WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
The Commissioners for HM Revenue and Customs v. ee ee, David Roundski, and George Capricorn
Case No. D2020-2971
1. The Parties
Complainant is The Commissioners for HM Revenue and Customs, United Kingdom, represented by Demys Limited, United Kingdom.
Respondents are ee ee, David Roundski, and George Capricorn, United Kingdom.
2. The Domain Names and Registrar
The disputed domain names <hmrcgov-repayment.com>, <hmrc-overdue-refund.com>, <hmrc-refund-payment.com>, and <hmrc-ukgov-taxrefund.com> (“the Domain Names”) are registered with NameCheap, Inc. (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on November 9, 2020. On November 9, 2020, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Names. On November 9, 2020, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Names which differed from named Respondent and contact information in the Complaint. The Center sent an email communication to Complainant on November 10, 2020, providing the registrant and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on November 10, 2020.
The Center verified that the Complaint, together with the amended Complaint, satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on November 11, 2020. In accordance with the Rules, paragraph 5, the due date for Response was December 1, 2020. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on December 2, 2020.
The Center appointed Clive L. Elliott Q.C., as the sole panelist in this matter on December 8, 2020. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background
Complainant is formally known as “Her Majesty’s Revenue and Customs” which is often shortened to “HM Revenue and Customs” or the initialism “HMRC”.
Complainant is a non-ministerial department of the United Kingdom (“UK”) Government responsible for the collection of taxes, the payment of some forms of state support and the administration of other regulatory regimes.
Complainant, in its present form and with its current name, was created by the merger of the Inland Revenue and HM Customs and Excise in April 2005. It was established in The Commissioners for Revenue and Customs Act, 2005.
Complainant is responsible for the administration and collection of direct taxes within the UK including Income Tax, Corporation Tax, Capital Gains Tax, and Inheritance Tax. It also collects indirect taxes including Value Added Tax, excise duties, and Stamp Duty Land Tax, and environmental taxes such as Air Passenger Duty and the Climate Change Levy. Other aspects of Complainant’s responsibilities include the collections of National Insurance Contributions, the distribution of Child Benefit, and some other forms of state support including the Child Trust Fund, payments of Tax Credits and enforcement of the National Minimum Wage.
As the UK Government’s tax authority, almost every UK individual and business is a direct customer of Complainant and user of its services.
Complainant operates a website within the UK Government’s official portal at “www.gov.uk/government/organisations/hm-revenue-customs”.
November 05, 2007
9, 16, 35, 36, 38, 41 & 45
HM Revenue & Customs
August 18, 2017
9, 16, 35, 36, 38, 41 & 45
Complainant is the proprietor of a number of UK trade marks, listed below (“Complainant’s Marks):
Complainant notes that its earlier mark HMRC pre-dates the registration of the Domain Names by approximately 13 years.
According to the publicly available WhoIs, the Domain Names were registered on either October 13 or 14, 2020. Complainant provided evidence that the Domain Names have resolved to websites that appear to resemble the websites of Complainant, and were subsequently flagged with phishing or malware warnings.
5. Parties’ Contentions
Complainant contends that web users who use the Domain Names are greeted with websites that closely mimic the look and feel of Complainant’s website. Internet users are then taken through a series of webpages asking them to enter various personal and payment details such as: full name, date of birth, address, email address, telephone number, mother’s maiden name, a credit or debit card number, expiry date and security code for aforementioned card, bank account number, and its sort code. Complainant notes that at the time of submission, the websites associated with the Domain Names have been disabled through actions taken by Complainant.
Complainant observes that Google’s Safe Browsing service reports that the websites associated with the Domain Names are associated with phishing or malware distribution displaying the following warning for each Domain Name:
“The site [Domain Name] contains harmful content, including pages that:
Try to trick visitors into sharing personal info or downloading software”
At the point of submission, Respondent hid their true identity behind a WhoIs privacy service. Although the registrant details on the Domain Names are not identical, Complainant contends that it is more likely than not that the Domain Names are in fact under common control.
To support this view, Complainant notes the following:
(a) the Domain Names were registered with the same registrar of record;
(b) the Domain Names were registered within a day of each other;
(c) the Domain Names are similar in construction as they incorporate Complainant’s Mark and the dictionary words “refund”, “repayment”, “tax”, and “overdue”;
(d) the websites associated with the Domain Names were identical in design, closely mimicking the look and feel of Complainant’s website, notably by including the United Kingdom’s government crown device and logo used across all government websites, and using the United Kingdom’s government official footer, including copyright notice, terms & conditions of use, etc.; and,
(e) all the websites were misleading Internet users with a promise of tax refunds and were subsequently flagged for phishing by a reputable third-party security service.
Complainant has a reasonable belief, given that the Domain Names have been flagged for phishing or malware distribution by a reputable third-party security service, that the websites associated with the Domain Names have been created to capture Internet users’ personal and credit card details for fraudulent purposes. Complainant can conceive of no legitimate reason why Respondent would otherwise create such websites.
Complainant further notes the registrant details given for <hmrc-refund-payment.com> and <hmrc-overdue-refund.com> are false.
Additionally, Complainant has used the Royal Mail’s address checker at “www.royalmail.com/find-a-postcode” o cross reference the postal addresses given for <hmrcgov-repayment.com> and <hmrc-ukgov-taxrefund.com>. Complainant notes that neither resolves to a valid address.
Additionally, Complainant points out, in common with previous disputes brought by Complainant, that it is possible the personal names given for <hmrcgov-repayment.com> and <hmrc- ukgov-taxrefund.com> may have been obtained through identity theft. See, The Commissioners for HM Revenue and Customs v. Name Redacted and Name Redacted, WIPO Case No. D2020-1389.
Complainant contends that it enjoys both registered and unregistered rights in the initialism “HMRC”, and it is well known in the UK and around the world as HMRC.
Complainant asserts that Complainant’s Mark is the most prominent, dominant and distinctive element of the Domain Names. The dictionary words “repayment”, “refund”, “overdue”, “tax”, and the initialisms “uk” and “gov”, taken separately or together, are all closely associated with Complainant as the UK Government’s tax raising entity. When combined with Complainant’s Mark these adornments do not dispel any possibility of confusion but instead do the opposite and increase the potential for confusion among Internet users.
Complainant contends that Respondent does not have any rights or legitimate interests in the Domain Names. Complainant has found no evidence that Respondent has been commonly known by the name “HMRC”, “HMRC Gov Repayment”, “HMRC Overdue Refund”, “HMRC Refund Payment”, or “HMRC UK Gov Tax Refund” prior to or after the registration of the Domain Names. Respondent is not a licensee of Complainant and has not received any permission, consent or acquiescence from Complainant to use its marks or name in association with the registration of the Domain Names or, indeed, any domain name, service or product.
Complainant has found nothing to suggest that Respondent owns any trade marks that incorporate or are similar or identical to the terms “hmrc” or the other words featured in the Domain Names. Equally, the Complainant has found no evidence that Respondent has ever traded or operated as “HMRC”, “HMRC Gov Repayment”, “HMRC Overdue Refund”, “HMRC Refund Payment”, or “HMRC UK Gov Tax Refund”.
Complainant notes that the Domain Names have been used as phishing websites that impersonate Complainant’s website and try to trick the Internet users into revealing personal and financial information.
Furthermore, Complainant contends that it is highly unlikely that Respondent intended to use the Domain Names for any legitimate or fair use, but rather to mislead Internet users into revealing personal and financial information.
Complainant contends the Domain Names could not be used in any manner without causing widespread confusion given that the Domain Names are confusingly similar to Complainant’s registered Marks.
Complainant argues that the use of a privacy service by Respondent is indicative of bad faith. Considering that the Domain Names are confusingly similar to Complainant’s Marks and that there are other indicia of bad faith, including that the Domain Names have been used for potentially criminal activity, Complainant cannot see how the use of a privacy service can be legitimate in this case. Therefore, Complainant asserts that the use of a privacy service by Respondent is indicative of bad faith.
Respondent did not reply to Complainant’s contentions.
6. Discussion and Findings
The first point to deal with is whether the complaint is properly brought against four disputed domain names. Complainant asserts that the circumstances justify a single complaint, given the same registrar of record, registration of the Domain Names within a two day period, the similarity of construction of the Domain Names, and the commonality of the websites associated with the Domain Names. Noting also the absence of objection from Respondent, the Panel is satisfied that the above factors justify the complaint against the Domain Names being dealt with together.
A. Identical or Confusingly Similar
Complainant claims rights principally in the mark HMRC, which it asserts is well known in the UK and around the world. Complainant sets out details of its use and registration of Complainant’s Marks, which, relevantly, contain as a dominant and distinctive element the initialism “HMRC”. The Domain Names wholly incorporate Complainant’s mark HMRC along with the dictionary words “repayment”, “refund”, “overdue”, “tax”, and the initialisms “uk” and “gov”. The mark HMRC is clearly recognizable in the Domain Names, and the addition of dictionary words or initialisms does not prevent a finding of confusing similarlity. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 1.8.
The Domain Names are confusingly similar to Complainant’s Marks. Accordingly, the first ground under the Policy is made out.
B. Rights or Legitimate Interests
Complainant asserts, inter alia, that the Domain Names have been used as phishing websites that impersonate Complainant’s website. Complainant points to the fact that Google’s Safe Browsing service identifies websites associated with the Domain Names as being associated with phishing or malware distribution and that an entity associated with the websites of the Domain Names is misleading Internet users into providing their personal and financial information. Accordingly, Complainant has put forward a prima facie case that Respondent lacks rights or legitimate interests in the Domain Names.
In the face of these serious allegations, Respondent remains silent. In the absence of any attempt to challenge or refute the allegations, the Panel is driven to the conclusion that the Domain Names were not registered and have not been used for any legitimate or fair purpose. Accordingly, the second ground under the Policy is made out.
C. Registered and Used in Bad Faith
Complainant has provided evidence that the Domain Names have been used in connection with fraudulent phishing websites appearing to be associated with Complainant. Such fraudulent and impersonating use is clear evidence of bad faith. In addition, Complainant rightly argues that the Domain Names could not be used in any good faith manner, that is, without causing widespread confusion. The Panel accepts this argument. Further, Complainant argues that the use of a privacy service by Respondent is indicative of bad faith. Under these particular circumstances, the Panel accepts that the use of a privacy service points towards bad faith registration and use.
Complainant has therefore clearly established the third ground under the Policy.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that Domain Names, <hmrcgov-repayment.com>, <hmrc-overdue-refund.com>, <hmrc-refund-payment.com>, and <hmrc-ukgov-taxrefund.com>, be transferred to Complainant.
Clive L. Elliott
Date: December 22, 2020