WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
Banque de Luxembourg, SA v. WhoisGuard Protected, WhoisGuard, Inc. / Antonio Diaz
Case No. D2019-0495
1. The Parties
The Complainant is Banque de Luxembourg, SA, Luxembourg, represented by MEYER & Partenaires, France.
The Respondent is WhoisGuard Protected, WhoisGuard, Inc., Panama / Antonio Diaz, United States of America.
2. The Domain Name and Registrar
The disputed domain name <bdl-lu.com> is registered with NameCheap, Inc. (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on March 4, 2019. On March 4, 2019, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On March 4, 2019, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on March 22, 2019 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on March 25, 2019.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on March 26, 2019. In accordance with the Rules, paragraph 5, the due date for Response was April 15, 2019. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on April 23, 2019.
The Center appointed Christopher J. Pibus as the sole panelist in this matter on May 14, 2019. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background
The Complainant operates a financial institution in Luxembourg under the name Banque de Luxembourg, SA. It has existed since the 1920s as a private bank serving local and international clients. It is a wholly owned subsidiary of Crédit Mutuel-CIC.
The Complainant owns several trademark registrations for the trademark BANQUE DE LUXEMBOURG, including the following:
European Union (“EU”) Trademark Registration No. 015436934 registered on September 26, 2016 for the design trademark:
EU Trademark Registration No. 005417761 registered on October 18, 2007 for the trademark BL BANQUE DE LUXEMBOURG.
EU Trademark Registration No. 008518755 registered on March 1, 2010 for the trademark BL.
The Complainant has used the acronym BDL in association with its banking services, including as its main e‑mail address, namely “[...]@bdl.lu”. The Complainant’s employees’ email address all feature the “@bdl.lu” ending.
In January, 2019, the Complainant learned that an email address featuring the ending “@bdl-lu.com” was used in a scam email wherein the sender pretended to be a bank employee. This email address was associated with the disputed domain name <bdl-lu.com>. The disputed domain name <bdl-lu.com> was registered on January 10, 2019. At the time the Complaint was filed the disputed domain name was used to create email addresses, through which phishing emails were sent to the Complainant’s customers seeking personal information and/or or money.
5. Parties’ Contentions
The Complainant owns trademark registrations for the mark BANQUE DE LUXEMBOURG Design which features the BDL logo, including EU Trademark Registration No. 015436934. The Complainant has used the BDL logo on its website and other promotional materials for many years. In addition, the Complainant holds common law rights in the acronym BDL, through its domain name <bdl.lu> and the associated email addresses of its employees which all end with the BDL acronym namely “@bdl.lu”. The disputed domain name <bdl-lu.com> features the Complainant’s BDL acronym in its entirety. The letters “lu” are readily recognized as the country code for Luxembourg. Accordingly, the disputed domain name is confusingly similar to the Complainant’s registered trademark for its BDL logo and common law BDL marks.
The Respondent is not related to the Complainant and has not been authorized or licensed to use the Complainant’s trademark or logo. The Respondent is not using the disputed domain name <bdl-lu.com> in a bona fide offering of goods and/or services. The Respondent has been and is using the disputed domain name for email addresses as part of a phishing scam to obtain the Complainant’s customers’ private and personal banking information and money.
The Complainant further asserts that the Respondent was clearly aware of the Complainant and its trademark rights when it registered the disputed domain name and used the disputed domain name <bdl‑lu.com> in association with email address as part of a scam. Most notably, the Respondent used the name of one of the Complainant’s administrators, S. R., to create the fake email address “[...]@bdl-lu.com”, which was used in the fraudulent communications to customers. The Complainant submits that this was a deliberate attempt to confuse the bank’s clients, and to target them for purposes of financial fraud. This conduct is evidence of bad faith under the Policy.
The Respondent did not reply to the Complainant’s contentions.
6. Discussion and Findings
According to paragraph 4(a) of the Policy, in order to succeed, the Complainant must establish each of the following elements:
(i) The disputed domain name is identical or confusingly similar to the trademark or service mark in which the Complainant has rights;
(ii) The Respondent has no rights or legitimate interest in respect of the disputed domain name; and
(iii) The disputed domain name has been registered and is being used in bad faith.
A. Identical or Confusingly Similar
The Panel finds that the Complainant does have recognizable trademark rights in the letters BDL by virtue of its EU trademark registration No. 015436934, which incorporates the acronym as a dominant element of the logo, and by virtue of extensive common law use.
The Panel finds that the disputed domain name <bdl-lu.com> is confusingly similar to the Complainant’s trademark, as the disputed domain name replicates the Complainant’s BDL logo except for the addition of the letters “lu”. The Panel notes that the country code for Luxembourg is the letters “lu”, and the addition of an associated country code to a trademark does not avoid the confusing similarity in any way. See sections 1.7 and 1.8 of WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Jurisprudential Overview 3.0”).Accordingly, the Panel finds that the Complainant has satisfied the requirement under paragraph 4(a)(i) of the Policy.
B. Rights or Legitimate Interests
“While the overall burden of proof in UDRP proceedings is on the complainant, panels have recognized that proving a respondent lacks rights or legitimate interests in a domain name may result in the often impossible task of ‘proving a negative’, requiring information that is often primarily within the knowledge or control of the respondent. As such, where a complainant makes out a prima facie case that the respondent lacks rights or legitimate interests, the burden of production on this element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the domain name. If the respondent fails to come forward with such relevant evidence, the complainant is deemed to have satisfied the second element”.
Based on the evidence filed in this proceeding, the Panel finds that the Complainant has made out a prima facie case with respect to lack of rights and legitimate interests. The Complainant clearly owns rights in the BDL logo as noted in section 4 of this Decision. The evidence filed in this proceeding, which was not contested by the Respondent, supports the fact that the Respondent was aware of the Complainant’s trademark and banking services, particularly because the Respondent chose to adopt the acronym BDL and then combine it with the geographical descriptor of the country code for Luxembourg, where the Complainant’s bank is located.
The Respondent was not authorized or licensed to use the Complainant’s trademark, and the Respondent is not commonly known by the acronym BDL. The Panel also notes that the Complainant has long established use of the BDL acronym in association with its employees’ email addresses, namely “@bdl.lu”. The Respondent has used the disputed domain name <bdl-lu.com> to create fake email addresses using names of the Complainant’s employees, to operate a phishing scam to prey on unsuspecting customers of the bank. This conduct obviously does not support a finding of a bona fide offering of goods and/or services in association with the disputed domain name.
In this situation, the burden shifts to the Respondent to bring forward evidence of rights and legitimate interests. The Respondent did not respond to the Complaint.
Accordingly, the Panel finds that the Complainant is deemed to have satisfied the requirements under paragraph 4(a)(ii) of the Policy.
C. Registered and Used in Bad Faith
As set out above, the Panel is prepared to find that the Respondent was clearly aware of the Complainant’s trademark rights in the BDL mark when it registered the disputed domain name <bdl-lu.com>. As set out above, this conclusion is supported by the fact that the Respondent is using the disputed domain name to create fake email addresses, which incorporate bank employee’s names, and which are then used to send emails to actual customers of the Complainant as part of a phishing scam. The fraudulent scheme operated by the Respondent, using the disputed domain name to deceive customers into believing they are dealing with employees of the Complainant bank, is compelling evidence of bad faith and abusive conduct contrary to the Policy.
The Panel is prepared to accept the claims made by the Complainant, and finds that the Respondent registered and has used the disputed domain name in bad faith.
The Complainant has therefore satisfied the requirements under paragraph 4(a)(iii) of the Policy.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <bdl-lu.com> be transferred to the Complainant.
Christopher J. Pibus
Date: May 28, 2019