| Case number | CAC-UDRP-104209 |
|---|---|
| Time of filing | 2021-12-02 09:38:11 |
| Domain names | INTESASANPAOLO-ONLINE.COM |
Case administrator
| Organization | Denisa Bilík (CAC) (Case admin) |
|---|
Complainant
| Organization | Intesa Sanpaolo S.p.A. |
|---|
Complainant representative
| Organization | Intesa Sanpaolo S.p.A. |
|---|
Respondent
| Name | Susanne John |
|---|
Other Legal Proceedings
The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.
Identification Of Rights
The Complainant is the owner of the following trademarks:
- International trademark registration no. 920896 “INTESA SANPAOLO”, granted on March 7, 2007, in classes 9, 16, 35, 36, 38, 41 and 42;
- International trademark registration no. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in connection with class 36;
- EU trademark registration no. 5301999 “INTESA SANPAOLO”, applied on September 8, 2006 and granted on June 18, 2007, in classes 35, 36 and 38; and
- EU trademark registration no. 12247979 “INTESA”, filed on October 23, 2013 and granted on March 5, 2014, in connection with classes 9, 16, 35, 36 38, 41 and 42.
The Complainant also owns following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”:
- <INTESASANPAOLO.COM, INTESASANPAOLO.ORG, INTESASANPAOLO.EU, INTESASANPAOLO.INFO, INTESASANPAOLO.NET, INTESASANPAOLO.BIZ>
- <INTESA-SANPAOLO.COM, INTESA-SANPAOLO.ORG, INTESA-SANPAOLO.EU, INTESA-SANPAOLO.INFO, INTESA-SANPAOLO.NET, INTESA-SANPAOLO.BIZ>
- <INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME>.
All of the above domain names are connected to the Complainant’s official website <www.intesasanpaolo.com>.
- International trademark registration no. 920896 “INTESA SANPAOLO”, granted on March 7, 2007, in classes 9, 16, 35, 36, 38, 41 and 42;
- International trademark registration no. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in connection with class 36;
- EU trademark registration no. 5301999 “INTESA SANPAOLO”, applied on September 8, 2006 and granted on June 18, 2007, in classes 35, 36 and 38; and
- EU trademark registration no. 12247979 “INTESA”, filed on October 23, 2013 and granted on March 5, 2014, in connection with classes 9, 16, 35, 36 38, 41 and 42.
The Complainant also owns following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”:
- <INTESASANPAOLO.COM, INTESASANPAOLO.ORG, INTESASANPAOLO.EU, INTESASANPAOLO.INFO, INTESASANPAOLO.NET, INTESASANPAOLO.BIZ>
- <INTESA-SANPAOLO.COM, INTESA-SANPAOLO.ORG, INTESA-SANPAOLO.EU, INTESA-SANPAOLO.INFO, INTESA-SANPAOLO.NET, INTESA-SANPAOLO.BIZ>
- <INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME>.
All of the above domain names are connected to the Complainant’s official website <www.intesasanpaolo.com>.
Factual Background
FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:
The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.
Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 47,8 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). It has a network of approximately 4,200 branches capillary and well distributed throughout the country, with market shares of more than 17% in most Italian regions. The Intesa Sanpaolo group offers its services to approximately 13,5 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1,000 branches and over 7,1 million customers.
Its international network specialises in supporting corporate customers and is present in 25 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.
The disputed domain name <INTESASANPAOLO-ONLINE.COM> was registered on July 21, 2021.
The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.
Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 47,8 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). It has a network of approximately 4,200 branches capillary and well distributed throughout the country, with market shares of more than 17% in most Italian regions. The Intesa Sanpaolo group offers its services to approximately 13,5 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1,000 branches and over 7,1 million customers.
Its international network specialises in supporting corporate customers and is present in 25 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.
The disputed domain name <INTESASANPAOLO-ONLINE.COM> was registered on July 21, 2021.
Parties Contentions
NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.
Rights
The Complainant has, to the satisfaction of the Panel, shown that the disputed domain name is identical to or confusingly similar to a trademark or service mark in which the complainant has rights within the meaning of paragraph 4(a)(i) of the Policy.
The Complainant contends that the disputed domain name is identical, or at least, confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”.
The disputed domain name reproduces the Complainant’s trademark “INTESASANPAOLO”, interposed by the hyphen, with the addition of the term “ONLINE”. The use of the term “ONLINE” is essentially descriptive, which together with the hyphen, in the Panel’s view can be disregarded for the purposes of considering the essential question here, i.e. whether the use of the term “INTESANSAOPAOLO” in the disputed domain name is identical or confusingly similar to the Complainant’s trademark.
The Complainant has asserted that the main purpose of the Respondent was to use the disputed domain name website for “phishing” financial information in an attempt to defraud the Complainant’s customers and that Google promptly stopped the illicit activity carried out by the Respondent. No challenge has been made by the Respondent to the Complainant’s assertion as it has not filed any administrative compliant response.
Given the evidence adduced by the Complainant of its extensive portfolio of trademarks and wide business networks which the Panel accepts as evidencing the strength of its reputation, and coupled with the undisputed assertion that the Respondent is using the disputed domain name for “phishing” purposes, the Panel accepts and finds that the use of the term “INTESASANPAOLO” in the disputed domain name, disregarding the use of the hyphen and descriptive term “ONLINE”, is identical to the Complainant’s trademarks.
In any event, the disputed domain name being used by the Respondent as a “phishing” website would likely create customer confusion and therefore gives considerable weight to the Panel’s finding that the disputed domain name taken as a whole is also confusingly similar to the Complainant’s trademarks.
The Complainant contends that the disputed domain name is identical, or at least, confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”.
The disputed domain name reproduces the Complainant’s trademark “INTESASANPAOLO”, interposed by the hyphen, with the addition of the term “ONLINE”. The use of the term “ONLINE” is essentially descriptive, which together with the hyphen, in the Panel’s view can be disregarded for the purposes of considering the essential question here, i.e. whether the use of the term “INTESANSAOPAOLO” in the disputed domain name is identical or confusingly similar to the Complainant’s trademark.
The Complainant has asserted that the main purpose of the Respondent was to use the disputed domain name website for “phishing” financial information in an attempt to defraud the Complainant’s customers and that Google promptly stopped the illicit activity carried out by the Respondent. No challenge has been made by the Respondent to the Complainant’s assertion as it has not filed any administrative compliant response.
Given the evidence adduced by the Complainant of its extensive portfolio of trademarks and wide business networks which the Panel accepts as evidencing the strength of its reputation, and coupled with the undisputed assertion that the Respondent is using the disputed domain name for “phishing” purposes, the Panel accepts and finds that the use of the term “INTESASANPAOLO” in the disputed domain name, disregarding the use of the hyphen and descriptive term “ONLINE”, is identical to the Complainant’s trademarks.
In any event, the disputed domain name being used by the Respondent as a “phishing” website would likely create customer confusion and therefore gives considerable weight to the Panel’s finding that the disputed domain name taken as a whole is also confusingly similar to the Complainant’s trademarks.
No Rights or Legitimate Interests
The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name within the meaning of paragraph 4(a)(ii) of the Policy.
A complainant is required to make out a prima facie case that the respondent lacks rights or legitimate interests. Once such a prima facie case is made, the respondent carries the burden of demonstrating rights or legitimate interests in the domain name. If the respondent fails to do so, the complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy. See WIPO Case No. D2003-0455, Croatia Airlines d.d. v. Modern Empire Internet Ltd.
The Complainant contends that the Respondent has no rights in the disputed domain name, and that it has not authorized or licensed the Respondent to use any of its trademarks “INTESA SANPAOLO” and “INTESA”.
The Complainant also asserts that the disputed domain name does not correspond to the name of the Respondent and to the best of its knowledge is not commonly known as “INTESASANPAOLO-ONLINE”. The Complainant, however, did not adduce any direct evidence from the WHOIS database to support this additional assertion which, while not fatal, would have added further weight to the satisfaction of paragraph 4(a)(ii) of the Policy.
Finally, the Complainant contends that it has not found any fair or non-commercial uses of the disputed domain name. The Complainant’s evidence shows that when using Google to access the disputed domain name website, it returned a security error with the message “Sito inganneevole in vista”. While not conclusive, the strong inference is that there is suspected “phishing” activity rather than a fair or non-commercial use of the disputed domain name.
As the Respondent has not filed any administrative compliant response to the Amended Complaint, the Panel accepts that the Complainant’s contention that the Respondent’s use of the disputed domain name is to operate a “phishing” website and therefore it has no rights or legitimate interests to the disputed domain name.
A complainant is required to make out a prima facie case that the respondent lacks rights or legitimate interests. Once such a prima facie case is made, the respondent carries the burden of demonstrating rights or legitimate interests in the domain name. If the respondent fails to do so, the complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy. See WIPO Case No. D2003-0455, Croatia Airlines d.d. v. Modern Empire Internet Ltd.
The Complainant contends that the Respondent has no rights in the disputed domain name, and that it has not authorized or licensed the Respondent to use any of its trademarks “INTESA SANPAOLO” and “INTESA”.
The Complainant also asserts that the disputed domain name does not correspond to the name of the Respondent and to the best of its knowledge is not commonly known as “INTESASANPAOLO-ONLINE”. The Complainant, however, did not adduce any direct evidence from the WHOIS database to support this additional assertion which, while not fatal, would have added further weight to the satisfaction of paragraph 4(a)(ii) of the Policy.
Finally, the Complainant contends that it has not found any fair or non-commercial uses of the disputed domain name. The Complainant’s evidence shows that when using Google to access the disputed domain name website, it returned a security error with the message “Sito inganneevole in vista”. While not conclusive, the strong inference is that there is suspected “phishing” activity rather than a fair or non-commercial use of the disputed domain name.
As the Respondent has not filed any administrative compliant response to the Amended Complaint, the Panel accepts that the Complainant’s contention that the Respondent’s use of the disputed domain name is to operate a “phishing” website and therefore it has no rights or legitimate interests to the disputed domain name.
Bad Faith
The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith within the meaning of paragraph 4(a)(iii) of the Policy.
There are two elements that must be satisfied – registration and use in bad faith.
The evidence shows, and the Panel accepts, that the Complainant’s trademarks “INTESASANPAOLO” and “INTESA” are distinctive and well known all around the world. The Complainant’s trademarks were clearly registered prior to the registration of the disputed domain name.
The disputed domain name currently appears to be passively held and is being blocked by Google Safe Browsing because of suspected phishing activity. The Panel accepts and finds that the uncontradicted facts show that the disputed domain name is or was being used as a “phishing” website and the fact that it is passively held does not negate such a finding.
As already stated by other Panels, “phishing is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.
The Panel considers that for the purpose of satisfying paragraph 4(a)(iii) of the Policy, “use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith”. See WIPO Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado.
It is now established that UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. See WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa, where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.
In the present case, given the Complainant’s world-wide reputation in the financial services sector, it is highly unlikely that the Respondent did not know of the Complainant’s trademarks and business when it registered the disputed domain name, and the use of the disputed domain name as a “phishing” website clearly amounts to use in bad faith.
Finally, the Complainant contended that the sole further aim of the Respondent might be to resell the disputed domain name to the Complainant. There is no evidence adduced by the Complainant that the Respondent has actually sought to resell the disputed domain name to the Complainant. This contention is, therefore, speculative but quite understandable given the identical use of the Complainant’s trademark “INTESASANPAOLO” together with the descriptive term “ONLINE”. While it makes sense that the disputed domain name could be offered up to the Complainant, unless there is evidence of the matters set out in paragraph 4(b)(1) of the Policy, it is unnecessary for the Panel to make such a finding as it has already found that registering and using a disputed domain name as a “phishing” website amount to both registration and use in bad faith.
Accordingly, the Panel accepts that the disputed domain name was registered by the Respondent and used in bad faith.
There are two elements that must be satisfied – registration and use in bad faith.
The evidence shows, and the Panel accepts, that the Complainant’s trademarks “INTESASANPAOLO” and “INTESA” are distinctive and well known all around the world. The Complainant’s trademarks were clearly registered prior to the registration of the disputed domain name.
The disputed domain name currently appears to be passively held and is being blocked by Google Safe Browsing because of suspected phishing activity. The Panel accepts and finds that the uncontradicted facts show that the disputed domain name is or was being used as a “phishing” website and the fact that it is passively held does not negate such a finding.
As already stated by other Panels, “phishing is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.
The Panel considers that for the purpose of satisfying paragraph 4(a)(iii) of the Policy, “use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith”. See WIPO Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado.
It is now established that UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. See WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa, where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.
In the present case, given the Complainant’s world-wide reputation in the financial services sector, it is highly unlikely that the Respondent did not know of the Complainant’s trademarks and business when it registered the disputed domain name, and the use of the disputed domain name as a “phishing” website clearly amounts to use in bad faith.
Finally, the Complainant contended that the sole further aim of the Respondent might be to resell the disputed domain name to the Complainant. There is no evidence adduced by the Complainant that the Respondent has actually sought to resell the disputed domain name to the Complainant. This contention is, therefore, speculative but quite understandable given the identical use of the Complainant’s trademark “INTESASANPAOLO” together with the descriptive term “ONLINE”. While it makes sense that the disputed domain name could be offered up to the Complainant, unless there is evidence of the matters set out in paragraph 4(b)(1) of the Policy, it is unnecessary for the Panel to make such a finding as it has already found that registering and using a disputed domain name as a “phishing” website amount to both registration and use in bad faith.
Accordingly, the Panel accepts that the disputed domain name was registered by the Respondent and used in bad faith.
Procedural Factors
Notification of proceedings to the Respondent
When forwarding a Complaint, including any annexes, electronically to the Respondent, paragraph 2 of the Rules states that CAC shall employ reasonably available means calculated to achieve actual notice to the Respondent.
Paragraphs 2(a)(i) to (iii) set out the sort of measures to be employed to discharge CAC’s responsibility to achieve actual notice to the Respondent.
On December 28, 2021 the CAC by its non-standard communication stated as follows (omitting irrelevant parts):
- That neither the written notice of the Complaint nor the advice of delivery thereof was returned to the Czech Arbitration Court;
- As far as the e-mail notice is concerned, the CAC did not receive any confirmation about delivery if the e-mail sent to zainhyderi@hotmail.com was delivered or not;
- The e-mail notice sent to postmaster@intesasanpaolo-online.com was returned back undelivered as the e-mail address had permanent fatal errors.
No further e-mail address could be found on the disputed site. The Respondent never accessed the online platform.
Given the reasonable measures employed by CAC as set out in the above non-standard communication, the Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
When forwarding a Complaint, including any annexes, electronically to the Respondent, paragraph 2 of the Rules states that CAC shall employ reasonably available means calculated to achieve actual notice to the Respondent.
Paragraphs 2(a)(i) to (iii) set out the sort of measures to be employed to discharge CAC’s responsibility to achieve actual notice to the Respondent.
On December 28, 2021 the CAC by its non-standard communication stated as follows (omitting irrelevant parts):
- That neither the written notice of the Complaint nor the advice of delivery thereof was returned to the Czech Arbitration Court;
- As far as the e-mail notice is concerned, the CAC did not receive any confirmation about delivery if the e-mail sent to zainhyderi@hotmail.com was delivered or not;
- The e-mail notice sent to postmaster@intesasanpaolo-online.com was returned back undelivered as the e-mail address had permanent fatal errors.
No further e-mail address could be found on the disputed site. The Respondent never accessed the online platform.
Given the reasonable measures employed by CAC as set out in the above non-standard communication, the Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Principal Reasons for the Decision
The Complainant owns the international trademarks “INTESASANPAOLO” and “INTESA” and the domain name <intesasanpaolo.com> which are used in connection with its goods or services.
The Respondent registered the disputed domain name <INTESASANPAOLO-ONLINE.COM> on July 21, 2021. The disputed domain name website is currently blocked by Google Safe Browsing because of a suspected “phishing” activity.
The Complainant challenges the Respondent's registration of the disputed domain name under paragraph 4(a)(i) of the Uniform Dispute Resolution Policy ("Policy") and seeks relief that the disputed domain name be transferred to the Complainant.
The Respondent failed to file any administratively compliant response.
For the reasons articulated in the Panel’s reasons above, the Complainant has satisfied the Panel of the following:
(a) The disputed domain name is identical to (when ignoring the descriptive term ONLINE) or confusingly similar to the Complainant’s well-known trademarks “INTESASANPAOLO” and “INTESA”.
(b) The Respondent has no rights or legitimate interests in respect of the disputed domain name.
(c) The disputed domain name has been registered and is being used in bad faith.
The Respondent registered the disputed domain name <INTESASANPAOLO-ONLINE.COM> on July 21, 2021. The disputed domain name website is currently blocked by Google Safe Browsing because of a suspected “phishing” activity.
The Complainant challenges the Respondent's registration of the disputed domain name under paragraph 4(a)(i) of the Uniform Dispute Resolution Policy ("Policy") and seeks relief that the disputed domain name be transferred to the Complainant.
The Respondent failed to file any administratively compliant response.
For the reasons articulated in the Panel’s reasons above, the Complainant has satisfied the Panel of the following:
(a) The disputed domain name is identical to (when ignoring the descriptive term ONLINE) or confusingly similar to the Complainant’s well-known trademarks “INTESASANPAOLO” and “INTESA”.
(b) The Respondent has no rights or legitimate interests in respect of the disputed domain name.
(c) The disputed domain name has been registered and is being used in bad faith.
For all the reasons stated above, the Complaint is
Accepted
and the disputed domain name(s) is (are) to be
- INTESASANPAOLO-ONLINE.COM: Transferred
PANELLISTS
| Name | Adjunct Prof William Lye, OAM QC |
|---|
Date of Panel Decision
2021-12-30
Publish the Decision