Domain Name Dispute Lawyer recovers phishing domains from cybersquatter (June, 2020)

ADMINISTRATIVE PANEL
DECISION

CIIDRC case number: URDP-12282
Decision date: June 19, 2020
Panelist: Douglas M. Isenberg
The Disputed Domain Names: <mejurishop.com>; <mejurisale.com>; <mejuristore.com>
Complainant: Mejuri Inc.
Respondents: Sindy Chen – <mejurishop.com>
Allen Lee – <mejurisale.com>
Tracy Wu – <mejuristore.com>
Registrar: GoDaddy.com, LLC

1. PROCEDURAL HISTORY

The Canadian International Internet Dispute Resolution Centre (“CIIDRC”) has informed the Panel as follows: The Complaint was filed with CIIDRC on May 12, 2020. CIIDRC checked the Complaint and determined that it satisfies the formal requirements of the Uniform Domain Name Dispute Resolution Policy (“UDRP”) Policy and Rules, and the CIIDRC Supplemental Rules. On May 13, 2020, CIIDRC transmitted by email to the Registrar, GoDaddy.com, LLC, a request for registrar verification in connection with the Disputed Domain Names. On May 14,2020, the Registrar confirmed that the Disputed Domain Names were placed in a Registrar LOCK. In addition, the Registrar reported that the Disputed Domain Names were registered under different names. The Registrar also provided the identity and contact details of all three Respondents. On May 14, 2020, CIIDRC advised counsel for the Complainant that pursuant to UDRP Rule 3 (c) three different Complaints must be filed against each Respondent. Counsel for the Complainant made Amendments to the Complaint addressing the issue of Multiple Respondents. The date of commencement of the Proceeding is May 15, 2020. Respondent failed to submit a response by the due date, June 4, 2020, which CIIDRC so notified the parties on June 5, 2020. CIIDRC appointed Douglas M. Isenberg as Panel on June 8, 2020.

2. FACTS ALLEGED BY THE PARTIES

Complainant states that it was founded in 2012 and is “a popular and well-established retailer of fine jewelry both on the Internet and through five brick and mortar stores in Toronto, New York City, Los Angeles, and San Francisco, with additional stores planned in Boston and Austin.” Complainant further states that “its annual revenue is in the tens of millions of dollars annually and its “annual marketing budget is millions of dollars annually.” Complainant further states that it “has been featured in numerous magazines such as Forbes, Elle, TechCrunch, and New York Magazine” and that it “enjoys a massive social media following on Instagram and Facebook, with over 769,000 followers on Instagram and 100,000 followers on Facebook, where the Complainant showcases its latest designs and products.”

Complainant is the registrant of the domain name <mejuri.com>, which was created on June 19, 2012.

Complainant states, and provides evidence to support, that it is the owner of seven trademark registrations for the word MEJURI for use in connection with jewelry and related goods, including Canadian Reg. No. TMA9206061 (registered January 15, 2016) and U.S. Reg. No. 5,879,690 (registered October 8, 2019). These trademarks are referred to herein as the “MEJURI Trademark.”

The Disputed Domain Names were created on April 28, 2020 (<mejurishop.com>); May 4,2020 (<mejurisale.com>); and May 5, 2020 (<mejuristore.com>) and, as stated in the Complaint, are being used to “reproduce the Complainant’s website, including its look and feel, text, images, products, structure, and trademark, in order to fool consumers into ordering and paying for jewelry that they will never receive.”

3. CONTENTIONS OF THE PARTIES

  • Complainant

Complainant contends, in relevant part, as follows:

Each of the Disputed Domain Names is confusingly similar to the MEJURI Trademark because each includes the MEJURI Trademark in its entirety, and the “descriptive words” “sale”, “shop”, and “store” “do not serve to distinguish the Disputed Domain Names from the Complainant’s Trademarks.”

Respondent has no rights or legitimate interests in respect of the Disputed Domain Names because, inter alia, “Respondent registered the Domain Names corresponding to the Complainant’s Trademarks only in order to sow confusion and take advantage of the Complainant and the public”; “Respondent has not been commonly known as MEJURI or by the Domain Names prior to the Respondent’s registration of the Disputed Domain Names”; Complainant has not granted to Respondent “any license or permission from the Complainant to use any of its
trademarks or to use any domain names incorporating the trademarks”; and the websites associated with the Disputed Domain Names “are intentionally designed to deceive customers into believe that they are visiting a genuine MEJURI online web store.” The Disputed Domain Names were registered and are being used in bad faith
because, inter alia, “Respondent set out to pass itself off as the Complainant by creating fake online stores.”

  • Respondent

The Respondent did not reply to the Complainant’s contentions.

4. DISCUSSION AND FINDINGS 

As an initial matter, the Panel addresses the issue of perhaps multiple respondents, as discussed above. In its amended complaint, Complainant notes that the “Complaint was originally commenced against the named Respondent, ‘sindy chen’ as the recorded registrant of the Disputed Domain Name as per the Whois record for MejuriShop.com, as well as against ‘Registrant Private, Domains By Proxy, LLC’, because the other two Disputed Domain Names (MejuriSale.com and MejuriStore.com) were under privacy protection.” Complainant argues that the newly identified registrants as shown in the Whois records “appear[] to be falsified, likely on purpose to conceal the real identity of the cybersquatter and fraudster behind the unlawful activity detailed herein” and that “each registration was likely made by the very same person as the records all share the same email and each Disputed Domain Name is used for the very same scam with identical fraudulent and phishing websites.” Specifically, Complainant states:

As can readily be seen in the Whois records, all three records have some unique similarities. First, all three share the exact same email address of “[email protected]“. Second, all three Disputed Domain Names were registered
at similar times, i.e. on May 5, 2020, (Mejruistore.com), April 28, 2020 (MejuriShop.com), and May 4, 2020 (MejuriSale.com). Third, all three registrants’ names are, unusually, spelled all in lower case, with an even more unusual spelling for “sindy” (which is normally “Cindy”). Fourth, each registrant has what appears
to be a fake street address consisting of random numbers. Fifth, the telephone numbers for each registrant also appear to be made up from random adjacent numbers on the keyboard. Sixth, all three registrations have the same
nameservers, namely “Cloudflare”, indicating that they all use the same DNS redirection service. Seventh, there are obvious inconsistencies between the specified city and province of each registrant. For example, the Whois record for
“sindy chen” specifies “guizhou” as the registrant’s city, when in fact Guizhou is a province in China, and the specified province is Fujian, which is another Chinese province entirely. The registration for “allen “lee” specifies “huzhou” as being a city in the province of Fujian, when in fact Huizhou is in Guangdong province. And the registration record for “tracy woo” specifies “beijing” as being in Fujian province, when Fujian is nowhere near Beijing.

As set forth in section 4.11.2 of WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”):

Where a complaint is filed against multiple respondents, panels look at whether (i) the domain names or corresponding websites are subject to common control, and (ii) the consolidation would be fair and equitable to all parties. Procedural efficiency would also underpin panel consideration of such a consolidation scenario.

Panels have considered a range of factors, typically present in some combination, as useful to determining whether such consolidation is appropriate, such as similarities in or relevant aspects of (i) the registrants’ identity(ies) including pseudonyms, (ii) the registrants’ contact information including email address(es), postal address(es), or phone number(s), including any pattern of irregularities, (iii) relevant IP addresses, name servers, or webhost(s), (iv) the content or layout of websites corresponding to the disputed domain names, (v) the nature of the marks
at issue (e.g., where a registrant targets a specific sector), (vi) any naming patterns in the disputed domain names (e.g., <mark-country> or <mark-goods>), (vii) the relevant language/scripts of the disputed domain names particularly where they are the same as the mark(s) at issue, (viii) any changes by the respondent relating to
any of the above items following communications regarding the disputed domain name(s), (ix) any evidence of respondent affiliation with respect to the ability to control the disputed domain name(s), (x) any (prior) pattern of similar respondent

1 – https://www.wipo.int/amc/en/domains/search/overview3.0/

behavior, or (xi) other arguments made by the complainant and/or disclosures by the respondent(s).

In light of the above, the Panel considers consolidation appropriate here.

In accordance with Paragraph 4 of the Policy, the onus is on the Complainant to prove:

  1. That the Domain Names are identical or confusingly similar to a trademark or service mark in which the Complainant has rights:
  2. That the Respondent has no rights or legitimate interests in the Domain Names; and
  3. That the Domain Names have been registered and are being used in bad faith.

To consider each of these requirements in turn.

1) That the Domain Names are Identical or Confusingly Similar to a Mark in which the Complainant has Rights

Based upon the trademark registrations cited by Complainant, it is apparent that Complainant has rights in and to the MEJURI Trademark.

As to whether the Disputed Domain Names are identical or confusingly similar to the MEJURI Trademark, the relevant comparison to be made is with the second-level portion of the Disputed Domain Names only (i.e., “mejurishop”, “mejurisale”, and “mejuristore”) because “[t]he applicable Top-Level Domain (‘TLD’) in a domain name (e.g., ‘.com’, ‘.club’, ‘.nyc’) is viewed as a standard registration requirement and as such is disregarded under the first element confusing similarity test”. WIPO Overview 3.0, section 1.11.1.

Each of the Disputed Domain Names contains the MEJURI Trademark in its entirety, adding only the words “shop”, “sale” and “store”. As set forth in section 1.7 of WIPO Overview 3.0, “in cases where a domain name incorporates the entirety of a trademark, or where at least a dominant feature of the relevant mark is recognizable in the domain
name, the domain name will normally be considered confusingly similar to that mark for purposes of UDRP standing.” See also section 1.8 of WIPO Overview 3.0: “Where the relevant trademark is recognizable within the disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) would not prevent a finding of confusing similarity under the first element.”

Accordingly, the Panel finds that Complainant has proven the first element of the Policy.

2) That the Respondent has No Rights or Legitimate Interest in the Domain Names

Complainant has argued that Respondent has no rights or legitimate interests in respect of the Disputed Domain Name because, inter alia, “Respondent registered the Domain Names corresponding to the Complainant’s Trademarks only in order to sow confusion and take advantage of the Complainant and the public”; “Respondent has not been commonly known as MEJURI or by the Domain Names prior to the Respondent’s
registration of the Disputed Domain Names”; Complainant has not granted to Respondent “any license or permission from the Complainant to use any of its trademarks or to use any domain names incorporating the trademarks”; and the websites associated with the Disputed Domain Names “are intentionally designed to deceive customers into believe that they are visiting a genuine MEJURI online web store.”

WIPO Overview 3.0, section 2.1, states: “[w]hile the overall burden of proof in UDRP proceedings is on the complainant, panels have recognized that proving a respondent lacks rights or legitimate interests in a domain name may result in the often impossible task of ‘proving a negative’, requiring information that is often primarily within the knowledge or control of the respondent. As such, where a complainant makes out a prima facie case that the respondent lacks rights or legitimate interests, the burden of production on this element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the domain name. If the
respondent fails to come forward with such relevant evidence, the complainant is deemed to have satisfied the second element.”

The Panel finds that Complainant has established its prima facie case and without any evidence from Respondent to the contrary, the Panel is satisfied that Complainant has satisfied the second element of the Policy.

3) That the Respondent has Registered and Used the Domain Names in Bad Faith

Whether a domain name is registered and used in bad faith for purposes of the Policy may be determined by evaluating four (non-exhaustive) factors set forth in the Policy: (i) circumstances indicating that the registrant has registered or acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain

name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of the registrant’s documented out-of-pocket costs directly related to the domain name; or (ii) the registrant has registered the domain name in order to prevent the owner of the
trademark or service mark from reflecting the mark in a corresponding domain name, provided that the registrant has engaged in a pattern of such conduct; or (iii) the registrant has registered the domain name primarily for the purpose of disrupting the business of a competitor; or (iv) by using the domain name, the registrant has
intentionally attempted to attract, for commercial gain, Internet users to the registrant’s website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of the registrant’s website or location or of a product or service on the registrant’s website or location. Policy, paragraph 4(b).

As stated above, Respondent is using the Disputed Domain Names to “reproduce the Complainant’s website, including its look and feel, text, images, products, structure, and trademark, in order to fool consumers into ordering and paying for jewelry that they will never receive.” As numerous previous panels have stated, bad faith exists where
“Respondent just imitates the look and feel of the website of the Complainant.” Puerto 80 Projects SLU v. Domains By Proxy, LLC, DomainsByProxy.com and Jupiter Miguel Tarrero Gallo, WIPO Case No. D2012-1563. See also, e.g., The Dow Chemical Company v. dowaychemical [email protected] +86.7508126859, WIPO Case No. D2008-
1078 (finding bad faith where Complainant alleged that Respondent’s website “fraudulently impersonat[ed] the Complainant” because “[t]he Respondent was clearly specifically targeting the Complainant’s trademark and attempting to divert Internet users searching for the Complainant’s product to the Respondent’s website”); Emu (Aus) Pty Ltd. and Emu Ridge Holdings Pty Ltd. v. Antonia Deinert, WIPO Case No. D2010- 1390 (“a reasonable person who visited the Respondent’s website was likely to be misled in relation to the source, sponsorship, affiliation, or endorsement of the website and the products purportedly made available for online sale on the website”); and Cantor Fitzgerald Securities, Cantor Index Limited v. Cantor Index, WIPO Case No. D2010-0807
(finding bad faith where “Respondent copied text, logos and other elements from Complainant’s website”).

to impersonate Complainant by, among other things, sending emails that appear to be from Complainant and operating a website that appears to be, or to be associated with, Complainant. This clearly creates a “likelihood of confusion” leading to bad faith under paragraph 4(b)(iv) of the Policy. Further, “fraudulently impersonating” a complainant has often been found to constitute bad faith. See, e.g., The Dow Chemical Company v.
dowaychemical [email protected] +86.7508126859, WIPO Case No. D2008-1078. And, sending emails that appear to be from Complainant under the facts of this case is a type of “phishing” that is “manifestly considered evidence of bad faith.” WIPO Overview 3.0, section 3.1.4.

Accordingly, the Panel finds that the Complainant has proven the third element of the Policy.

5. DECISION and ORDER

For the above reasons, in accordance with Paragraph 4 of the Policy, Paragraph 15 of the Rules, and Rule 10 of the Supplemental Rules, the Panel orders that the Disputed Domain Names <mejurishop.com>, <mejurisale.com>, and <mejuristore.com>be transferred to the Complainant.

Made as of June 19, 2020.