WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
The Commissioners for HM Revenue and Customs v. Name Redacted and Name Redacted
Case No. D2020-1389
1. The Parties
The Complainant is The Commissioners for HM Revenue and Customs, United Kingdom, represented by Demys Limited, United Kingdom.
The Respondents are Name Redacted, United Kingdom, and Name Redacted, United Kingdom.
2. The Domain Names and Registrar
The disputed domain names, <hmrc-taxverify.com> and <uk-tax-hmrc.com> (together the “Domain Names”) are registered with NameCheap, Inc. (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on June 1, 2020. On June 2, 2020, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Names. On June 3, 2020, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Names, which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on June 3, 2020, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on June 3, 2020.
The Center verified that the Complaint, together with the amended Complaint, satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondents of the Complaint, and the proceedings commenced on June 4, 2020. In accordance with the Rules, paragraph 5, the due date for Response was June 24, 2020. On June 10, 2020, the Center received an email communication from a third party. The Respondents did not submit any response. Accordingly, the Center notified the Respondents’ default on June 25, 2020.
The Center appointed Tony Willoughby as the sole panelist in this matter on June 29, 2020. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
The invitation to the Complainant to file an amended Complaint stemmed from the fact that the Domain Names were registered in the name of a privacy service. In response to the Center’s registrar verification request, the Registrar disclosed the names and addresses of the individuals in whose names the Domain Names had been registered. The amended Complaint names the named registrants as the Respondents in place of the privacy service.
For reasons explained in Section 6E below, the Panel has concluded on the balance of probabilities that those named as the registrants on registration of the Domain Names were not in fact individuals responsible in any way for the registration and use of the Domain Names. As will be seen, the Panel has directed that the names of those identified by the Registrar as the registrants of the Domain Names should be redacted from this decision. Further, for reasons which are set out in detail in Section 6A below the Panel has concluded on the balance of probabilities that the underlying registrant and user of both the Domain Names was one and the same individual.
All references in this decision to the “Respondent” are references to the unknown underlying registrant of the Domain Names.
4. Factual Background
The Complainant is a non-ministerial department of the United Kingdom Government responsible for the collection of taxes, the payment of some forms of state support, and the administration of other regulatory regimes. It is widely known and recognized in the United Kingdom by the acronym “HMRC”. Previously known under other names such as “Inland Revenue” and “HM Customs and Excise” it has operated under the name “Her Majesty’s Revenue and Customs” since 2005.
The Complainant provides online services under the banner of the United Kingdom Government website connected to the domain name, <gov.uk>. The relevant pages all feature the image of a crown and “gov.uk” in capital letters. The Complainant is the registered proprietor of the following United Kingdom trade mark registration:
No. 2471470 HMRC (word mark in upper and lower case) registered March 28, 2008 (application filed November 5, 2007), for a variety of goods and services in classes 9, 16, 35, 36, 41, and 45.
The Domain Name <hmrc-taxverify.com> was registered on April 14, 2020 and the Domain Name
<uk-tax-hmrc.com> was registered on May 5, 2020. They are not currently connected to any active website, but the unchallenged contention of the Complainant, supported by documentary evidence, demonstrates that they were connected to websites as follows:
<hmrc-taxverify.com> was connected to a website replicating the look and feel of the Complainant’s webpages, featuring a replica of the banner heading bearing the device of a crown and “gov.uk” in capital letters, and inviting the visitor to “Enter Your Post Code To Calculate Your Refund” and provide personal details including credit card details and security codes.
<uk-tax-hmrc.com>. The screenshot annexed to the Complaint as Annex 8 and attributed to the website attached to this Domain Name does not in fact mention the Doman Name. It is similar in form to that given for the <hmrc-taxverify.com> Domain Name. While there is a missing link here in relation to this website, the Complainant has also produced evidence to demonstrate that the websites connected to each of the Domain Names have been labeled by major Internet browsers such as Edge and Google as associated with phishing or malware distribution.
For example, a Microsoft website has reported that the <hmrc-taxverify.com> website has been reported “to contain the following threats: Phishing threat: This is a phishing website that impersonates a trusted website to trick you into revealing personal or financial information.” A Google Transparency report states that “[t]he site uk-tax-hmrc.com contains harmful content, including pages that try to trick visitors into sharing personal info or downloading software”.
The Panel accepts as fact that the Domain Names have both been used for this purpose.
5. Parties’ Contentions
The Complainant contends that the Domain Names are confusingly similar to the Complainant’s HMRC registered trade mark, in respect of which the Complainant also claims unregistered trade mark rights. The Complainant contends that the very nature of the Domain Names and the uses to which they have been put cannot on any basis have given the Respondent any rights or legitimate interests. The Complainant further contends that the Domain Names have been registered and are being used in bad faith.
The Respondent did not reply to the Complainant’s contentions.
6. Discussion and Findings
A. Preliminary Issue - Consolidation
Paragraph 3(c) of the Rules provides that “[t]he complaint may relate to more than one domain name, provided that the domain names are registered by the same domain-name holder”. Here the Domain Names are held in different names, but the Panel is satisfied from the evidence filed by the Complainant that the underlying registrant of each of the Domain Names is one and the same individual.
The evidence supports the Complainant’s contention as follows:
- The Domain Names were registered with the same registrar and were using the same privacy service.
- The Domain Names were registered less than a month apart.
- Both websites were hosted with the Registrar.
- The post codes given on the WhoIs are 3.6 miles apart.
- The Domain Names are similar in construction – they both incorporate the Complainant’s trademark and the dictionary word “tax” and differ only in that one incorporates the dictionary word “verify”, while the other incorporates the initials “uk”.
- The websites associated with the Domain Names were both of a substantially similar design and they both very closely mimicked the look and feel of the Complainant’s website, notably by including the United Kingdom’s government crown device and logo used across all government websites, and using the United Kingdom’s government official footer, including copyright notice, terms & conditions of use, etc.
- Both websites were misleading Internet users with a promise of tax refunds and were subsequently flagged for phishing by reputable third-party security services.
Paragraph 10(e) of the Rules gives to the Panel the power to decide requests to consolidate multiple domain name disputes. The Panel accedes to the Complainant’s request for consolidation.
According to paragraph 4(a) of the Policy, for this Complaint to succeed in relation to the Domain Names, the Complainant must prove each of the following, namely that:
(i) the Domain Names are identical or confusingly similar to a trade mark or service mark in which the Complainant has rights; and
(ii) the Respondent has no rights or legitimate interests in respect of the Domain Names; and
(iii) the Domain Names have been registered and are being used in bad faith.
C. Identical or Confusingly Similar
Self evidently, the Domain Names are confusingly similar to the Complainant's HMRC trade mark. In each of the Domain Names, the Complainant’s trade mark is immediately recognisable in its entirety separated out from the other elements by hyphens.
Thus, the Complaint succeeds under the first head of paragraph 4(a) of the Policy.
D. Rights or Legitimate Interests, Registered and Used in Bad Faith
The Panel finds it convenient to discuss these matters together, see generally WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”) at section 2.15. The Respondent has not claimed any right or legitimate interest in respect of the Domain Names and, given the fraudulent use that has been made of the Domain Names, the Panel cannot conceive of any basis upon which the Respondent might be said to have any such rights or legitimate interests. The use to which the Domain Names have been put is plainly fraudulent and the Domain Names will have been registered for that purpose.
Thus, the Complaint succeeds under the second and third heads of paragraph 4(a) of the Policy.
As can be seen from the heading of this decision, the names of the named Respondents have been redacted.
The individual whose name was given by the Registrar as the registrant of the <uk-tax-hmrc.com> Domain Name contacted the Center on notification of the Complaint and disclaimed any knowledge of the Domain Names. He stated that his name and address had been used without his authority and has asserted that the email address and telephone number given for him are not his. The Panel is satisfied that that is likely to be the case. The Domain Names have been used to impersonate the Complainant, so impersonation of a third party for the registration process is plausible. The Panel believes it most unlikely that a registrant of a domain name to be used for a so flagrantly dishonest purpose would conveniently leave behind a ready means of tracing its identity and whereabouts.
The individual whose name was given by the Registrar as the registrant of the <hmrc-taxverify.com> Domain Name has not been in contact with the Center. Indeed, according to the report filed by the courier with the Center, this individual refused to accept the package containing the case papers and handed the package back to the courier. While there is nothing before the Panel to indicate directly that this individual’s name and address has been used without his authority, the fact that the Panel believes it to be probable that the individual behind both Domain Names is the same, it is also probable that this individual is in the same position as the named registrant of the <uk-tax-hmrc.com> Domain Name. The Panel notes that in the case of both the named registrants the email addresses given for those registrants bear no relation to their names. Why would the underlying registrant conceal his identity in relation to one of the Domain Names and not the other?
In the view of the Panel, it would be wrong in light of these likely identity thefts for these likely innocent bystanders to appear as the Respondents in the published decision. Accordingly, the Panel has redacted the individuals’ names from the caption and body of this decision. Attached as Annex 1 to this decision is the Panel’s instruction to the Registrar regarding transfer of the Domain Names. Annex 1 names the named registrants of the Domain Names and authorises the Center to transmit Annex 1 to the Registrar as part of the order in this proceeding. However, the Panel has further directed the Center, pursuant to paragraph 4(j) of the Policy and paragraph 16(b) of the Rules, that Annex 1 shall not be published, given the exceptional circumstances of this case.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Names, <hmrc-taxverify.com> and <uk-tax-hmrc.com>, be transferred to the Complainant.
Date: July 1, 2020