About Intellectual Property IP Training IP Outreach IP for… IP and... IP in... Patent & Technology Information Trademark Information Industrial Design Information Geographical Indication Information Plant Variety Information (UPOV) IP Laws, Treaties & Judgements IP Resources IP Reports Patent Protection Trademark Protection Industrial Design Protection Geographical Indication Protection Plant Variety Protection (UPOV) IP Dispute Resolution IP Office Business Solutions Paying for IP Services Negotiation & Decision-Making Development Cooperation Innovation Support Public-Private Partnerships The Organization Working with WIPO Accountability Patents Trademarks Industrial Designs Geographical Indications Copyright Trade Secrets WIPO Academy Workshops & Seminars World IP Day WIPO Magazine Raising Awareness Case Studies & Success Stories IP News WIPO Awards Business Universities Indigenous Peoples Judiciaries Genetic Resources, Traditional Knowledge and Traditional Cultural Expressions Economics Gender Equality Global Health Climate Change Competition Policy Sustainable Development Goals Enforcement Frontier Technologies Mobile Applications Sports Tourism PATENTSCOPE Patent Analytics International Patent Classification ARDI – Research for Innovation ASPI – Specialized Patent Information Global Brand Database Madrid Monitor Article 6ter Express Database Nice Classification Vienna Classification Global Design Database International Designs Bulletin Hague Express Database Locarno Classification Lisbon Express Database Global Brand Database for GIs PLUTO Plant Variety Database GENIE Database WIPO-Administered Treaties WIPO Lex - IP Laws, Treaties & Judgments WIPO Standards IP Statistics WIPO Pearl (Terminology) WIPO Publications Country IP Profiles WIPO Knowledge Center WIPO Technology Trends Global Innovation Index World Intellectual Property Report PCT – The International Patent System ePCT Budapest – The International Microorganism Deposit System Madrid – The International Trademark System eMadrid Article 6ter (armorial bearings, flags, state emblems) Hague – The International Design System eHague Lisbon – The International System of Appellations of Origin and Geographical Indications eLisbon UPOV PRISMA Mediation Arbitration Expert Determination Domain Name Disputes Centralized Access to Search and Examination (CASE) Digital Access Service (DAS) WIPO Pay Current Account at WIPO WIPO Assemblies Standing Committees Calendar of Meetings WIPO Official Documents Development Agenda Technical Assistance IP Training Institutions COVID-19 Support National IP Strategies Policy & Legislative Advice Cooperation Hub Technology and Innovation Support Centers (TISC) Technology Transfer Inventor Assistance Program WIPO GREEN WIPO's Pat-INFORMED Accessible Books Consortium WIPO for Creators WIPO ALERT Member States Observers Director General Activities by Unit External Offices Job Vacancies Procurement Results & Budget Financial Reporting Oversight

WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

Sarepta Therapeutics, Inc. v. Domain Privacy Service FBO Registrant, The Endurance International Group, Inc. / Name Redacted

Case No. D2020-3239

1. The Parties

The Complainant is Sarepta Therapeutics, Inc., United States of America (“United States”), represented by Arnold & Porter Kaye Scholer LLP, United States.

The Respondent is Domain Privacy Service FBO Registrant, The Endurance International Group, Inc., United States / Name Redacted.1

2. The Domain Name and Registrar

The disputed domain name <sareptajobs.com> (the “Disputed Domain Name”) is registered with FastDomain, Inc. (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on December 1, 2020. On December 2, 2020, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Disputed Domain Name. On December 2, 2020, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Disputed Domain Name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on December 3, 2020, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on December 8, 2020.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on December 10, 2020. In accordance with the Rules, paragraph 5, the due date for Response was December 30, 2020. The Respondent did not submit any response. The Center received an email from an individual on December 15, 2020, stating that her identity has been stolen. Accordingly, the Center notified the commencement of Panel appointment on January 4, 2021.

The Center appointed Lynda M. Braun as the sole panelist in this matter on January 11, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant is a global biotechnology company that conducts medical research and engages in drug development and uses its brand name and trademarks in connection with the development and sale of pharmaceutical and biopharmaceutical products.

The Complainant owns numerous trademark registrations in the United States and in other jurisdictions worldwide. The trademarks registered through the United States Patent and Trademark Office (“USPTO”) include, but are not limited to:

- SAREPTA, United States Trademark Registration No. 4,724,239, registered on April 21, 2015, in International Class 1;

- SAREPTA, United States Trademark Registration No. 4,653,264, registered on December 9, 2014 in International Classes 5 and 42;

- SAREPTA THERAPEUTICS, United States Trademark Registration No. 4,724,240, registered on April 21, 2015, in International Class 1; and

- SAREPTA THERAPEUTICS, United States Trademark Registration No. 4,653,265, registered on December 9, 2014, in International Classes 5 and 42 (hereinafter collectively referred to as the “SAREPTA Mark”.

The Complainant has been known by and has used the SAREPTA Mark since at least 2012 and has expended significant sums to advertise and promote its goods and services. The Complainant owns the domain name <sarepta.com>, which resolves to its official company website at “www.sarepta.com” and which the Complainant uses to provide information about itself and its products, programs and services.

The Disputed Domain Name was registered on October 27, 2020. The Disputed Domain Name resolves to a webpage that shows that the Disputed Domain Name is not active and contains no content. However, the Respondent uses the Disputed Domain Name to perpetuate a job phishing scam in which the Respondent used emails purportedly emanating from several of the Complainant’s employees to offer individuals a position with the Complainant. The emails requested personal and confidential information from applicants, and those applicants were instructed to send such information to the Respondent via the email address solely controlled by the Respondent. Specifically, the Respondent used the Disputed Domain Name to create the “[...]@sareptajobs.com” email addresses to impersonate Complainant’s employees and make fraudulent offers of employment to third party job seekers and to thereby collect confidential and personal information from those individuals.

5. Parties’ Contentions

A. Complainant

The following are the Complainant’s contentions:

- the Disputed Domain Name is confusingly similar to the Complainant’s trademark;
- the Respondent has no rights or legitimate interests in respect of the Disputed Domain Name; and
- the Disputed Domain Name was registered and is being used in bad faith as the Respondent is using the Disputed Domain Name as part of a job phishing scheme.

The Complainant seeks the transfer of the Disputed Domain Name from the Respondent to the Complainant in accordance with paragraph 4(i) of the Policy.

B. Respondent

The Respondent did not submit a formal Response, but an individual did submit a communication on December 15, 2020, informing the Center that the contact information in the WhoIs report was not hers and that her identity was stolen. She stated that the theft presumably occurred when her debit card was hacked and was used to make a purchase from the web hosting company at issue.

6. Discussion and Findings

Paragraph 4(a) of the Policy requires that the Complainant prove the following three elements in order to prevail in this proceeding:

(i) the Disputed Domain Name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and

(ii) the Respondent has no rights or legitimate interests in respect of the Disputed Domain Name; and

(iii) the Disputed Domain Name was registered and is being used in bad faith.

A. Identical or Confusingly Similar

This element consists of two parts: first, does the Complainant have rights in a relevant trademark or trademarks and, second, is the Disputed Domain Name identical or confusingly similar to those trademarks.

It is uncontroverted that the Complainant has established rights in the SAREPTA Mark based on its years of use as well as its registered trademarks for the SAREPTA Mark in the United States and other jurisdictions worldwide. The general rule is that “registration of a mark is prima facie evidence of validity, which creates a rebuttable presumption that the mark is inherently distinctive”. See CWI, Inc. v. Domain Administrator c/o Dynadot, WIPO Case No. D2015-1734. The Respondent has not rebutted this presumption, and therefore the Panel finds that the Complainant has rights in the SAREPTA Mark.

The Disputed Domain Name <sareptajobs.com> consists of the SAREPTA Mark followed by the dictionary term “jobs”, and then followed by the generic Top-Level Domain (“gTLD”) “.com”. It is well established that a domain name that wholly incorporates a trademark is confusingly similar to that trademark for purposes of the Policy. See Oki Data Americas, Inc. v. ASD, Inc., WIPO Case No. D2001-0903. Here, the Disputed Domain Name contains the Complainant’s SAREPTA Mark in its entirety and thus, the Panel finds that the Disputed Domain Name is confusingly similar to the SAREPTA Mark.

Moreover, as stated in section 1.8 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), “where the relevant trademark is recognizable within the disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) would not prevent a finding of confusing similarity under the first element”. For example, previous UDRP decisions have reiterated that the addition of a descriptive or dictionary word to a trademark is insufficient to prevent a finding of confusing similarity. See Allianz Global Investors of America, L.P. and Pacific Investment Management Company (PIMCO) v. Bingo-Bongo, WIPO Case No. D2011-0795; Hoffmann-La Roche Inc. v. Wei-Chun Hsia, WIPO Case No. D2008-0923.

Finally, the addition of a gTLD such as “.com” in a domain name is technically required. Thus, it is well established that such element may be disregarded when assessing whether a domain name is identical or confusingly similar to a trademark. See Proactiva Medio Ambiente, S.A. v. Proactiva, WIPO Case No. D2012-0182.

Accordingly, the Panel finds that the first element of paragraph 4(a) of the Policy has been met by the Complainant.

B. Rights or Legitimate Interests

Under the Policy, a complainant is required to make out a prima facie case that the respondent lacks rights or legitimate interests in the domain name at issue. Once such a prima facie case is made, the respondent carries the burden of demonstrating rights or legitimate interests in the domain name. If the respondent fails to do so, the complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy. See WIPO Overview 3.0, section 2.1.

In this case, the Panel finds that the Complainant has made out a prima facie case. In particular, the Respondent has not submitted any arguments or evidence to rebut the Complainant’s prima facie case and there is no evidence in the record that the Respondent is in any way associated with the Complainant. Furthermore, the Complainant has not authorized, licensed, or otherwise permitted the Respondent to use its SAREPTA Mark.

Furthermore, the Respondent is using the Disputed Domain Name solely for the purpose of perpetrating an email job phishing scheme on unwitting individuals. “Panels have categorically held that the use of a domain name for illegal activity (e.g., the sale of counterfeit goods or illegal pharmaceuticals, phishing, distributing malware, unauthorized account access/hacking, impersonation/passing off, or other types of fraud) can never confer rights or legitimate interests on a respondent.” WIPO Overview 3.0, section 2.13.1.

Accordingly, the Panel finds that the second element of paragraph 4(a) of the Policy has been met by the Complainant.

C. Registered and Used in Bad Faith

The Panel finds that based on the record, the Complainant has demonstrated the Respondent’s bad faith registration and use of the Disputed Domain Name pursuant to paragraph 4(a)(iii) of the Policy.

First, by registering and using the Disputed Domain Name for the purpose of perpetrating an email job phishing scheme, the Respondent has exhibited bad faith. Specifically, the Respondent intentionally attempted to attract Internet users to the Respondent’s phishing emails by creating a likelihood of confusion with the Complainant’s name and Mark as to the source, sponsorship, affiliation, or endorsement of those emails. As demonstrated above, the Respondent is using the Disputed Domain Name to operate a phishing scheme aimed at defrauding the Complainant and its customers or other third parties searching for a job. “Panels have held that the use of a domain name for purposes other than to host a website may constitute bad faith. Such purposes include sending email, phishing, identity theft, or malware distribution. […] Many such cases involve the respondent’s use of the domain name to send deceptive emails, e.g., to obtain sensitive or confidential personal information from prospective job applicants, or to solicit payment of fraudulent invoices by the complainant’s actual or prospective customers.” See WIPO Overview 3.0, section 3.4. The emails provided by the Complainant as Exhibit 1 to the Complaint show precisely how the Respondent was using the emails to impersonate the Complainant’s employees as part of its fraudulent phishing scheme whereby Respondent made false offers of employment in order to solicit personal and confidential information from members of the public via fake applicant profiles and job interviews.

Second, the Panel finds that the Respondent likely had actual knowledge of the Complainant and its SAREPTA Mark when it registered and used the Disputed Domain Name. The Respondent sends emails comprised of the Disputed Domain Name to prospective job applicants, demonstrating that the Respondent is attempting to identify as or associate with the Complainant, indicative of bad faith. Moreover, the Respondent also used the Disputed Domain Name to create job phishing emails to the Complainant’s customers or other third parties allegedly originating from several of the Complainant’s employees. The applicants were directed to return job applications requesting confidential information relating to the alleged job offer or to confirm a telephone interview, among other things. Such misuse of the SAREPTA Mark in the Disputed Domain Name and the use of the SAREPTA Mark in the emails sent to the Complainant’s job applicants demonstrated bad faith. The Respondent had to determine the names of the Complainant’s employees so that the phishing emails that it sent would be credible. Therefore, the Panel finds it highly likely that the Respondent had actual knowledge of the Complainant’s SAREPTA Mark when registering the Disputed Domain Name, demonstrating bad faith registration and use.

Accordingly, the Panel finds that the third element of paragraph 4(a) of the Policy has been met by the Complainant.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Disputed Domain Name <sareptajobs.com> be transferred to the Complainant.

Lynda M. Braun
Sole Panelist
Date: January 25, 2021

1 The Respondent appears to have used the name and contact details of a third party when registering the Disputed Domain Name. In light of the potential identity theft, the Panel has redacted the Respondent’s name from this Decision. However, the Panel has attached as Annex 1 to this Decision an instruction to the Registrar regarding transfer of the Disputed Domain Name, which includes the name of the Respondent. The Panel has authorized the Center to transmit Annex 1 to the Registrar as part of the order in this proceeding and has indicated that Annex 1 to this Decision shall not be published due to the exceptional circumstances of this case. See ASOS plc. v. Name Redacted, WIPO Case No. D2017-1520.

https://www3.wipo.int/contact/en/area.jsp?area=arbitration https://www.wipo.int/pressroom/en/ https://www.wipo.int/tools/en/disclaim.html https://www.wipo.int/en/web/privacy-policy/ https://www.wipo.int/en/web/accessibility/ https://www.wipo.int/tools/en/sitemap.html https://www3.wipo.int/newsletters/en/ https://www.wipo.int/podcasts/en/ https://www.wipo.int/news/en/