Decision for dispute CAC-UDRP-104864

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.

The Complainant, Migros-Genossenschafts-Bund / The Federation Of Migros Cooperative (“MIGROS”) was founded in 1925 and is a large Swiss retailer and financial services company.  The Complainant is the owner of more than 200 trademarks MIGROS (hereinafter the “Migros Trademarks”) registered worldwide, as a word and figure mark in several classes and not only for retail, goods and delivery services, but also for finance services. The Migros Trademarks are registered in many territories worldwide that predate the registration of the disputed domain name by more than 50 years.

The disputed domain name resolves to a website with the following warning notice: “Deceptive Website Warning.

This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers or credit cards.

Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust. Learn more… If you believe this website is safe, you can report an error. Or if you understand the risks involved, you can visit this unsafe website”.

Clicking through to the unsafe website results in just a bare directory page, indicating that the phishing site detected by Google has been deactivated by the website hosting company (and registrar of the disputed domain name), Namecheap.

No administratively compliant Response has been filed. 

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).  

The disputed domain name <credmigros.com> is confusingly similar to the Complainant’s MIGROS Trademarks and domain names since it incorporates the Complainant’s registered trademark MIGROS in its entirety together with the letters “CRED” which is a common shorthand for the common word “credit”.  The inclusion of the MIGROS trademark clearly has not been chosen randomly, but intentionally to deceive consumers to think that the disputed domain name belongs to the Complainant or is in some way related to the Complainant.

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).  The Complainant did not grant the Respondent any authorization for the use of the MIGROS Trademark, nor the registration of the disputed domain name including the MIGROS trademark. There is also no business nor other commercial relationship between the Complainant and the Respondent and therefore, there appears to be no genuine right nor legitimate interest in respect of the disputed domain name.  There is no response by which Respondent claims any such interest, and none can be perceived by the panel, particularly insofar as the unrefuted evidence indicates the disputed domain name has been used for a phishing attack.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).  At the time the Respondent registered the disputed domain name (2022), the trademark MIGROS was already registered and widely used for nearly 50 years in connection to the Complainant’s activities.  The disputed domain name currently resolves (in the Chrome browser) to page with a warning message from Google, indicating that a phishing website had been resolving at the domain name.  Google clearly warns users about risk of installing software or disclosing personal or financial information, like passwords, phone numbers or credit cards, demonstrating a real danger to consumers and Internet users.  Clicking through to the previously unsafe website indicates only a bare directory site, indicating that the phishing website found by Google has also been deactivated by the web host (and registrar) of the disputed domain, Namecheap.  It is obviously bad faith to use a domain name that incorporates a well-known trademark, for purposes of trying to steal information from consumers.

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

It is obviously bad faith to use a domain name that incorporates a well-known trademark, for purposes of trying to steal information from consumers.