The Complainant is Kudelski S.A., Switzerland, represented by KATZAROV S.A, Switzerland.
The Respondent is Withheld for Privacy Purposes, Privacy Service Provided by Withheld for Privacy ehf, Iceland / fresh fragile, Malaysia.
The disputed domain name <kudelsksecurity.com> is registered with NameCheap, Inc. (the “Registrar”).
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on December 16, 2021. On December 17, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On December 17, 2021, the Registrar transmitted by email to the Center its verification response, disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on December 23, 2021, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amendment to the Complaint on December 28, 2021.
The Center verified that the Complaint, together with the amendment to the Complaint, satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on January 13, 2022. In accordance with the Rules, paragraph 5, the due date for Response was February 2, 2022. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on February 4, 2022.
The Center appointed Masato Dogauchi as the sole panelist in this matter on February 8, 2022. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
The Complainant is a provider of tailored cybersecurity solutions to help enterprises and public sector institutions assess risks and vulnerabilities and protect their data and systems. It has offices and labs in Switzerland, the United States of America, the United Kingdom, Germany, France, Singapore, and Taiwan Province of China.
The Complainant has owned the trade mark registration for the mark KUDELSKI SECURITY (International Trade mark Registration No. 1308385 for the mark KUDELSKI SECURITY, registered on March 17, 2016 in classes 09, 35, 38, 41, 42, 45 and designating the United States of America and the European Union).
The Complainant has owned the domain name <kudelskisecurity.com> since July 18, 2012.
The disputed domain name was registered on October 26, 2021. The disputed domain name is not associated with an active website. On the same day of the registration, the Respondent has used the disputed Domain Name together with the email address “[...]@kudelsksecurity.com” for the purpose of sending a phishing email to the Complainant’s customer in an apparent attempt to induce the customer to process fraudulent payments on allegedly outstanding invoices. To stop the Respondent’s phishing attack, the Complainant filed an abuse complaint with the registrar, and it confirmed the Respondent's abuse and, accordingly, placed the disputed domain name on ClientHold status.
The Complainant’s contentions are divided into three parts as follows:
First, the Complainant asserts that the disputed domain name is confusingly similar to its trade mark and its domain names associated. The disputed domain name is almost identical to the Complainant’s registered trade mark. It differs from the Complainant’s trade mark merely by the absence of the letter “i” that does not influence the similar overall impression of the disputed domain name and the Complainant’s trade mark since there are only minor differences in the appearance and pronunciation. This is a clear case of typosquatting and, as decided in previous UDRP decisions, the practice of typosquatting creates domain names that are confusingly similar to the relevant mark. Further, on the basis of well-established authority, the generic Top-Level Domain, in this case “.com”, should be disregarded in assessing confusing similarity.
Second, the Complainant asserts that the Respondent has no rights or legitimate interests in respect of the disputed domain name. According to prior UDRP decisions, it is sufficient that the complainant shows prima facie that the respondent lacks rights or legitimate interests in the disputed domain name in order to shift the burden of production to the Respondent. The Complainant confirms that the Respondent is not affiliated with or connected to the Complainant in any way. At no time has the Complainant licensed or otherwise endorsed, sponsored or authorized the Respondent to use any of the Complainant’s marks or to register the disputed domain name. There is also no evidence that the Respondent has been commonly known by the disputed domain name or that it has any rights that might predate the Complainant’s rights with regard to the disputed domain name. The Respondent has not used the disputed domain Name in connection with the bona fide offering of goods or services. Instead, the disputed domain name is not associated with an active website.
Third, the Complainant asserts that the disputed domain name has been registered and is being used in bad faith. The trade mark and company name of the Complainant “Kudelski”, since of its founding in 1951, is based on its founder’s name, Stefan Kudelski, thus being very unique. The Respondent could not ignore the existence of the Complainant and of trade mark at the time of the registration of the disputed domain name. It is well-settled that the practice of typosquatting, of itself, is evidence of the bad faith registration of a domain name. It is to be noted that in addition to the disputed domain name, the Respondent registered <kudleskisecurity.com> domain, another version of typo of the Complainant’s trade name, on the date one day before the registration of the disputed domain name. Therefore, it should be considered that the disputed domain name has been registered in bad faith. On the other hand, with regard to the requirement that the dispute domain name is being used in bad faith, it should be noted that on October 26, 2021, when the registration of the disputed domain name was made, the Respondent used the disputed domain name together with the email address “[...]@kudelsksecurity.com” for the purpose of sending a phishing email to the Complainant’s customer in an apparent attempt to induce the customer to process fraudulent payments on allegedly outstanding invoices. To stop this phishing attack, the Complainant filed an abuse complaint with the registrar, and it confirmed the Respondent's abuse and, accordingly, placed the disputed domain name on ClientHold status. Therefore it should be considered that the disputed domain name is being used in bad faith by the Respondent.
The Respondent did not reply to the Complainant’s contentions.
In accordance with the Rules, paragraph 15(a), a panel shall decide a case on the basis of the statements and documents submitted and in accordance with the Policy, the Rules and any rules and principles of law that it deems applicable. Since the Respondent has not made any substantive arguments in this case, the following decision is rendered on the basis of the Complainant’s contentions and other evidence submitted by the Complainant.
In accordance with the Policy, paragraph 4(a), in order to qualify for a remedy, the Complainant must prove each of the following:
(i) The disputed domain name is identical or confusingly similar to a trade mark or service mark in which the Complainant has rights; and
(ii) The Respondent has no rights or legitimate interests in respect of the disputed domain name; and
(iii) The disputed domain name has been registered and is being used in bad faith.
The Panel finds that the Complainant has the right in the KUDELSKI SECURITY trade mark.
The disputed domain name can be divided into two parts: “kudelsksecurity” and “.com”. The last part represents one of the generic Top-Level Domains, which is irrelevant in the determination of the confusing similarity between the disputed domain name and the KUDELSKI SECURITY trade mark. The word “security” is found in the first part of the disputed domain name, which is same as the second part of the Complainant’s trade mark. Then the remaining spelling is “kudelsk”. This word is different from the former part of the Complainant’s trade mark in that the letter “i” is absent, this is a typical example of typosquatting. As well-established in prior UDRP decisions, and found in the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 1.9, “[a] domain name which consists of a common, obvious, or intentional misspelling of a trademark is considered by panels to be confusingly similar to the relevant mark for purposes of the first element. This stems from the fact that the domain name contains sufficiently recognizable aspects of the relevant mark.”
Therefore, the Panel finds that the disputed domain name, being a typosquatted version of the Complainant’s KUDELSKI SECURITY trade mark, is confusingly similar to the trade mark in which the Complainant has rights. The above requirement provided for in paragraph 4(a)(i) of the Policy is accordingly satisfied.
There is no evidence at all that shows the Respondent is commonly known by the name “kudelsksecurity” or that the Respondent is affiliated with the Complainant or authorized or licensed to use the Complainant’s trade mark.
The disputed domain name resolves to an inactive page. This suggests that the Respondent has not used the disputed domain name in connection with a bona fide offering of goods or services or for any legitimate noncommercial or fair use. Rather, the evidence presented illustrates the Respondent’s use of the disputed domain name to engage in a fraudulent email scheme targeting the Complainant’s customer. Accordingly, such use can never confer rights or legitimate interests upon the Respondent. WIPO Overview 3.0, section 2.13.
Since the Respondent did not reply to the Complainant’s contentions in this proceeding, the Panel finds on the available record that the Complainant has established an unrebutted prima facie case that the Respondent has no rights or legitimate interests in respect of the disputed domain name. The above requirement provided for in paragraph 4(a)(ii) of the Policy is accordingly satisfied.
The Complainant is a provider of tailored cybersecurity solutions to help enterprises and public sector institutions assess risks and vulnerabilities and protect their data and systems. It has offices and labs in several countries. ln consideration of the Complainant’s international business using the KUDELSKI SECURITY trade mark, it is highly unlikely that the Respondent would not have known of the Complainant’s rights in the trade mark at the time of the disputed domain name’s registration. ln addition, in light of the fact that nothing in the disputed domain name bears a reasonable relevance to the name of the Respondent and number of letters in the Complainant’s KUDELSKI SECURITY trade mark, which is sixteen letters, there can be found no reasonable possibility of fortuity in the Respondent’s innocent registration of the disputed domain name. In addition, it is found that the Respondent registered <kudleskisecurity.com> domain, another version of typo of the Complainant’s trade name on October 25, 2021, which is one day before the registration of the disputed domain name. All these facts indicate that the disputed domain name has been registered in bad faith. On the other hand, on October 26, 2021, when the registration of the disputed domain name was made, the Respondent used the disputed domain name together with the email address “[...]@kudelsksecurity.com” for the purpose of sending a phishing email to the Complainant’s customer in an apparent attempt to induce the customer to process fraudulent payments on allegedly outstanding invoices. This is a typical example of indication that the disputed domain name is being used in bad faith.
Since the Respondent did not reply to the Complaint in this proceeding and based on the available case file, it is possible for the Panel to find that the disputed domain name has been registered in bad faith and is being used in bad faith. The above requirement provided for in paragraph 4(a)(iii) of the Policy is accordingly satisfied.
ln conclusion, all three cumulative requirements as provided for in paragraph 4(a) of the Policy are determined to be satisfied.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <kudelsksecurity.com> be transferred to the Complainant.
Masato Dogauchi
Sole Panelist
Date: February 21, 2022