In a recent February 15 decision by the World Intellectual Property Organization (WIPO), approximately 40 domain names were ordered transferred from their registrants to Yahoo! (WIPO Case D2015-2323). The domains included yahoopasswordreset.com, yahootechnicalsupport.net, yahootechsupport.net, yahoosupportnumber.com, yahoo-customerservice.com, yahoomailcustomersupport.com, yahoo-tech-support.com, etc. The domain names were registered by multiple parties, however, Yahoo! was able to identify common management and control of the parties. Yahoo! alleged that the registrants sought to obtain remote access to users’ computers through a phishing scheme that compromised users’ personal and sensitive information for financial gain by “spoofing (Yahoo!’s) technical support.” This common control was established through the use of the same MSN email account, the same IP address and the same physical address in the registration details. There were also similar patterns of operation that were established. Yahoo! filed extensive documentation to identify the patterns and the WIPO panel was convinced.
Only two of the registrants sent communications in response to the WIPO notices. The first originally claimed that they were doing nothing wrong, and then subsequently denied any connection to the website. The other merely stated that they were no longer associated with the domains.
The WIPO panel had little trouble establishing the three prongs of the test:
- The disputed names are identical or confusingly similar to a trade mark or service mark owned by Yahoo!.
- The registrants have no rights or legitimate interest to the domains:
The panel stated that “Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website or email address is created that is similar to that of a legitimate organization and this is used for identity theft and other predatory activities. See, e.g., Halifax plc. v. Sontaja Sunduci, WIPO Case No. D2004-0237. The domains in question resolve to websites that give the impression of being customer support or are used for email accounts.
- The disputed domain names have been registered and are being used in bad faith:
The panel believes that establishing a phishing website is a strong example of bad faith. “Such conduct is squarely of the type that the Policy is designed to prevent.”
While the common control may not have been immediately evident, the WIPO panelist was quite willing to determine the common control. When dealing with multiple entities, it would pay dividends to have as much evidence gathered at the time of filing and to be prepared to go back and identify other linking factors. The Uniform Domain-Name Dispute-Resolution Policy (UDRP) process can move quickly. Yahoo! filed its initial action in late December 2015, and a decision was issued on February 15, 2016.