Bank of America Corporation v. norman Daphne Gonzalez / Stefan Gomes
Claim Number: FA2105001948936
Complainant is Bank of America Corporation (“Complainant”), represented by Georges Nahitchevansky of Kilpatrick Townsend & Stockton LLP, New York, USA. Respondent is norman Daphne Gonzalez / Stefan Gomes (“Respondent”), Florida, USA.
REGISTRAR AND DISPUTED DOMAIN NAMES
The domain names at issue are <bofafraudunit.com> and <bofacybercrimes.com>, registered with Google LLC; Launchpad.com Inc..
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Ho Hyun Nahm, Esq. as Panelist.
Complainant submitted a Complaint to the Forum electronically on May 27, 2021; the Forum received payment on May 27, 2021.
On May 28, 2021, Google LLC; Launchpad.com Inc. confirmed by e-mail to the Forum that the <bofafraudunit.com> and <bofacybercrimes.com> domain names are registered with Google LLC; Launchpad.com Inc. and that Respondent is the current registrant of the names. Google LLC; Launchpad.com Inc. has verified that Respondent is bound by the Google LLC; Launchpad.com Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On June 3, 2021, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of June 23, 2021 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@bofafraudunit.com, postmaster@bofacybercrimes.com. Also on June 3, 2021, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.
On June 28, 2021, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed Ho Hyun Nahm, Esq. as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain names be transferred from Respondent to Complainant.
PRELIMINARY ISSUE: IDENTITY THEFT
Respondent contends that it has been the victim of identity theft. Specifically, on June 12, 2021, the Forum received an email communication from an individual stating that he/she did not register the disputed domain names and has no knowledge of the addressees of the Complaint. With the exception of the individual’s emails denying registration of the domain names, the individual has not provided other evidence in support of a claim of stolen identity. Further, as of the Response due date, the Forum had not received any formal Response and proceeded with the Panel appointment.
According to Policy ¶ 4(j), “[a]ll decisions under this Policy will be published in full over the Internet, except when an Administrative Panel determines in an exceptional case to redact portions of its decision.” In Wells Fargo & Co. v. John Doe as Holder of Domain Name <wellzfargo.com>, FA 362108 (Forum Dec. 30, 2004) and Wells Fargo & Co. v. John Doe as Holder of Domain Name <wellsfargossl>, FA 453727 (Forum May 19, 2005), the panels omitted the respondents’ personal information from the decisions, pursuant to Policy ¶ 4(j), in an attempt to protect the respondents who claimed to be victims of identity theft from becoming aligned with acts the actual registrants appeared to have sought to impute to the respondents.).
However, according to Forum Supplemental Rule 15(b), “All requests pursuant to Policy paragraph 4(j) and Rule 16(b) to have a portion of the decision redacted, must be made in the Complaint, the Response, or an Additional Submission that is submitted before the Panel’s decision is published.” (emphasis added). Rule 1 defines “respondent” as “the holder of a domain-name registration against which a complaint is initiated;” and Forum Supplemental Rule 1(d) further defines “the holder of a domain-name registration” as “the single person or entity listed in the WHOIS registration information at the time of commencement.” The Panel notes precedent which holds the registrar-confirmed registrant of a disputed domain (per the WHOIS at commencement of the proceeding) the proper respondent, notwithstanding the possibility that said respondent’s identity was stolen. See, e.g., Banco Bradesco S/A v. Gisele Moura Leite, D2014-0414 (WIPO Apr. 30, 2014).
The Panel notes that the Forum received an email communication from an individual stating “I received the attached letter addressed to me. This appears to case of mistaken identity, as the only domain name I have ever registered is <****.com>, which is for my clothing boutique. The letter is also addressed to “Norman” and “Stefan Gomes,” who are not known to me. Would you please look into this and let me know?” The Panel also notes that there has been no request in the Complaint to redact any portion of the decision, nor has there been a Response or an Additional Submission. Consequently, the Panel finds that it is not warranted to redact Respondent’s name and location from the Panel’s decision.
PRELIMINARY ISSUE: MULTIPLE RESPONDENTS
Complainant has alleged that the entities which control the domain names at issue are effectively controlled by the same person and/or entity, which is operating under several aliases. Paragraph 3(c) of the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”) provides that a “complaint may relate to more than one domain name, provided that the domain names are registered by the same domain name holder.” Complainant contends that the domain names are controlled by the same entity since both domain names at issue were registered in April 2021, albeit through different registrars, the contact addresses and phone numbers are the same, and the domain names have been used in the same fraudulent scheme involving emails sent by Stefan Gomes, who registered for <bofacybercrimes.com>.
The Panel finds that the domain names are commonly owned or controlled by a single Respondent who is using multiple aliases.
A. Complainant
i) Complainant, Bank of America, is a banking and financial services company. Complainant has rights in the BOFA mark based on registration of the mark with the United States Patent and Trademark Office (“USPTO”) (e.g., Reg. No. 4,210,429, registered Sep. 18, 2012). The disputed domain names are confusingly similar to Complainant’s mark since they incorporate Complainant’s entire mark, adding only the terms “fraud unit” and “cybercrimes,” and the “.com” generic top-level domain (“gTLD”).
ii) Respondent lacks rights and legitimate interests in the disputed domain names as it is not commonly known by the disputed domain names and Complainant has not licensed or permitted Respondent to use the BOFA mark. Additionally, Respondent does not use the disputed domain names for any bona fide offering of goods or services, nor for any legitimate noncommercial or fair use because Respondent engages in a fraudulent email scheme in which Respondent passes off as Complainant and phishes for information from consumers.
iii) Respondent registered and uses the disputed domain names in bad faith because Respondent engages in a pattern of bad faith registration and use. Respondent also engages in a fraudulent email scheme using the disputed domain names. Additionally, Respondent had actual knowledge of Complainant’s rights in the BOFA mark since Respondent registered multiple domain names based on Complainant’s mark and uses them to send fraudulent emails, posing as Complainant.
B. Respondent
Respondent did not submit a response to this proceeding.
1. The <bofafraudunit.com> and <bofacybercrimes.com> domain names were registered on April 27, 2021 and April 17, 2021, respectively.
2. Complainant has established rights in the BOFA mark based on registration of the mark with the United States Patent and Trademark Office (“USPTO”) (e.g., Reg. No. 4,210,429, registered Sep. 18, 2012).
3. Respondent’s emails use Complainant’s logo and Respondent poses as Complainant in order to mislead consumers into providing confidential information.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
Complainant claims rights in the BOFA mark through its registration with the USPTO (e.g., Reg. No. 4,210,429, registered Sep. 18, 2012). Registration of a mark with a national trademark agency is sufficient to demonstrate rights in a mark under Policy ¶ 4(a)(i). See Target Brands, Inc. v. jennifer beyer, FA 1738027 (Forum July 31, 2017) ("Complainant has rights in its TARGET service mark for purposes of Policy ¶ 4(a)(i) by virtue of its registration of the mark with a national trademark authority, the United States Patent and Trademark Office (“USPTO”).”). Therefore, the Panel finds Complainant has rights in the mark under Policy ¶ 4(a)(i).
Complainant argues that the disputed domain names are confusingly similar to Complainant’s BOFA mark because they incorporate Complainant’s entire mark, adding only the terms “fraud unit” and “cybercrimes,” and the gTLD “.com.” The Panel observes that a domain name wholly incorporating a complainant’s registered mark is sufficient to establish confusing similarity despite the addition of other words, including negative words. See Oki Data Ams., Inc. v. ASD, Inc., D2001-0903 (WIPO Nov. 6, 2001) (“[T]he fact that a domain name wholly incorporates a Complainant’s registered mark is sufficient to establish identity [sic] or confusing similarity for purposes of the Policy despite the addition of other words to such marks”); see also Chevron Intellectual Property LLC v. andrew toro, FA 1487014 (Forum Apr. 11, 2013) (finding, “The affixation of negative terms does not defeat a finding of confusing similarity” where the respondent registered the domain <chevronthinkswerestupid.com>). Further, although not argued by Complainant, the addition of the gTLD “.com” is also insufficient to differentiate a disputed domain name from a mark. Therefore, the Panel finds that the disputed domain names are confusingly similar to Complainant’s mark under Policy ¶ 4(a)(i).
Complainant must first make a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii), then the burden shifts to Respondent to show it does have rights or legitimate interests. See Advanced International Marketing Corporation v. AA-1 Corp, FA 780200 (Forum Nov. 2, 2011) (finding that a complainant must offer some evidence to make its prima facie case and satisfy Policy ¶ 4(a)(ii)); see also Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”).
Complainant argues that Respondent does not have rights or legitimate interests in the disputed domain names because Respondent is not commonly known by the disputed domain names, nor has Complainant licensed or permitted Respondent to use the BOFA mark. Under Policy ¶ 4(c)(ii), when no response is submitted, relevant WHOIS information may demonstrate that a respondent is not commonly known by a disputed domain name. See Guardair Corporation v. Pablo Palermo, FA1407001571060 (Forum Aug. 28, 2014) (holding that the respondent was not commonly known by the <guardair.com> domain name according to Policy ¶ 4(c)(ii), as the WHOIS information lists “Pablo Palermo” as registrant of the disputed domain name). Additionally, lack of authorization to use a mark is further evidence that a respondent is not commonly known by the mark. See Indeed, Inc. v. Ankit Bhardwaj / Recruiter, FA 1739470 (Forum Aug. 3, 2017) (“Respondent lacks both rights and legitimate interests in respect of the at-issue domain name. Respondent is not authorized to use Complainant’s trademark in any capacity and, as discussed below, there are no Policy ¶4(c) circumstances from which the Panel might find that Respondent has rights or interests in respect of the at-issue domain name.”). Here, the WHOIS information identifies “norman Daphne Gonzalez” and “Stefan Gomes” as the registrants for <bofafraudunit.com> and <bofacybercrimes.com>, respectively. Additionally, Complainant asserts that it has not licensed or permitted Respondent to use the BOFA mark. Thus, the Panel finds that Respondent is not commonly known by the domain names under Policy ¶ 4(c)(ii).
Furthermore, Complainant argues that Respondent does not use the disputed domain names for any bona fide offering of goods or services or legitimate noncommercial or fair use under Policy ¶ 4(c)(i) and 4(c)(iii) because Respondent engages in a fraudulent email scheme in which Respondent passes off as Complainant and phishes for information from consumers. Passing off as complainant and using a disputed domain name to send fraudulent emails in order to phish for consumers’ information cannot be a bona fide offering of goods or services or legitimate noncommercial or fair use. See Emerson Electric Co. v. Adilcon Rocha, FA 1735949 (Forum July 11, 2017) (finding that respondent’s attempt to pass off as complainant through emails does not constitute a bona fide offering of goods or services and, as such, respondent lacked rights or legitimate interests in the disputed domain name); see also Microsoft Corporation v. Terrence Green / Whois Agent / Whois Privacy Protection Service, Inc., FA 1661030 (Forum Apr. 4, 2016) (finding the respondent’s use of the disputed domain names to send fraudulent emails purportedly from agents of complainant to be neither a bona fide offering of goods or services under Policy ¶ 4(c)(i), nor a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii)); see additionally Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent lacked rights and legitimate interests in a domain name with which it conducted a phishing scheme to procure “Internet users’ personal information”). Here, Complainant provides screenshots showing that Respondent sends emails which feature Complainant’s “Bank of America” mark and present Respondent as being affiliated with “BOFA Cash Pro Cybercrimes Division.” The emails tell the victims that their account credentials have been compromised. Complainant contends that these activities constitute an attempt to pass off as Complainant and to mislead consumers into disclosing confidential account, login, and other information. Thus, the Panel finds that Respondent is not using the domain names for a bona fide offering of goods or services under Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii).
The Panel finds that Complainant has made out a prima facie case that arises from the considerations above. All of these matters go to make out the prima facie case against Respondent. As Respondent has not filed a Response or attempted by any other means to rebut the prima facie case against it, the Panel finds that Respondent has no rights or legitimate interests in the disputed domain names.
Complainant argues that Respondent registered and uses the disputed domain names in bad faith under Policy ¶¶ 4(b)(iii) and (iv) because Respondent passes itself off as Complainant as a part of an email phishing scheme. Use of a disputed domain name to impersonate the complainant in fraudulent emails for the purpose of phishing can be evidence of bad faith disruption of a complainant’s business under Policy ¶ 4(b)(iii) and an attempt to attract users for commercial gain under Policy ¶ 4(b)(iv). See Zoetis Inc. and Zoetis Services LLC v. VistaPrint Technologies Ltd, FA1506001623601 (Forum July 14, 2015) (“Respondent’s attempt to use the <zoietis.com> domain name to phish for personal information in fraudulent emails also constitutes bad faith pursuant to Policy ¶ 4(a)(iii).”); see also Chevron Intellectual Property, LLC v. Jack Brooks, FA 1635967 (Forum Oct. 6, 2015) (finding that Respondent’s use of <chevron-corps.com> to impersonate an executive of Complainant in emails is in opposition to Complainant and is therefore in bad faith under Policy ¶ 4(b)(iii)); see additionally Microsoft Corporation v. Terrence Green / Whois Agent / Whois Privacy Protection Service, Inc., FA 1661030 (Forum Apr. 4, 2016) (finding the Respondent’s use of the disputed domain names to send fraudulent emails supported a finding of bad faith registration and use under Policy ¶ 4(b)(iii)). The Panel recalls that Complainant has provided screenshots of Respondent’s emails wherein Respondent makes use of Complainant’s logo and poses as Complainant in order to mislead consumers into providing confidential information. Therefore, the Panel finds bad faith under Policy ¶¶ 4(b)(iii) and (iv).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <bofafraudunit.com> and <bofacybercrimes.com> domain names be TRANSFERRED from Respondent to Complainant.
Ho Hyun Nahm, Esq., Panelist
Dated: June 30, 2021
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page