The Toronto-Dominion Bank v. Saim raza
Claim Number: FA1709001751658
Complainant is The Toronto-Dominion Bank (“Complainant”), represented by CSC Digital Brand Services AB, Sweden. Respondent is Saim raza (“Respondent”), Pakistan.
REGISTRAR AND DISPUTED DOMAIN NAMES
The domain names at issue are <td-bankcanada.com>, <td1-acc-login.com> and <td1-login-acc1.com>, registered with Internet Domain Service BS Corp.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
The Honourable Neil Anthony Brown QC as Panelist.
Complainant submitted a Complaint to the Forum electronically on September 29, 2017; the Forum received payment on September 29, 2017.
On October 3, 2017, Internet Domain Service BS Corp confirmed by e-mail to the Forum that the <td-bankcanada.com>, <td1-acc-login.com> and <td1-login-acc1.com> domain names are registered with Internet Domain Service BS Corp and that Respondent is the current registrant of the names. Internet Domain Service BS Corp has verified that Respondent is bound by the Internet Domain Service BS Corp registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On October 4, 2017, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of October 24, 2017 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@td-bankcanada.com, postmaster@td1-acc-login.com, postmaster@td1-login-acc1.com. Also on October 4, 2017, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.
On October 27, 2017, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed The Honourable Neil Anthony Brown QC as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain names be transferred from Respondent to Complainant.
A. Complainant
Complainant made the following contentions
Complainant, Toronto-Dominion Bank, uses its TD and TD BANK marks to promote its products and services in the financial and banking business market. Complainant has rights in its TD and TD BANK marks through registration with the United States Patent and Trademark Office (“USPTO”) (e.g. TD—Reg. No. 1,649,009, registered June 25, 1991; TD BANK—Reg. No. 3,788,055, registered May 11, 2010). See Compl. Ex. A. Respondent’s <td-bankcanada.com> is confusingly similar to Complainant’s TD BANK mark because it adds a hyphen between the mark’s terms and appends a geographic term “canada” and generic top-level domain (“gTLD”) “.com” to the fully incorporated mark. Respondent’s <td1-acc-login.com> and <td1-login-acc1.com> are confusingly similar to Complainant’s TD mark because it adds related terms, hyphens, and the number “1” to the fully incorporated mark and appends the gTLD “.com.”
Respondent does not have right or legitimate interests in the disputed domain name. Complainant has not licensed or otherwise authorized Respondent to use its marks in any fashion, and Respondent is not commonly known by any of the domain names. Respondent is not using the disputed domain names in connection with any bona fide offering of goods or services or legitimate noncommercial or fair use. Instead, the domain names host websites that mirror Complainant’s EasyWeb account login page to lure unsuspecting Internet users into divulging personal information. See Compl. Ex. F (Screenshots of Domain Names’ Resolving Websites).
Respondent registered and is using the infringing domain names in bad faith. Respondent had actual knowledge of Complainant’s rights in the TD and TD BANK mark at the time the infringing domain names were registered. Further, Respondent used the domain names to conduct a phishing attack on Internet users’ personal and financial information.
B. Respondent
Respondent failed to submit a Response in this proceeding.
1. Complainant is a Canadian company engaged in financial, banking and related businesses.
2. Complainant has established its rights to the TD and TD BANK marks through their registration with the United States Patent and Trademark Office (“USPTO”) (e.g. TD—Reg. No. 1,649,009, registered June 25, 1991; TD BANK—Reg. No. 3,788,055, registered May 11, 2010).
3. Respondent registered the <td1-acc-login.com> and <td1-login-acc1.com> domain names on July 23, 2017 and the <td-bankcanada.com> domain name was registered July 13, 2017.
4. The domain names host websites that mirror Complainant’s EasyWeb account login page to lure unsuspecting Internet users into divulging personal information.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations and inferences set forth in the Complaint as true unless the evidence is clearly contradictory. See Vertical Solutions Mgmt., Inc. v. webnet-marketing, inc., FA 95095 (Forum July 31, 2000) (holding that the respondent’s failure to respond allows all reasonable inferences of fact in the allegations of the complaint to be deemed true); see also Talk City, Inc. v. Robertson, D2000-0009 (WIPO Feb. 29, 2000) (“In the absence of a response, it is appropriate to accept as true all allegations of the Complaint.”).
The first question that arises is whether Complainant has rights in a trademark or service mark on which it may rely. Complainant contends it has rights in its TD and TD BANK marks through registration with the USPTO (e.g. Reg. No. 1,649,009, registered June 25, 1991; Reg. No. 3,788,055, registered May 11, 2010, respectively). See Compl. Ex. A. Registration of a mark with a trademark authority, such as the USPTO, confers rights in a mark. See BGK Trademark Holdings, LLC & Beyoncé Giselle Knowles-Carter v. Chanphut / Beyonce Shop, FA 1626334 (Forum Aug. 3, 2015) (asserting that Complainant’s registration with the USPTO (or any other governmental authority) adequately proves its rights under Policy ¶ 4(a)(i)). Therefore, the Panel finds that Complainant has rights in the TD and TD BANK marks.
The next question that arises is whether the disputed domain names are identical or confusingly similar to Complainant’s TD and TD BANK marks. Complainant contends that Respondent’s <td-bankcanada.com> domain name is confusingly similar to Complainant’s TD BANK mark because it adds a hyphen between the mark’s terms and appends a geographic term “canada” and generic top-level domain (“gTLD”) “.com” to the fully incorporated mark. The addition of a hyphen, geographic terms and gTLD to a mark does not negate confusing similarity. See Skype Ltd. v. Sacramento, FA 747948 (Forum Aug. 30, 2006) (“The addition of the geographic term [“Brasil”] does not avoid confusing similarity pursuant to Policy ¶ 4(a)(i).”); see also Eastman Chem. Co. v. Patel, FA 524752 (Forum Sept. 7, 2005) (“Therefore, the Panel concludes that the addition of a term descriptive of Complainant’s business, the addition of a hyphen, and the addition of the gTLD ‘.com’ are insufficient to distinguish Respondent’s domain name from Complainant’s mark.”).
Further, Respondent contends that <td1-acc-login.com> and <td1-login-acc1.com> are confusingly similar to Complainant’s TD mark because they add related terms, a hyphen, and the number “1” to the fully incorporated mark and appends the gTLD “.com.” The addition of a number, related terms, hyphens and a gTLD do not sufficiently distinguish a mark from a domain name. See Innomed Techs., Inc. v. DRP Servs., FA 221171 (Forum Feb. 18, 2004) (finding that hyphens and top-level domains are irrelevant for purposes of the Policy); see also Novartis AG v. boggs, william, FA 1570988 (Forum Aug. 25, 2014) (finding that the <freshlook2.com> domain name was confusingly similar to the complainant’s FRESHLOOK mark because the domain name contained the mark in its entirety and merely added the number “2”). As such, the Panel finds that Respondent’s <td-bankcanada.com>, <td1-acc-login.com> and <td1-login-acc1.com> are confusingly similar to Complainant’s TD and TD BANK marks.
Complainant has thus made out the first of the three elements that it must establish.
It is now well established that Complainant must first make a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain names under Policy ¶ 4(a)(ii), and then the burden shifts to Respondent to show it does have rights or legitimate interests. See Hanna-Barbera Prods., Inc. v. Entm’t Commentaries, FA 741828 (Forum Aug. 18, 2006) (holding that the complainant must first make a prima facie case that the respondent lacks rights and legitimate interests in the disputed domain name under UDRP ¶ 4(a)(ii) before the burden shifts to the respondent to show that it does have rights or legitimate interests in a domain name); see also AOL LLC v. Gerberg, FA 780200 (Forum Sept. 25, 2006) (“Complainant must first make a prima facie showing that Respondent does not have rights or legitimate interest in the subject domain names, which burden is light. If Complainant satisfies its burden, then the burden shifts to Respondent to show that it does have rights or legitimate interests in the subject domain names.”).
The Panel finds that Complainant has made out a prima facie case that arises from the following considerations:
(a) Respondent has chosen to take Complainant’s TD and TD BANK marks
and has used them in their entirety in the domain names, adding only the words “canada”, “login”, and “ acc” and certain other minor alterations referred to above;
(b) Respondent has used the domain names for phishing activities by causing them to host websites that mirror Complainant’s EasyWeb account login page to lure unsuspecting Internet users into divulging personal information;
(c) Respondent has engaged in these activities without the consent or approval of Complainant;
(d) Complainant submits that Respondent has no rights or legitimate interests in the disputed domain names. Complainant claims it has not licensed or otherwise authorized Respondent to use its TD or TD BANK marks in any fashion. A lack of contradicting evidence in the record that a respondent was authorized to use a complainant’s mark in a domain name can be evidence of lack of rights and legitimate interests. See Navistar International Corporation v. N Rahmany, FA1505001620789 (Forum June 8, 2015) (finding that the respondent was not commonly known by the disputed domain name where the complainant had never authorized the respondent to incorporate its NAVISTAR mark in any domain name registration). Additionally, WHOIS information can be used to support a finding under Policy ¶ 4(c)(ii) that a respondent is not commonly known by a disputed domain name. See Chevron Intellectual Property LLC v. Fred Wallace, FA1506001626022 (Forum July 27, 2015) (finding that the respondent was not commonly known by the <chevron-europe.com> domain name under Policy ¶ 4(c)(ii), as the WHOIS information named “Fred Wallace” as registrant of the disputed domain name). The WHOIS information of record for each infringing domain name lists “Saim Raza” as the registrant. See Compl. Ex. E. Therefore, the Panel finds that Respondent is not commonly known by any of the domain names under Policy ¶ 4(c)(ii);
(e) Complainant submits that Respondent is not using the disputed domain names in connection with any bona fide offering of goods or services or legitimate noncommercial or fair use. Instead, Complainant argues that the domain names host websites that mirror Complainant’s EasyWeb account login page to lure unsuspecting Internet users into divulging personal information. See Compl. Ex. F. A respondent’s use of a confusingly similar domain name to pass itself off as a complainant for the purpose of conducting a phishing scheme cannot be construed as a bona fide offering of goods or services. See DaVita Inc. v. Cynthia Rochelo, FA 1738034 (Forum July 20, 2017) (”Passing off in furtherance of a phishing scheme is not considered a bona fide offering of goods or services or legitimate noncommercial or fair use.”). Complainant provided screenshots of its own websites, <td.com> and <tdbank.com>, which displays the same “EasyWeb” login feature copied on Respondent’s websites. See Comp. Ex. F. Therefore, the Panel concludes that Respondent did not use any of the disputed domain names in connection with any bona fide offering of goods or services or legitimate noncommercial or fair use.
All of these matters go to make out the prima facie case against Respondent. As Respondent has not filed a Response or attempted by any other means to rebut the prima facie case against it, the Panel finds that Respondent has no rights or legitimate interests in the disputed domain names.
Complainant has thus made out the second of the three elements that it must establish.
It is clear that to establish bad faith for the purposes of the Policy, Complainant must show that the disputed domain names were registered in bad faith and have been used in bad faith. It is also clear that the criteria set out in Policy ¶ 4(b) for establishing bad faith are not exclusive, but that Complainants in UDRP proceedings may also rely on conduct that is bad faith within the generally accepted meaning of that expression.
Having regard to those principles, the Panel finds that the disputed domain names were registered and used in bad faith. That is so for the following reasons.
Complainant does not argue any of the factors of bad faith under Policy ¶ 4(b). However, past panels have held that the factors in Policy ¶ 4(b) are non-exclusive, and that bad faith can be determined from a “totality of the circumstances” under Policy ¶ 4(a)(iii). See Do The Hustle, LLC v. Tropic Web, D2000-0624 (WIPO Aug. 21, 2000) (“[T]he examples [of bad faith] in Paragraph 4(b) are intended to be illustrative, rather than exclusive.”); see also Home Interiors & Gifts, Inc. v. Home Interiors, D2000-0010 (WIPO Mar. 7, 2000) (“[J]ust because Respondent’s conduct does not fall within the ‘particular’ circumstances set out in [¶ 4(b)], does not mean that the domain names at issue were not registered in and are not being used in bad faith.”). Accordingly, the Panel may look to arguments beyond Policy ¶ 4(b) for evidence of bad faith.
First, Complainant contends Respondent registered and is using the infringing domain names in bad faith as Respondent had actual knowledge of Complainant’s rights in the TD and TD BANK mark at the time the infringing domain names were registered. Actual knowledge of a Complainant’s rights in a mark is evidence of bad faith registration and use. See Pfizer, Inc. v. Suger, D2002-0187 (WIPO Apr. 24, 2002) (finding that because the link between the complainant’s mark and the content advertised on the respondent’s website was obvious, the respondent “must have known about the Complainant’s mark when it registered the subject domain name”); see also Exxon Mobil Corp. v. Fisher, D2000-1412 (WIPO Dec. 18, 2000) (finding that the respondent had actual and constructive knowledge of the complainant’s EXXON mark given the worldwide prominence of the mark and thus the respondent registered the domain name in bad faith). Here, Respondent copied Complainant’s websites for the <td.com> and <tdbank.com> domain names and prominently featured Complainant’s mark on its websites which purport to offer identical services to those of Complainant. See Compl. Ex. E.
Secondly, Respondent used the domain names to conduct a phishing attack on Internet users’ personal and financial information. Phishing is a practice that is intended to defraud consumers into revealing personal and proprietary information. See Wells Fargo & Co. v. WhoisGuard, FA 1103650 (Forum Dec. 13, 2007) (“There is no dispute that respondent previously used the disputed domain name to obtain personal and financial information from Internet customers of complainant. This fraudulent use [is] known as ‘phishing’”). Use of a domain name to conduct a phishing scheme is considered bad faith pursuant to Policy ¶ 4(a)(iii). See Klabzuba Oil & Gas, Inc. v. LAKHPAT SINGH BHANDARI, FA1506001625750 (Forum July 17, 2015) (“Respondent uses the <klabzuba-oilgas.com> domain to engage in phishing, which means Respondent registered and uses the domain name in bad faith under Policy ¶ 4(a)(iii).”). Here, Complainant provided screenshots of the websites resolving from the <td-bankcanada.com>, <td1-acc-login.com> and <td1-login-acc1.com> domain names, which display a login page that is identical to Complainant’s <td.com> and <tdbank.com> login pages. See Comp. Ex. E–F. Respondent’s websites lure customers into providing their personal and financial information to log in to what they believe is Complainant’s website. Id. As such, the Panel finds that Respondent registered and used the domain names in bad faith and in furtherance of a phishing scheme.
Finally, in addition and having regard to the totality of the evidence, the Panel finds that, in view of Respondent’s registration of the disputed domain names using the TD and TD BANK marks and in view of the conduct that Respondent engaged in when using them, Respondent registered and used the disputed domain names in bad faith within the generally accepted meaning of that expression.
Complainant has thus made out the third of the three elements that it must establish.
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <td-bankcanada.com>, <td1-acc-login.com> and <td1-login-acc1.com> domain names be TRANSFERRED from Respondent to Complainant.
The Honourable Neil Anthony Brown QC Panelist
Dated: October 29, 2017
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page