Bank of America Corporation v. Chris Cornman
Claim Number: FA1906001849451
Complainant is Bank of America Corporation (“Complainant”), represented by Georges Nahitchevansky of Kilpatrick Townsend & Stockton LLP, New York, USA. Respondent is Chris Cornman (“Respondent”), Texas, USA.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <bofamail.com>, registered with GoDaddy.com, LLC.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Richard Hill as Panelist.
Complainant submitted a Complaint to the Forum electronically on June 24, 2019; the Forum received payment on June 24, 2019.
On June 27, 2019, GoDaddy.com, LLC confirmed by e-mail to the Forum that the <bofamail.com> domain name is registered with GoDaddy.com, LLC and that Respondent is the current registrant of the name. GoDaddy.com, LLC has verified that Respondent is bound by the GoDaddy.com, LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On June 27, 2019, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of July 17, 2019 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@bofamail.com. Also on June 27, 2019, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default. Respondent did however send an e-mail to the Forum, see below.
On July 22, 2019, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed Richard Hill as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain name be transferred from Respondent to Complainant.
A. Complainant
Complainant states that it is one of the world’s largest financial institutions, providing banking, investment, wealth management, and other financial products and services, including investment banking and trading. It is the largest bank holding company in the United States with respect to assets, and the second largest bank by market capitalization. In the U.S. alone, Complainant serves over 49 million consumers and small businesses with approximately 4,400 retail banking offices. With approximately 208,000 employees, Complainant serves clients in over 150 countries through operations in 35 countries. Complainant has rights in the BOFA mark through its registration of the mark in the United States in 2012. The mark is also registered elsewhere around the world.
Complainant alleges that the disputed domain name is identical or confusingly similar to its mark as it contains the mark in its entirety and merely misspells the addition of the generic term “mail.” Complainant cites UDRP precedents to support its position.
According to Complainant, Respondent has no rights or legitimate interests in the disputed domain name. Respondent is not commonly known by the disputed domain name, nor has Complainant authorized, licensed, or otherwise permitted Respondent to use the mark. Respondent does not use the disputed domain name in connection with a bona fide offering of goods or services or legitimate noncommercial or fair use. Rather, Respondent uses the domain name as part of a fraudulent scheme to deliver malware or viruses into the computers of unsuspecting customers by passing off as Complainant in fraudulent e-mails. Complainant cites UDRP precedents to support its position.
Further, says Complainant, Respondent registered and uses the disputed domain name in bad faith for commercial gain and to benefit from the goodwill and reputation associated with Complainant’s BOFA name and mark. Additionally, Respondent has used the domain name as part of a fraudulent scheme to deliver malware or a malicious virus to unsuspecting consumers. Moreover, Respondent had actual knowledge of Complainant’s rights in the BOFA mark when it registered the domain name given that Respondent almost immediately after registering the domain name used it for emails that impersonated employees of Complainant as part of Respondent’s illicit and illegitimate malware scheme. Complainant cites UDRP precedents to support its position.
B. Respondent
Respondent failed to submit a Response in this proceeding. However, it its e-mail to the Forum, Respondent states:
I have no knowledge of this domain name, and have been in contact with GoDaddy to find out where it came from and why it is associated with my account.
I am not, nor have I ever been the owner of this domain, and have requested it be removed from my GoDaddy account.
It appears to me that this may have been purchased and added to my account in a shady and illegal method in order to fleece me for funds to avoid legal ramifications.
I am not pleased at this attempt at hacking and blackmail, and would like this matter dropped immediately.
If the pursuant party is not inclined to drop the case, then it will need to be handled in court.
In addition, I received verification from GoDaddy this morning by phone, that this domain name was added to my account by illegal means and I can only assume that the other party has planned this and is seeking financial gain by illegal means.
Complainant owns the mark BOFA and uses it to market its banking and financial services.
Complainant’s rights in its marks date back to at least 2012.
The disputed domain names were registered in 2019.
Complainant has not licensed or otherwise authorized Respondent to use its marks.
The disputed domain name is used as part of a fraudulent scheme to deliver malware or viruses into the computers of unsuspecting customers. The WHOIS information is false.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
PRELIMINARY ISSUE: IDENTITY THEFT
Respondent, contends that it has been the victim of identity theft, see below. The Forum has not received any further response from the named Respondent and proceeded with the Panel appointment. The Panel has taken the following rules and precedent into account in making a determination on not redacting Respondent’s identity.
According to Policy ¶ 4(j), “[a]ll decisions under this Policy will be published in full over the Internet, except when an Administrative Panel determines in an exceptional case to redact portions of its decision.” In Wells Fargo & Co. v. John Doe as Holder of Domain Name <wellzfargo.com>, FA 362108 (Forum Dec. 30, 2004) and Wells Fargo & Co. v. John Doe as Holder of Domain Name <wellsfargossl>, FA 453727 (Forum May 19, 2005), the panels omitted the respondents’ personal information from the decisions, pursuant to Policy ¶ 4(j), in an attempt to protect the respondents who claimed to be victims of identity theft from becoming aligned with acts the actual registrants appeared to have sought to impute to the respondents.).
However, according to Forum Supplemental Rule 15(b), “All requests pursuant to Policy paragraph 4(j) and Rule 16(b) to have a portion of the decision redacted, must be made in the Complaint, the Response, or an Additional Submission that is submitted before the Panel’s decision is published.” (emphasis added). Rule 1 defines “respondent” as “the holder of a domain-name registration against which a complaint is initiated;” and Forum Supplemental Rule 1(d) further defines “the holder of a domain-name registration” as “the single person or entity listed in the WHOIS registration information at the time of commencement.” The Panel notes precedent which holds the registrar-confirmed registrant of a disputed domain (per the WHOIS at commencement of the proceeding) the proper respondent, notwithstanding the possibility that said respondent’s identity was stolen. See, e.g., Banco Bradesco S/A v. Gisele Moura Leite, D2014-0414 (WIPO Apr. 30, 2014).
In the instant case, there has been no request in the Complaint to redact any portion of the decision, nor has there been one in a Response or an Additional Submission. Consequently, the Panel finds that it is not warranted to redact Respondent’s name and location from the Panel’s decision,
The disputed domain name contains Complainant’s BOFA mark in its entirety and merely adds a misspelling of the generic term “mail” and the “.com” generic top-level domain (“gTLD”). Similar changes in a registered mark have failed to sufficiently distinguish a domain name for the purposes of Policy ¶ 4(a)(i). See MTD Products Inc. v. J Randall Shank, FA 1783050 (Forum June 27, 2018) (“The disputed domain name is confusingly similar to Complainant’s mark as it wholly incorporates the CUB CADET mark before appending the generic terms ‘genuine’ and ‘parts’ as well as the ‘.com’ gTLD.”); .”); see also Hobson, Inc. v. Peter Carrington a/k/a Party Night Inc , D2003-0317 (WIPO July 14, 2003) (“a mere addition or a minor misspelling of Complainant's trademark does not create a new or different mark in which Respondent has legitimate rights”); see also Experian Information Solutions, Inc. v. Credit Research, Inc., D2002-0095 (WIPO May 7, 2002) (“. . . if a domain name incorporates a complainant’s mark in its entirety, it is confusingly similar to that mark despite the addition of other words.”). The Panel therefore finds that the <bofamail.com> domain name is confusingly similar to Complainant’s BOFA mark under Policy ¶ 4(a)(i).
Complainant has not authorized, licensed, or otherwise permitted Respondent to use its mark Complainant. Respondent is not commonly known by the disputed domain name: absent a response, WHOIS information can be used to determine whether or not a Respondent is commonly known by the disputed domain name. See Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent had no rights or legitimate interests in the disputed domain names when the identifying information provided by WHOIS was unrelated to the domain names or respondent’s use of the same); see also Google LLC v. Bhawana Chandel / Admission Virus, FA 1799694 (Forum Sep. 4, 2018) (concluding that Respondent was not commonly known by the disputed domain name where “the WHOIS of record identifies the Respondent as “Bhawana Chandel,” and no information in the record shows that Respondent was authorized to use Complainant’s mark in any way.”). Here, the WHOIS identifies “Chris Cornman” as the registrant. Accordingly, the Panel finds that Respondent is not commonly known by the disputed domain name under Policy ¶ 4(c)(ii).
The disputed domain name is being used as part of a fraudulent scheme to deliver malware or viruses into the computers of unsuspecting customers by passing off as Complainant in fraudulent e-mails. Using a confusingly similar domain name to pass off as a complainant in e-mails and distribute malware can evince a lack of rights and legitimate interests under Policy ¶¶ 4(c)(i) and (iii). See Snap Inc. v. Domain Admin / Whois Privacy Corp., FA 1735300 (Forum July 14, 2017) (“Use of a disputed domain name to offer malicious software does not constitute a bona fide offering or a legitimate use per Policy ¶ 4(c)(i) & (iii).”). Accordingly, the Panel finds that Respondent fails to use the disputed in connection with a bona fide offering of goods or services or a legitimate noncommercial or fair use per Policy ¶ 4(c)(i) or (iii). In addition, the Panel finds that Respondent does not have rights or legitimate interests in the disputed domain name.
Respondent states that the disputed domain name was registered illegally in order to seek financial gain by illegal means. Accordingly, the Panel finds that the disputed domain name was registered in bad faith.
Indeed, as already noted, the disputed domain name is used as part of a fraudulent scheme to deliver malware or a malicious virus to unsuspecting consumers. Using a domain name to install malware onto a users’ computer can show bad faith under Policy ¶ 4(a)(iii). See Google LLC v. Above.com Domain Privacy, FA1753950 (Forum Nov 14, 2017) (Complainant demonstrates that Respondent engages in a phishing scheme to obtain users’ information and downloads malware onto the users’ computers. Using a confusingly similar domain name to phish for personal or financial information and downloading malware are both evidence of bad faith registration and use within the meaning of Policy ¶ 4(a)(iii)). Accordingly, the Panel finds that the disputed domain name has been registered and used in bad faith per Policy ¶ 4(a)(iii).
Further, it appears that the disputed domain name was registered using false WHOIS contact information, and this can evince bad faith registration and use under Policy ¶ 4(a)(iii). See CNU ONLINE Holdings, LLC v. Domain Admin / Whois Privacy Corp., FA1504001614972 (Forum May 29, 2015) (“As the Panel sees that Respondent has provided false or misleading WHOIS information, the Panel finds bad faith in Respondent’s registration of the disputed domain name per Policy ¶ 4(a)(iii).”); see also ABB Asea Brown Boveri Ltd v. Global Mgr, FA 1702001716963 (Forum Mar. 30, 2017) (“Complainant contends that Respondent provided false contact information while registering the disputed domain. Registering a confusingly similar domain name using false contact information can evince bad faith registration.”); see also j2 Global Canada, Inc. and Landslide Technologies, Inc. v. Vijay S Kumar/Strategic Outsourcing Services Pvt Ltd, FA 1411001647718 (Forum Jan. 4, 2016) (“False or misleading contact information indicates bad faith registration and use.”); see also Chevron Intellectual Property LLC v. Phillip Thomas/Chevron Pacific, FA 1504001615524 (Forum May 29, 2015) (“Complainant’s use of false registration data and its unexplained redirection of the disputed domain name to Complainant’s own website are further indications of such bad faith.”); see also McDonald’s Corp. v. Holy See, FA 0304000155458 (Forum June 27, 2003) (“The Panel finds that Respondent provided false contact information in the registration certificates and that such actions, even though not specifically enumerated in the Policy, may form the basis for a finding of bad faith registration and use.”); see also Mars, Incorporated v. RaveClub Berlin, FA 0106000097361 (Forum July 16, 2001) (providing false registration and contact information for infringing domain names evidenced Respondent’s bad faith). Accordingly, the Panel finds that Respondent registered and is using the disputed domain name in bad faith under Policy ¶ 4(a)(iii).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <bofamail.com> domain name be TRANSFERRED from Respondent to Complainant.
Richard Hill, Panelist
Dated: July 22, 2019
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page