Bank of America Corporation v. Chase Black / Carla Bot / Mortimer Herbertson / bo bop
Claim Number: FA2007001905200
Complainant is Bank of America Corporation (“Complainant”), represented by Georges Nahitchevansky of Kilpatrick Townsend & Stockton LLP, United States of America. Respondent is Chase Black / Carla Bot / Mortimer Herbertson / bo bop (“Respondent”), Texas, United States.
REGISTRAR AND DISPUTED DOMAIN NAMES
The domain names at issue are <employee-bankofamerica.com>, <employee-boa.com>, <employee-boatickets.com>, and <tickets-bofa.com>, registered with Namecheap, Inc., Namecheap Inc.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Charles A. Kuechenmeister, Panelist.
Complainant submitted a Complaint to the Forum electronically on July 21, 2020; the Forum received payment on July 21, 2020.
On Jul 21, 2020; Jul 23, 2020, Namecheap, Inc., Namecheap Inc confirmed by e-mail to the Forum that the <employee-bankofamerica.com>, <employee-boa.com>, <employee-boatickets.com>, and <tickets-bofa.com> domain names are registered with Namecheap, Inc., and that Respondent is the current registrant of the names. Namecheap Inc has verified that Respondent is bound by the Namecheap, Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On July 27, 2020, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint setting a deadline of August 17, 2020 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@employee-bankofamerica.com, postmaster@employee-boa.com, postmaster@employee-boatickets.com, postmaster@tickets-bofa.com. Also on July 27, 2020, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.
On August 19, 2020, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed Charles A. Kuechenmeister as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the Domain Names be transferred from Respondent to Complainant.
PRELIMINARY ISSUE: Multiple Domain Names and Respondents
Complainant alleges that all of the named Respondents and all of the Domain Names are or are effectively controlled by the same person or entity, which operates and registered all of the Domain Names under aliases. Paragraph 3(c) of the Rules provides that a “complaint may relate to more than one domain name, provided that the domain names are registered by the same domain name holder.” Complainant notes that all of the Domain Names resolve to two web sites which are identical to each other, purport to be web sites of Complainant, and solicit login information from the visitor (Complaint Exhibits N and W). Complainant further notes that all of the Domain Names were registered during the period from July 15 through July 22, 2020 with the same registrar and used the same privacy protection service (Complaint Exhibit A). The information furnished to the Forum by the registrar lists “Chase Black,” with an address in “Cancoon,” Texas, as the registrant of the <employee-bankofamerica.com> Domain Name. The registrar lists the other named Respondents as the registrants of the other Domain Names. It shows different addresses and contact information for each of these Respondents but all of the addresses are in the State of Texas, and by their tongue-in-cheek nature (street names: “cock street,” “urashu crock 9,” and “water bridge”) they all appear to be false addresses concocted by the same imagination. On these facts it is certain that all of the named Respondents are or are controlled by a single person or entity. The Panel finds that all four Domain Names are registered to the same person or entity and will proceed as to all of them. Except where the context requires otherwise, references to “Respondent” in this Decision, even though in the singular, refer to all four named Respondents.
A. Complainant
Complainant is one of the world’s largest financial institutions, providing banking, investment, wealth management, and other financial products and services, including investment banking and trading, throughout the world. It has rights in the BANK OF AMERICA and BOFA marks through its registration of them with the United States Patent and Trademark Office (“USPTO”) (BANK OF AMERICA Reg. No. 853,860 registered July 30, 1968, and BOFA Reg. No. 4,210,429 registered September 18, 2012). It also has common law rights in the BOA abbreviated version of its mark due to the long-standing use of those marks in commerce with its customers. Respondent’s <employee-bankofamerica.com>, <employee-boa.com>, <employee-boatickets.com>, and <tickets-bofa.com> domain names are confusingly similar to Complainant’s BANK OF AMERICA, BOFA and BOA marks, as each of them incorporates one of Complainant’s marks in its entirety, merely adding one or more generic words, e.g., “employee,” “tickets,” and the “.com” generic top-level domain (“gTLD”).
Respondent has no rights or legitimate interests in any of the Domain Names. It is not commonly known by any of them, it is not associated or affiliated with Complainant and Complainant has not authorized or permitted Respondent to use its marks in any way. Respondent is not using any of the Domain Names in connection with a bona fide offering of goods or services or for a legitimate noncommercial or fair use. Instead, Respondent uses them to pass itself off as Complainant and engage in a fraudulent phishing scheme.
Respondent registered and used the Domain Names in bad faith, as it attempts to pass off as Complainant and phishes for private personal information from Internet users for commercial gain. Also, Respondent had knowledge of Complainant’s rights in the BANK OF AMERICA, BOA, and BOFA marks when it registered the Domain Names.
B. Respondent
Respondent did not submit a Response in this proceeding.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires a complainant to prove each of the following three elements to obtain an order cancelling or transferring a domain name:
(1) the domain name registered by the respondent is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and
(2) the respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules the Panel will decide this administrative proceeding on the basis of Complainant's undisputed representations and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint. Nevertheless, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”), WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (WIPO Overview 3.0), at ¶ 4.3 (“In cases involving wholly unsupported and conclusory allegations advanced by the complainant, . . . panels may find that—despite a respondent’s default—a complainant has failed to prove its case.”).
The Panel finds as follows with respect to the matters at issue in this proceeding:
The BANK OF AMERICA mark was registered to Complainant with the USPTO (Reg. No. 853,860) on July 30, 1968 (Complaint Exhibit K), and the BOFA mark was registered to Complainant with the USPTO (Reg. No. 4,210,429) on September 18, 2012 (Complaint Exhibit T). Complainant’s registration of these marks with the USPTO is sufficient to establish its rights in them for the purposes of Policy ¶ 4(a)(i). See Liberty Global Logistics, LLC v. damilola emmanuel / tovary services limited, FA 1738536 (Forum Aug. 4, 2017) (“Registration of a mark with the USPTO sufficiently establishes the required rights in the mark for purposes of the Policy.”).
Complainant has not registered its BOA mark with the USPTO or any other governmental trademark authority, but a trademark registration is not necessary to demonstrate rights under Policy ¶ 4(a)(i), as common law rights can be sufficient if the complainant can establish that the mark has acquired secondary meaning. Microsoft Corporation v. Story Remix / Inofficial, FA 1734934 (Forum July 10, 2017) (finding that “The Policy does not require a complainant to own a registered trademark prior to a respondent’s registration if it can demonstrate established common law rights in the mark.”).
Secondary meaning is proven by showing exclusive use of the mark in commerce for a period of time, evidence of advertising and sales, recognition of the mark by customers, unsolicited media attention, or other evidence showing that the relevant consuming public has come to associate the mark with goods or services provided by a single vendor. Klabzuba Oil & Gas, Inc. v. LAKHPAT SINGH BHANDARI, FA 1625750 (Forum July 17, 2015) (holding, “Complainant has provided evidence of secondary meaning by providing evidence of length of use in the mark; evidence of holding an identical domain name; media recognition; and promotional material/advertising (including letterhead and business cards.”), Gourmet Depot v. DI S.A., FA 1378760 (Forum June 21, 2011) (“Relevant evidence of secondary meaning includes length and amount of sales under the mark, the nature and extent of advertising, consumer surveys and media recognition.”). The WIPO Overview 3.0 at ¶ 1.3 lists a number of factors that support a claim of common law trademark rights, including “(i) the nature and duration of use of the mark, (ii) the amount of sales under the mark, (iii) the nature and extent of advertising using the mark, (iv) the degree of actual public (e.g., consumer, industry, media) recognition, and (v) consumer surveys.” Complaint Exhibit Q consists of a number of web pages published by third parties referring to Complainant as BoA and BofA, and the Panel will take notice that BOA or BoA is a generally accepted abbreviation for Complainant’s BANK OF AMERICA mark and has been for years. Based upon this evidence the Panel finds that Complainant has common law rights in the BOA mark.
Respondent’s <employee-bankofamerica.com>, <employee-boa.com>, <employee-boatickets.com>, and <tickets-bofa.com> Domain Names are confusingly similar to Complainant’s BANK OF AMERICA, BOFA and BOA marks, as each of them incorporates one of Complainant’s marks in its entirety, merely adding one or more generic words, e.g., “employee,” “tickets,” and the “.com” generic top-level domain (“gTLD”). While Complainant did not address this, Respondent also inserted a hyphen between Complainant’s mark and the generic word in each Domain Name. None of these changes, however, is sufficient to distinguish any of the Domain Names from Complainant’s marks for the purposes of Policy ¶ 4(a)(i). Ant Small and Micro Financial Services Group Co., Ltd. v. Ant Fin, FA 1759326 (Forum Jan. 2, 2018) (“Respondent’s <antfinancial-investorrelations.com> Domain Name is confusingly similar to Complainant’s ANT FINANCIAL mark. It incorporates the mark entirely. It adds a hyphen, the descriptive terms “investor relations,” and the “.com” gTLD, but these additions are insufficient to distinguish the Domain Name from complainant’s mark for the purposes of Policy ¶ 4(a)(i).”).
For the reasons set forth above, the Panel finds that the Domain Names are identical or confusingly similar to the BANK OF AMERICA, BOFA and BOA marks, in which Complainant has substantial and demonstrated rights.
Rights or Legitimate Interests
If a complainant makes a prima facie case that the respondent lacks rights or legitimate interests in the domain name under Policy ¶ 4(a)(ii), the burden of production shifts to respondent to come forward with evidence that it has rights or legitimate interests in it. Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”). If a respondent fails to come forward with such evidence, the complainant’s prima facie evidence will be sufficient to establish that respondent lacks such rights or legitimate interests. If the respondent does come forward with such evidence, the Panel must assess the evidence in its entirety. At all times, the burden of proof remains on the complainant. WIPO Overview 3.0, at ¶ 2.1.
Policy ¶ 4(c) lists the following three nonexclusive circumstances, any one of which if proven can demonstrate a respondent’s rights or legitimate interests in a domain name for the purposes of Policy ¶ 4(a)(ii):
(i) before any notice to the respondent of the dispute, the respondent has used or has made demonstrable preparations to use the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or
(ii) the respondent (as an individual, business or other organization) has been commonly known by the domain name, even if the respondent has acquired no trademark or service mark rights; or
(iii) the respondent is making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.
Complainant asserts that Respondent has no rights or legitimate interests in the Domain Names for a number of reasons: (i) Respondent is not commonly known by the Domain Names, (ii) Respondent is not associated or affiliated with Complainant and Complainant has not authorized, licensed, or otherwise permitted Respondent to use its mark, and (iii) Respondent is not using the Domain Names in connection with a bona fide offering of goods or services or for a legitimate noncommercial or fair use because the web sites resolving from them impersonate and pass off as Complainant, and phish for sensitive personal and private information from site visitors. These allegations are addressed as follows:
The WHOIS information provided to the Forum by the registrar lists the registrants of the Domain Names as follows:
<employee-bankofamerica.com>: Chase Black
<employee-boa.com>: Carla Bot
<employee-boatickets.cm>: Mortimer Herbertson
<tickets-bofa.com>: bo bop
None of these names bears any resemblance to any of the Domain Names. Evidence could, of course, in a given case demonstrate that the respondent is commonly known by a domain name different from the name in which it registered the domain name, e.g., the case of a domain name incorporating the brand name of a specific product offered by and associated with the respondent. In the absence of any such evidence, however, UDRP panels have consistently held that WHOIS evidence of a registrant name which does not correspond with the domain name is sufficient to prove that the respondent is not commonly known by the domain name. Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent had no rights or legitimate interests in the disputed domain names when the identifying information provided by WHOIS was unrelated to the domain names or respondent’s use of the same), Alaska Air Group, Inc. and its subsidiary, Alaska Airlines v. Song Bin, FA1408001574905 (Forum Sept. 17, 2014) (holding that the respondent was not commonly known by the disputed domain name as demonstrated by the WHOIS information and based on the fact that the complainant had not licensed or authorized the respondent to use its ALASKA AIRLINES mark). The Panel is satisfied that Respondent has not been commonly known by the Domain Names for the purposes of Policy ¶ 4(c)(ii).
Complainant states that it has never licensed or authorized Respondent to use its mark in any way, and that Respondent is not affiliated or associated with it. Complainant has specific competence to make this statement, and it is unchallenged by any evidence before the Panel. In the absence of evidence that a respondent is authorized to use a complainant’s mark in a domain name or that a respondent is commonly known by the disputed domain name, the respondent may be presumed to lack rights or legitimate interests in the domain name. IndyMac Bank F.S.B. v. Eshback, FA 830934 (Forum Dec. 7, 2006) (finding that the respondent failed to establish rights and legitimate interests in the <emitmortgage.com> domain name as the respondent was not authorized to register domain names featuring the complainant’s mark and failed to submit evidence that it is commonly known by the domain name), Indeed, Inc. v. Ankit Bhardwaj / Recruiter, FA 1739470 (Forum Aug. 3, 2017) (”Respondent lacks both rights and legitimate interests in respect of the at-issue domain name. Respondent is not authorized to use Complainant’s trademark in any capacity and, as discussed below, there are no Policy ¶ 4(c) circumstances from which the Panel might find that Respondent has rights or interests in respect of the at-issue domain name.”).
Complaint Exhibits N and W are screenshots of the web sites resolving from the Domain Names. They are identical with each other. They display Complainant’s name prominently at the top and its flag logo at the bottom. They invite the visitor to print his or her ”Standard ID” and “Domain Password” in one place and to obtain a new “one time only” password. Complaint Exhibit O is a copy of Complainant’s password-protected portal which Respondent copied into its web sites. The Exhibits N and W pages are designed to trick visitors into disclosing their login information so as to gain access to Complainant’s password-protected portal. Passing off as a complainant in order to gain sensitive personal information constitutes phishing, which is defined as a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication (Wikipedia). Using a confusingly similar domain name for this purpose is neither a bona fide offering of goods or services for the purposes of Policy ¶ 4(c)(i) nor a legitimate noncommercial or fair use for the purposes of Policy ¶ 4(c)(iii). DaVita Inc. v. Cynthia Rochelo, FA 1738034 (Forum July 20, 2017) (”Passing off in furtherance of a phishing scheme is not considered a bona fide offering of goods or services or legitimate noncommercial or fair use.”), Ripple Labs Inc. v. Jessie McKoy / Ripple Reserve Fund, FA 1790949 (Forum July 9, 2018) (finding the respondent did not use the domain name to make a bona fide offering of goods or services per Policy ¶ 4(c)(i) or for a legitimate noncommercial or fair use per Policy ¶ 4(c)(iii) where the website resolving from the disputed domain name featured the complainant’s mark and various photographs related to the complainant’s business).
Complainant has made its prima facie case. On the evidence presented, and in the absence of any evidence from Respondent, the Panel finds that Respondent has no rights or legitimate interests in the Domain Name.
(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant which is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) you have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or
(iii) you have registered the domain name primarily for the purpose of disrupting the business of a competitor; or
(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation or endorsement of your web site or location or of a product of service on your web site or location.
The evidence of Respondent’s use of the Domain Names discussed above in connection with the rights or legitimate interests analysis also supports a finding of bad faith use and registration, based upon the foregoing grounds articulated in the Policy and upon additional grounds adopted by UDRP panels over the years. First, Respondent is clearly using the confusingly similar Domain Names to attract, for commercial gain, Internet users to its web sites by creating a likelihood of confusion with the Complainant’s marks as to the source, sponsorship, affiliation or endorsement of its web sites. The potential for theft and other mischief is obvious. Once Respondent obtains a login identity and pass code it is able to enter and raid the banking accounts of Complainant’s customers. The evidence strongly suggests that this was Respondent’s intent when it registered the Domain Names and continues to be his intent as he uses the Domain Names. It is clear evidence of bad faith. Xylem Inc. and Xylem IP Holdings LLC v. YinSi BaoHu YiKaiQi, FA1504001612750 (Forum May 13, 2015) (“The Panel agrees that Respondent’s use of the website to display products similar to Complainant’s, imputes intent to attract Internet users for commercial gain, and finds bad faith per Policy ¶ 4(b)(iv).”).
As discussed above, Respondent registered and is using the Domain Names to phish for the login information of Complainant’s customers to enable it to login to their accounts with Complainant. This fraudulent phishing scheme also qualifies on its own as evidence of bad faith registration and use. Policy ¶ 4(b) acknowledges that mischief can manifest in many different forms and takes an open-ended approach to bad faith, listing some examples without attempting to enumerate all its varieties. Worldwcom Exchange, Inc. v. Wei.com, Inc., WIPO Case No. D-2004-0955 (January 5, 2005). The non-exclusive nature of Policy ¶ 4(b) allows for consideration of additional factors in an analysis for bad faith, and passing oneself off as a complainant to phish for sensitive private information from others has often been held to evidence bad faith registration and use. Klabzuba Oil & Gas, Inc. v. LAKHPAT SINGH BHANDARI, FA1506001625750 (Forum July 17, 2015) (“Respondent uses the <klabzuba-oilgas.com> domain to engage in phishing, which means Respondent registered and uses the domain name in bad faith under Policy ¶ 4(a)(iii).”), McKinsey & Company, Inc., and McKinsey Holdings, Inc. v. Privacy Protection, report abuse to / Registrar: DELTA-X Ltd., FA1409001580883 (Forum Oct. 25, 2014) (holding that the respondent had engaged in phishing, which is further evidence of bad faith registration and use pursuant to Policy ¶ 4(a)(iii), when the respondent used the disputed domain name in an attempt to obtain Internet users’ personal information including their driver’s license number and name).
Finally, it is evident that Respondent had actual knowledge of Complainant’s marks in July 2020, when it registered the Domain Names (Complaint Exhibit A shows registration dates). Complainant and its marks are well-known throughout the world. Respondent’s web sites copy Complainant’s name and logo exactly and affirmatively solicit Complainant’s customers’ login information to gain access to their accounts with Complainant. In light of the open ended, non-exclusive nature of Policy ¶ 4(b), actual knowledge of a complainant’s rights in a mark prior to registering an identical or confusingly similar domain name has often been held to be evidence of bad faith registration and use for the purposes of Policy ¶ 4(a)(iii). Univision Comm'cns Inc. v. Norte, FA 1000079 (Forum Aug. 16, 2007) (rejecting the respondent's contention that it did not register the disputed domain name in bad faith since the panel found that the respondent had knowledge of the complainant's rights in the UNIVISION mark when registering the disputed domain name).
For the reasons set forth above, the Panel finds that Respondent registered and is using the Domain Names in bad faith within the meaning of Policy ¶ 4(a)(iii).
Complainant having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <employee-bankofamerica.com>, <employee-boa.com>, <employee-boatickets.com>, and <tickets-bofa.com> Domain Names be TRANSFERRED from Respondent to Complainant.
Charles A. Kuechenmeister, Panelist
August 20, 2020
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page