Republic Services, Inc. v. Vanessa Martinez / republicservices.com / Michael Young
Claim Number: FA2303002038178
Complainant is Republic Services, Inc. (“Complainant”), represented by Mario C. Vasta of Fennemore Craig, P.C., Arizona, USA. Respondent is Vanessa Martinez / republicservices.com / Michael Young (“Respondent”), USA.
REGISTRAR AND DISPUTED DOMAIN NAMES
The domain names at issue are <republicsservices.net> and <repubblicservice.com>, registered with Google LLC, Wild West Domains, LLC.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Jeffrey J. Neuman as Panelist.
Complainant submitted a Complaint to Forum electronically on March 30, 2023; Forum received payment on March 30, 2023.
On March 30, 2023; April 7, 2023, Google LLC and Wild West Domains, LLC confirmed by e-mail to Forum that the <republicsservices.net> and <repubblicservice.com> domain names are registered with Google LLC and Wild West Domains, LLC and that the current registrants of the names are bound by the Google LLC and Wild West Domains, LLC registration agreement and have thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On April 10, 2023, Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of May 1, 2023 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@republicsservices.net, postmaster@repubblicservice.com. Also on April 10, 2023, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, Forum transmitted to the parties a Notification of Respondent Default.
On May 9, 2023, pursuant to Complainant's request to have the dispute decided by a single-member Panel, Forum appointed Jeffrey J. Neuman as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain names be transferred from Respondent to Complainant.
PRELIMINARY ISSUE: MULTIPLE RESPONDENTS
In the instant proceedings, Complainant has alleged that the entities which control the domain names at issue are effectively controlled by the same person and/or entity, which is operating under several aliases. Paragraph 3(c) of the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”) provides that a “complaint may relate to more than one domain name, provided that the domain names are registered by the same domain name holder.”
The Panel is satisfied with the evidence submitted by the Complainant that the Respondent is the current registrant of both of the Disputed Domain Names. As alleged by the Complainant, and shown by the associated documentation, although the registrant’s name, address and phone numbers appear to be different for each of the domain names: (a) the contact e-mail address for both registrants are identical, and (b) both of the Disputed Domain Names are used interchangeably in e-mail addresses in the same elaborate scheme to defraud Complainant’s customers by impersonating Complainant’s employees to wrongfully obtain payment of invoices.
A. Complainant
Complainant, Republic Services, is a waste management company who uses their trademark REPUBLIC SERVICES mark in connection with the services of waste management, waste disposal, and garbage collection. It has rights in the REPUBLIC SERVICES mark based on multiple registrations with the United States Patent and Trademark Office (“USPTO”) that date back to 2012 and claim first use of the mark in commerce in 1998 (e.g. Reg. No. 4,084,686, registered on January 10, 2012). See Amend. Compl. Annex B-1. Respondent’s <republicsservices.net> and <repubblicservice.com> domain names, registered on September 16, 2022 and September 26, 2022 respectfully, are identical or confusingly similar to Complainant’s REPUBLIC SERVICES mark as they both intentionally misspell the REPUBLIC SERVICES mark, and add either the .net or .com gTLDs.
Respondent lacks rights or legitimate interests in the disputed domain names. Respondent is not commonly known by the disputed domain names, nor has Respondent been authorized by Complainant to use the REPUBLIC SERVICES mark. Respondent has not used the disputed domain name in connection with a bona fide offering of goods or services. Rather, Respondent is using the disputed domain names to send deceptive emails to Complainant’s customers seeking to have them send payments to unauthorized bank accounts that are not affiliated with Complainant. Additionally, neither disputed domain name resolve to active web pages.
Respondent registered and is using the disputed domain names in bad faith. Respondent intentionally registered domain names that are clearly typos of the Complainant’s mark. In addition, the disputed domain names are intentionally being used in bad faith attempts to defraud Complainant’s customers by passing itself off as the Complainant to divert customer payments to unauthorized bank accounts not owned or controlled by Complainant.
B. Respondent
Respondent failed to submit a Response in this proceeding.
1. The domain names registered by Respondent are both intentional typos of Complainant’s mark and as such are confusing similar to the REPUBLIC SERVICES mark.
2. Respondent has no rights to or legitimate interests in respect of the domain names; and
3. The disputed domain names were clearly registered, and are currently being used, by Respondent in bad faith.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
Complainant has rights in the REPUBLIC SERVICES mark through Complainant’s registration of the mark with the USPTO (e.g. Reg. No. 4,084,686, registered on January 10, 2012). See Amend. Compl. Annex B-1. Registration of a mark with the USPTO is sufficient to demonstrate rights in the mark per Policy ¶ 4(a)(i). See DIRECTV, LLC v. The Pearline Group, FA 1818749 (Forum Dec. 30, 2018) (“Complainant’s ownership of a USPTO registration for DIRECTV demonstrate its rights in such mark for the purposes of Policy ¶ 4(a)(i).”). Therefore, the Panel may find Complainant has demonstrated rights in the REPUBLIC SERVICES mark per Policy ¶ 4(a)(i).
Both <republicsservices.net> and <repubblicservice.com> constitute classic misspellings of the Complainant’s REPUBLIC SERVICES mark and add a gTLD. More specifically, <republicsservices.net> misspells the REPUBLIC SERVICES mark by adding a letter “s” and the “.net” gTLD, and <repubblicservice.com> misspells the REPUBLIC SERVICES mark by adding a letter “b” and deleting the letter “s” and adding the “.com” gTLD.
Misspelling a mark and adding a gTLD fails to sufficiently distinguish a disputed domain name from a mark per Policy ¶ 4(a)(i). See Morgan Stanley v. Francis Mccarthy / Baltec Marine Llc, FA 1785347 (Forum June 8, 2018) (“The [<morganstonley.com> and <morganstainley.com>] Domain Names are confusingly similar to Complainant’s marks, as they fully incorporate the MORGAN STANLEY mark, varying it only by subtle misspellings, omitting a space between the words, and adding the generic top-level domain (“gTLD”) ‘.com.’”); Likewise, the addition of a gTLD is irrelevant when determining if a disputed domain name is confusingly similar to a mark. See Longo Brothers Fruit Markets Inc. v. John Obeye / DOMAIN MAY BE FOR SALE, CHECK AFTERNIC.COM, FA 1734634 (Forum July 17, 2017) (“[O]f course it is well established in prior UDRP cases that the addition of a ‘.com’ suffix is irrelevant when determining if a disputed domain name is identical or confusingly similar to a trademark.”). Therefore, the Panel finds that the disputed domain names are confusingly similar to Complainant’s mark per Policy ¶ 4(a)(i).
In addition to demonstrating that that the disputed domain name is identical or confusingly similar to a trademark or service mark in which Complainant has rights, the Complainant must make a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii). Once that prima facie case is made, the burden shifts to Respondent to show it does have rights or legitimate interests. See Advanced International Marketing Corporation v. AA-1 Corp, FA 780200 (Forum Nov. 2, 2011) (finding that a complainant must offer some evidence to make its prima facie case and satisfy Policy ¶ 4(a)(ii)); see also Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”).
Complainant contends Respondent lacks rights or legitimate interests in the disputed domain names as Respondent is not commonly known by the disputed domain names nor has Complainant authorized or licensed to Respondent any rights in the REPUBLIC SERVICES mark. When a response is lacking, WHOIS information may be used to determine whether a respondent is commonly known by the disputed domain name under Policy ¶ 4(c)(ii). See Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent had no rights or legitimate interests in the disputed domain names when the identifying information provided by WHOIS was unrelated to the domain names or respondent’s use of the same). In addition, lack of authorization to use a complainant’s mark may indicate that the respondent is not commonly known by the disputed domain name. See Emerson Electric Co. v. golden humble / golden globals, FA 1787128 (Forum June 11, 2018) (“lack of evidence in the record to indicate a respondent is authorized to use [the] complainant’s mark may support a finding that [the] respondent does not have rights or legitimate interests in the disputed domain name per Policy ¶ 4(c)(ii)”). The WHOIS information for the disputed domain names lists the registrants as “Vanessa Martinez / republicservices.com / Michael Young”. The record contains no evidence that might otherwise tend to provide that the Respondent is either commonly known by the disputed domain names nor that it has any authorization to use the REPUBLIC SERVICES mark. The Panel therefore concludes that for the purposes of Policy ¶ 4(c)(ii) Respondent is not commonly known by the at-issue domain names.
Additionally, and as further discussed below regarding bad faith, Respondent fails to use the disputed domain names in connection with a bona fide offering of goods or services or legitimate noncommercial or fair use as Respondent.
Rather, it is clear from the record that the Respondent has been using both of the disputed domain names in connection with a Business Email Compromise (“BEC”) attack seeking to target the Complainant with a view to stealing money. BEC attacks, like the ones in this matter, are fraudulent social engineering attacks, where the attacker looks to dupe the target into believing that they are interacting with a trusted entity in the hopes that they can coax the victim into sharing valuable information of process a payment. Using domain names to create email addresses that impersonate complainant’s employee are not a bona fide offering of goods or services or a legitimate noncommercial or fair use per Policy ¶¶ 4(c)(i) or (iii). Unfortunately, this is not the first time that the Complainant has been targeted through BEC attacks. See for example Republic Services, Inc. v. Holly Guarino, FA 1902001832139 (Forum Apr. 2, 2019); Republic Services, Inc. v. dianne Chandler Wright, FA 2003001890010 (Forum Apr. 24,2020); and Republic Services, Inc. v. frod fros, FA 2208002007433 (Forum Aug. 31, 2022) (collectively referred to as “The Republic Services BEC Cases”).
There is no question here that both of the disputed domain names were registered and are being used in bad faith.
First, as in each of the Republic Services BEC cases, this Respondent has registered intentional typosquatting misspellings of the Complainant’s REPUBLIC SERVICES marks.
Typosquatting is a practice whereby a domain name registrant deliberately introduces typographical errors or misspellings into another’s trademark and then uses the resulting string in a domain name. The registrant hopes that internet users will: 1) inadvertently type the malformed string when searching for content related to the domain name’s target trademark; and/or 2) in viewing the domain name will confuse the domain name with its target trademark. The registrant then may take advantage of the confusion to inappropriately exploit the target mark’s goodwill.
Republic Services, Inc. v. dianne Chandler Wright, FA 2003001890010 (Forum Apr. 24,2020). Here, <republicsservices.net> and <repubblicservice.com> respectively misspell the REPUBLIC SERVICES mark by adding a letter “s” and adding a letter “b” and deleting the letter “s”, respectively.
Second, as mentioned above, both of the disputed domain names are used in connection with a BEC attack in an attempt to lure Complainant’s customers into believing that they are dealing with the Complainant such that they could be convinced to send payments to the Respondent. More specifically, according to the evidence presented by the Complainant, the Respondent used both of the domain names interchangeably in the form of e-mail addresses (eg. jnordstrom@republicsservices.net and jnordstrom@repubblicservice.com) to communicate with Complainant’s customers. In those communications, Respondent used the name of an actual employee of Complainant, the real address of the Complainant, and the real website link in the signature line of the e-mail. The content of those emails falsely stated that the bank account of the Complainant had changed and that all future payments should be sent to a different bank account (which of course was not owned by the Complainant).
According to the evidence presented at least one customer was victimized by the Respondent. Complainant’s customer did not realize the difference in the e-mail address in the header and actually believed that the e-mail came from the employee that it had regularly been dealing with at Republic Services. Ultimately the fraud was not discovered until the customer received an invoice from the real REPUBLIC SERVICES letting them know that they were past due on their payments. The customer explained that it had actually made those payments and provided screen shots to the Complainant. That is when it was discovered that the payments had been sent to a bank account not belonging to the Complainant. The customer insisted that it was Complainant that told it to send the payments to that account and provided the e-mails in which the Respondent, impersonating the Complainant, instructed the customer to send the money to the new account[i]. See Amend. Compl. Annexes J, K and L.
It is well established that the registration of a confusingly similar domain name with the intent to disrupt business by passing off as a complainant using fraudulent emails is evidence bad faith registration and use per Policy ¶ 4(b)(iii). See Microsoft Corporation v. Terrence Green / Whois Agent / Whois Privacy Protection Service, Inc., FA 1661030 (Forum Apr. 4, 2016) (finding the Respondent’s use of the disputed domain names to send fraudulent emails supported a finding of bad faith registration and use under Policy ¶ 4(b)(iii)). See also See Abbvie, Inc. v. James Bulow, FA 1701075 (Forum Nov. 30, 2016) (“Respondent uses the <abbuie.com> domain name to impersonate Complainant’s CEO. Such use is undeniably disruptive to Complainant’s business and demonstrates bad faith pursuant to Policy ¶4(b)(iii), and/or Policy ¶ 4(b)(iv)”).
An intentional misspelling of the Complainant’s mark combined with its use in connection with BEC attack, like the one evidenced here, undoubtedly constitutes the registration and use of a mark in bad faith.
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <republicsservices.net> and <repubblicservice.com> domain names be TRANSFERRED from Respondent to Complainant.
Jeffrey J. Neuman, Panelist
Dated: May 26, 2023
[i] BEC attacks like these are certainly involve the registration and use of domain names in bad faith and as such are well within the jurisdiction of the UDRP. The Panel notes, however, that it is worth the filing of abuse complaints with domain name registrars such as Google and Wild West Domains (the two registrars for the disputed domain names) first. These registrars, and others, have been receptive to suspending the use of domain names in phishing and BEC attacks as well as in pharming, malware, botnets, etc. in a much quicker time frame than the length of time it takes to file a UDRP and get a decision. Although filing abuse complaints will not result in the transfer of a domain name, if granted, it could result in the suspension of the harmful activities in a much more timely manner.
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page