents showing that its flagship trademark is ranked at No. 22 on the Interbrand Best Global Brands 2019 and 2017 and that it is ranked at No. 30 on Forbes magazine’s list of the World’s Most Valuable Brands for 2017. It also submits a copy of the Respondent’s phishing email which uses the address procurement@pepsicoinc.com. In light of this evidence, the Panel finds that the Respondent registered the disputed domain name with actual knowledge of the Complainant’s trademarks.

Next, the Complainant argues that the Respondent registered and uses the disputed domain name in bad faith under paragraph 4(b)(iv) of the Policy by engaging in a phishing scheme in pursuit of commercial gain based upon a likelihood of confusion with its trademarks. Using a disputed domain name to pass oneself off as a Complainant in emails attempting to further a phishing scheme is generally considered bad faith disruption as well as the seeking of commercial gain based on trademark confusion under paragraphs 4(b)(iv) of the Policy. See Qatalyst Partners LP v. Devimore, FA 1393436 (FORUM July 13, 2011) (finding that using the disputed domain name as an e-mail address to pass itself off as the Complainant in a phishing scheme is evidence of bad faith registration and use under paragraph 4(b)(iv) of the Policy). As noted above, the Complainant provides a copy of an email sent from an address that impersonates the Complainant and attempts to acquire goods from one of the Complainant’s suppliers by requesting a price quote for certain items. Therefore, the Panel finds that the Respondent has sought commercial gain by creating a likelihood of confusion with the Complainant’s trademarks as to the source of its phishing email under paragraph 4(b)(iv) of the Policy.

Further, the failure to actively use a disputed domain name can be evidence of bad faith registration and use pursuant to paragraph 4(a)(iii) of the Policy. See Dermtek Pharmaceuticals Ltd. v. Sang Im / Private Registration, FA 1522801 (FORUM Nov. 19, 2013) (holding that because the respondent’s website contained no content related to the domain name and instead generated the error message “Error 400- Bad Request,” the respondent had registered and used the disputed domain name in bad faith pursuant to paragraph 4(a)(iii) of the Policy). As there is no evidence that the disputed domain name has resolved to any website content, the Panel finds further support for its holding that the Respondent registered and uses this disputed domain name in bad faith under paragraph 4(a)(iii) of the Policy.

Next, the Complainant argues that the “the mere registration of a domain name incorporating a typo of PEPSICO, a famous and widely-known trademark by an unaffiliated entity creates a presumption of bad faith…” Section 3.1.4 of the WIPO Overview 3.0 states that “mere registration of a domain name that is identical or confusingly similar (particularly domain names comprising typos or incorporating the mark plus a descriptive term) to a famous or widely-known trademark by an unaffiliated entity can by itself create a presumption of bad faith”. Also see Vivendi v. Stott.Inc, 103286 (CAC Oct. 20, 2020) (disputed domain name vivendiusa.com presumed to have been registered in bad faith based upon the fame of the Complainant’s VIVENDI trademark). Of course, presumptions may be rebutted but the Respondent has not filed a Response or made any other submission in the present case. As such, this presumption stands and further supports the conclusion that the disputed domain name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy.

Finally, the Complainant asserts that, despite the lack of any website that resolve from the disputed domain name, “in this case, merely configuring mail servers on a domain name evidences that the domain name is being used for the generation of custom email accounts, and that bad faith regarding the use of a domain name can be found with uses other than websites, such as where a Respondent uses a domain name to send deceptive emails…” Prior decisions have inferred an intent to use disputed domain names for the sending of email based upon the creation of associated MX records. In The Standard Bank of South Africa Limited v. N/A / mark gersper, FA 1467014 (FORUM Dec. 5, 2012), the Panel noted that the “Complainant contends this phishing could be carried out via email and not just through a website. Complainant has examined the domain name’s MX records and they apparently allow the transmission of email, which would not be necessary if the domain name was merely parked. The Panel finds Complainant’s allegations about the possibility of Respondent using the disputed domain name for phishing sufficient…” This inference has been adopted in other decisions. See, e.g., Pepsico, Inc. v. Allen Othman, 102380 (CAC Apr. 25, 2019) (“The Complainant submits, fairly, that the preparatory steps in relation to email addresses could enable the inappropriate sending or receipt of email communications purporting to emanate from, or intending to be received by, the Complainant. These preparatory steps (configuring ‘MX’ or mail exchange records) have [been] considered in relation to ‘use’ for the purposes of the Policy by other Panels, which the present Panel has considered of its own motion.”). In the present case, the Complainant submits screenshots showing that MX records have been created for the disputed domain name thus indicating that it may be used for the sending and receiving of email. While, in the abstract, the creation of such records does not indicate any ill intent, in the circumstances of the present case where a phishing email has been sent by the Respondent these MX records do require some further explanation which the Respondent has not provided. As such, the Panel finds that the existence of MX records for the disputed domain name further supports the conclusion that the disputed domain name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy.