WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
KPMG International Cooperative v. Whois privacy service, Domains By Proxy, LLC / Name Redacted
Case No. D2019-1235
1. The Parties
The Complainant is KPMG International Cooperative, Netherlands, represented by Taylor Wessing LLP, United Kingdom.
The Respondent is Whois privacy service, Domains By Proxy, LLC, United States of America (“United States”) / Name Redacted1 .
2. The Domain Name and Registrar
The disputed domain name <kpmghumanresourcesteam.info> (the “Domain Name”) is registered with GoDaddy.com, LLC (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on May 30, 2019. On May 31, 2019, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On June 3, 2019, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on June 4, 2019 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on June 4, 2019.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on June 12, 2019. In accordance with the Rules, paragraph 5, the due date for Response was July 2, 2019. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on July 3, 2019.
The Center appointed Ellen B Shankman as the sole panelist in this matter on July 11, 2019. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background
The date of the Domain Name registration was confirmed by the Registrar to be May 8, 2019.
The trademark KPMG serves as a house-mark of the Complainant and is protected as a registered trademark in multiple jurisdictions worldwide.
The Complainant provided evidence of multiple trademark registrations for the mark KPMG including, inter alia, United States Registration No. 2339547 (registered on April 11, 2000) and European Union Trade Mark (“EUTM”) Registration No. 001011220 (registered on April 25, 2000) both for word marks covering auditing, taxation services and advisory services in classes 35 and 36.
The Complainant also provided evidence of emails (redacted for privacy) sent by the Respondent appearing to be job offers from the Complainant’s Human Resources department which included solicitations of private data and financial information.
The Panel also conducted an independent search to determine that the Domain Name resolves to a page with a “404” error message, and the website currently appears to be inactive.
5. Parties’ Contentions
The Complainant KPMG and its network is one of the world’s leading providers of audit, tax and advisory services. Those services are provided by the KPMG member firms under the trademark KPMG. Member firms of the KPMG network of independent firms are affiliated with the Complainant. The KPMG member firms operate in approximately 155 countries, with over 174,000 employees. The Complainant owns the trademark KPMG and licenses its use to the KPMG member firms worldwide.
KPMG has been ranked consistently for many years as one of the “Big Four” professional services firms, together with Deloitte, Ernst & Young (EY) and PricewaterhouseCoopers (PwC). Its origins span three centuries. Its current form and initials, KPMG, result from the merger between Peat Marwick International (PMI) and Klynveld Main Goerdeler (KMG) in 1987. The network has therefore been using the trademark KPMG for over 30 years. The combined global revenues of the KPMG member firms in 2018 were USD 28.96 billion.
The global and member firm KPMG websites operate mainly under the flagship domain name <kpmg.com>. The Complainant operates the global KPMG website at “www.home.kpmg/xx/en/home.html”.
The KPMG brand has been consistently ranked among the world’s top brands for many years. For example, Fortune magazine has ranked KPMG among the 100 Best Companies to Work For, from 2009 to 2012 and from 2014 to 2017. Byte Level Research has ranked KPMG among the Best Global Websites from 2013 to 2015 and in 2017, and Universum has ranked KPMG fifth in the World’s Top 50 Most Attractive Employers in 2018.
The Complainant alleges that it has accordingly established very substantial international rights in the trademark KPMG. The mark KPMG is inherently distinctive and nondescriptive, and it is famous throughout the world.
The Complainant contends that Domain Name does not direct to a live website. Instead, it has come to the Complainant’s attention that the Respondent has used the Domain Name on at least one occasion in an attempt to fraudulently obtain personal information from a job candidate and to instruct the candidate to perform bitcoin transfers by way of an email scam.
The Complainant provided evidence that on May 14, 2019, an email was sent from “[...]@kpmghumanresourcesteam.info” with the subject line “Employment opportunity in KPMG company” to an individual. The email body informed the individual that “our company” had decided to hire her for an Assistant Operations Manager position. The email referred to KPMG and contained apparently standard recruitment information, as well as non-standard and poorly-worded instructions – e.g. “be in touch with your manager (It’s me […]) by email or by phone constantly.”
The Complainant provided additional evidence that on May 14, 2019, a further email was sent from “[...]@kpmghumanresourcesteam.info” with the subject line “Employment opportunity in KPMG company” to the same candidate. The email body informed the candidate that the role would involve accepting payments for the company’s software from clients, and that the payments would be made in bitcoin. Attached to the email was a “Financial Responsibility” form stating that the candidate assumes all financial responsibility. The form uses KPMG’s logo and a legitimate KPMG office address.
The candidate reported this suspicious email activity to the Complainant, on the basis that the contact falsely purported to be from the Complainant and provided a fraudulent email address, which comprises the Complainant’s KPMG trademark. The Complainant also received further reports of fraudulent approaches from the Respondent to individuals.
The Complainant contends that the Respondent is using the Domain Name opportunistically to make targeted fraudulent requests involving personal data and bitcoin transfers from at least one third party, that the Domain Name was registered or acquired primarily for the purpose of using it to target, on at least one reported occasion, third parties by way of scam emails, intentionally attempting to create a likelihood of confusion with the Complainant’s famous KPMG mark for the purpose of financial gain. The Respondent’s registration, fraudulent use, and any other use, of the Domain Name, including use of connected email addresses, will disrupt the business and image of the KPMG network by misleading members of the public into believing that the Domain Name and email addresses connected to the Domain Name are connected with KPMG, due to the confusing similarity to the Complainant and its trademark registrations for KPMG. The Complainant stands to suffer substantial reputational damage as a result of this behavior.
Furthermore, the Complainant amended the Complaint to include that once the original private proxy registration was uncovered, the information provided by the Registrar shows that the Respondent is using the name of the Complainant’s Canadian Managing Partner, with an address in Riga, Latvia. The email address provided includes the name and the terms “KPMG intern”. This name is in fact the name of the Canadian Managing Partner, Audit at KPMG LLP based in Toronto, Canada, as evidenced from her publically visible LinkedIn profile. This person has had no involvement with the registration of the Domain Name or the associated illegitimate activity.
To summarize the Complaint, the Complainant is the owner of multiple registrations for the trademark KPMG in respect of financial goods and services. The Domain Name is confusingly similar to the trademark owned by the Complainant. The addition of the descriptive terms “human resources team” and the generic Top-Level Domain (“gTLD”) “.info” does not prevent a finding of confusing similarity. Therefore, the Domain Name could be considered virtually identical and/or confusingly similar to the Complainant’s trademark. The Complainant contends that the Respondent has no rights or legitimate interests in respect of the Domain Name. The Domain Name was registered and is being used in bad faith. That continued use of the Domain Name would lead to a likelihood of confusion as to the source, sponsorship, affiliation or endorsement of the Respondent by the Complainant, and is being used for fraudulent activity. Thus, the Respondent’s registration and use of the Domain Name constitutes bad faith registration and use under the Policy, and the Complainant requests transfer of the Domain Name.
The Respondent did not reply to the Complainant’s contentions.
6. Discussion and Findings
The burden for the Complainant under paragraph 4(a) of the Policy is to prove:
(i) That the Domain Name registered by the Respondent is identical or confusingly similar to a trademark or service mark in which the Complainant has rights;
(ii) That the Respondent has no rights or legitimate interests in respect of the Domain Name; and
(iii) That the Domain Name has been registered and used in bad faith.
A. Identical or Confusingly Similar
The Panel finds that the Complainant has satisfactorily proven that it has registered trademark rights for KPMG.
The Panel finds that the Domain Name is confusingly similar to the Complainant’s trademark. Further, the Panel finds that the addition of the descriptive terms “human resources team”, together with the gTLD “.info” to the Domain Name does not prevent a finding of confusing similarity between the Domain Name and the Complainant’s trademark. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”) section 1.8 and 1.11, Pfizer Inc. v. Asia Ventures, Inc., WIPO Case No. D2005-0256. See also Ansell Healthcare Products Inc. v. Australian Therapeutics Supplies Pty, Ltd., WIPO Case No. D2001-0110, stating “The incorporation of a Complainant’s well-known trademark in the registered Domain Name is considered sufficient to find the Domain Name confusingly similar to the Complainant’s trademark.”
Accordingly, the Panel finds that the Complainant has satisfied the first requirement that the Domain Name is identical or confusingly similar to the Complainant’s registered trademark, under paragraph 4(a)(i) of the Policy.
B. Rights or Legitimate Interests
Paragraph 4(c) of the Policy in turn identifies three means through which a respondent may establish rights or legitimate interests in a domain name. Although the complainant bears the ultimate burden of establishing all three elements of paragraph 4(a) of the Policy, UDRP panels have recognized that this could result in the often‑impossible task of proving a negative, requiring information that is primarily, if not exclusively, within the knowledge of the respondent. Thus, the consensus view is that paragraph 4(c) shifts the burden of production to the respondent to come forward with evidence of a right or legitimate interest in the disputed domain name, once the complainant has made a prima facie showing. See, e.g., Document Technologies, Inc. v. International Electronic Communications Inc., WIPO Case No. D2000-0270.
The Complainant asserts that the Respondent has no rights or legitimate interests in respect of the Domain Name and that it is not related to or affiliated in any way with the Complainant, nor has the Complainant authorized the Respondent to use its trademarks.
Based on the available record, the Panel finds that the Complainant has established a prima facie case, which was not refuted, and that the Respondent lacks rights or legitimate interests in the Domain Name.
Therefore, the Complainant has satisfied the second requirement that the Respondent has no rights or legitimate interests in the Domain Name, under paragraph 4(a)(ii) of the Policy.
C. Registered and Used in Bad Faith
Given the distinctiveness of the Complainant’s trademark and reputation, together with the name used to obtain the Domain Name and the evidence of the emails sent imitating the Complainant the Panel agrees with the Complainant’s claims that the Respondent has registered the Domain Name with full knowledge of the Complainant’s trademark KPMG and uses it for the purpose of defrauding people based on the likelihood of confusion and imitation of the Complainant and its brand.
The Panel finds that this is a classic example of the unfortunate fraudulent and opportunistic registration that the UDRP is intended to address, and finds that the Respondent is using the Domain Name opportunistically to make targeted fraudulent requests involving personal data and bitcoin transfers.
Thus, the Panel finds that the Respondent’s use of the Domain Name creates confusion as to the source of the Domain Name in an attempt to trade on the goodwill associated with the Complainant’s trademark. A respondent’s use of a complainant’s mark – for said respondent’s commercial benefit – to attract Internet users otherwise seeking said complainant evinces a finding of bad faith per Policy, paragraph 4(b)(iv) and is consistent in this case. See WIPO Overview 3.0 at section 3.1.4 which states:
“Panels have moreover found the following types of evidence to support a finding that a respondent has registered a domain name to attract, for commercial gain, Internet users to its website by creating a likelihood of confusion with the complainant’s mark: (i) actual confusion, (ii) seeking to cause confusion (including by technical means beyond the domain name itself) for the respondent’s commercial benefit, even if unsuccessful, (iii) the lack of a respondent’s own rights to or legitimate interests in a domain name, (iv) redirecting the domain name to a different respondent-owned website, even where such website contains a disclaimer, (v) redirecting the domain name to the complainant’s (or a competitor’s) website, and (vi) absence of any conceivable good faith use.”
Furthermore, the Panel finds that the emails sent utilizing the Domain Name constitute a real risk of phishing scheme, aiming to deceive Internet users to believe they are dealing with the Complainant. See Accor SA v. Domain Admin, C/O ID#10760, Privacy Protection Service INC d/b/a PrivacyProtect.org / Yogesh Bhardwaj, WIPO Case No. D2017-1225.
Given the evidence of the Complainant’s prior rights in the trademark, the registration of the Domain Name with full knowledge of the Complainant apparent in the imitation and fraudulent emails, the Panel finds that the Complainant has satisfied the third requirement that the Respondent has registered and is using the Domain Name in bad faith, under paragraph 4(a)(iii) of the Policy.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name <kpmghumanresourcesteam.info> be transferred to the Complainant.
Ellen B Shankman
Date: July 23, 2019
1 On the basis of the case file presented to the Panel, it seems that the Respondent is not the true holder and registrant of the disputed domain name. In light of a potential identity theft, the Panel, therefore, has redacted the Respondent’s name from this Decision. However, the Panel has attached as Annex 1 to this Decision an instruction to the Registrar regarding transfer of the disputed domain name, which includes the name of the registrant according to the Registrar’s WhoIs database. The Panel has authorized the Center to transmit Annex 1 to the Registrar as part of the order in this proceeding, and has indicated that Annex 1 to this Decision shall not be published due to the exceptional circumstances of this case. See ASOS plc. v. Name Redacted, WIPO Case No. D2017-1520.