WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

Weee! Inc. dba SAYWEEE.COM v. “090” and “m m”,

Case No. D2021-0598

1. The Parties

The Complainant is Weee! Inc. dba SAYWEEE.COM, United States of America (“United States”), represented by IPLA, United States.

The Respondents are “090” and “m m”, United States.

2. The Domain Names and Registrars

The disputed domain name (“Domain Name”) <saywweee.com> is registered with PDR Ltd. d/b/a PublicDomainRegistry.com (the “First Registrar”). The Domain Name <sayyweee.com> is registered with Google LLC (the “Second Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on February 26, 2021. On February 26, 2021, the Center transmitted by email to the Registrars a request for registrar verification in connection with the Domain Names. On February 26, 2021, the First Registrar transmitted by email to the Center its verification response confirming that the Respondent is listed as the registrant and providing the contact details. On February 26, 2021, the Second Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name <sayyweee.com> which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on March 18, 2021 providing the registrant and contact information disclosed by the Registrar and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint] on March 23, 2021.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on March 23, 2021. In accordance with the Rules, paragraph 5, the due date for Response was April 12, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on April 16, 2021.

The Center appointed Scott Blackmer as the sole panelist in this matter on May 6, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant is a corporation organized under the laws of the State of Delaware, United States, and headquartered in Fremont, California, United States. Since its establishment in the San Francisco Bay Area in 2015, the Complainant has been offering home delivery of Asian and Hispanic groceries ordered online and through mobile applications. Its website at “www.sayweee.com” is presented in English, Chinese, Japanese, Korean, and Spanish. The Complainant partners with local businesses as well as international brands. Its website advertises more than 10 million orders fulfilled since 2017 and offers delivery in many cities in California as well as in the states of Washington, Oregon, Illinois, Indiana, New York, New Jersey, Connecticut, Delaware, Rhode Island, Pennsylvania, Maryland, Virginia, the District of Columbia, and Texas. The Complainant’s service has been advertised and featured in local media stories in these markets.

The Complainant uses the domain name <sayweee.com> for its employee email addresses as well as for its website.

The Complainant holds WEEE as a registered standard character trademark, United States Registration Number 5299095, registered October 3, 2017. As noted in the trademark registration, the Complainant uses SAYWEEE.COM as a trade name (“aka SAYWEEE.COM”), although the record does not include copies of current fictitious business name filings. The 2015 “Statement and Designation by Foreign Corporation” filed with the California Secretary of State, attached to the Complaint, states that the Complainant “will do business in California as Sayweee.com”.

The First Registrar reports that the Domain Name <sayyweee.com> was registered on October 26, 2020 in the name of “m m”, giving an address in California, United States.

The Second Registrar reports that the Domain Name <saywweee.com> was registered on September 14, 2020 in the name of “090”, giving an incomplete address in Georgia, United States. The email address given for the registrant is in the domain name <jealousfrults.com>. There is no associated website. That domain name is quite similar in appearance to <jealousfruits.com>, which is used for a Canadian cherry grower. The Respondent’s substitution of “l” for “i” in confusingly similar domain names appears to be a pattern, as will be seen below.

The Registrars and domain privacy service initially named as Respondents have claimed no interest in the Domain Names in this proceeding. No natural or legal person has come forward to claim an interest in either Domain Name or to submit a Response. Because the Domain Names have been used similarly and in the same period of time, as discussed further below, the unknown person or persons who registered the Domain Names are referred to collectively as the “Respondent”.

There is no evidence in the record or from the Internet Archive’s Wayback Machine that either of the Domain Names have ever been associated with an active website. They produce only error messages at the time of this Decision.

Instead, the Complaint documents how both Domain Names were used for phishing emails within days of the Domain Name registrations. This appears to be part of a concerted attack on the Complainant. Beginning on September 9, 2020, a person or persons unknown posed as an employee at one of the Complainant’s vendors, Sufoo Life (a food products company based in Taiwan that distributes in the United States) and sent emails to the Complainant’s employees requesting payment of invoices. The fraudulent emails used a domain name, <sufoollfe.com>, confusingly similar to the vendor’s, <sufoolife.com>, replacing the letter “i” with the letter “l”, which has a similar appearance. The Complainant paid some of these invoices using the false bank details and wire transfer instructions. According to the Complaint, the United States Federal Bureau of Investigation (FBI) is investigating this potentially criminal activity.

On September 14, 2020, a few days after these emails commenced, the first of the Domain Names, <saywweee.com>, was registered. This differed from the domain name used for the Complainant’s website and employee emails by repeating the letter “w” – a difference that some viewers would overlook, particularly in a domain name that already deliberately repeats the final letter “e”. This Domain Name was used on the same day for a phishing email with the name of one of the Complainant’s employees, sent to “finance” at the same vendor, Sufoo Life, requesting information about invoices, claiming errors in payments, and seeking the vendor’s bank details. Similar emails were sent to Sufoo Life over a period of several weeks purporting to come from two different employees of the Complainant, phishing for details about invoices and bank accounts. In the course of the next few weeks, the Complainant’s employees also continued to receive fraudulent emails sent from the domain name deceptively emulating that of the vendor Sufoo Life, seeking payment on outstanding invoices.

On October 26, 2020, the Respondent registered the Domain Name <sayyweee.com>, this time differing from the Complainant’s domain name by repeating the letter “y”. On October 29, this Domain Name was used for phishing emails sent to the vendor Sufoo Life, purporting to come from three of the Complainant’s employees, in the same pattern as the ones sent from the Domain Name <saywweee.com>.

5. Parties’ Contentions

A. Complainant

The Complainant asserts that both Domain Names are confusingly similar to its registered WEEE trademark and claims common law rights in WEEE and SAYWEEE.COM marks.

The Complainant observes that the Domain Names have not been used for any legitimate website or other purpose other than fraudulent emails.

The Complainant argues that the Respondent registered and used the Domain Names in bad faith, as evidenced by the fact that the Respondent employed the Domain Names “in connection with an ongoing elaborate fraud scheme that used fraudulent emails to obtain the Complainant and Vendor’s pending invoice and bank account information, and subsequently used such information to trick the Complainant into making payments to the Respondent.” The Complainant also contends that providing false registration information is evidence of bad faith, and that “the Respondent’s registration of more than one WEEE and SAYWEEE formative domain names is further evidence of Respondent’s pattern of bad faith conduct.”

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

Paragraph 4(a) of the Policy provides that in order to divest a respondent of a domain name, a complainant must demonstrate each of the following:

(i) the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

(ii) the respondent has no rights or legitimate interests in respect of the domain name; and

(iii) the domain name has been registered and is being used in bad faith.

Under paragraph 15(a) of the Rules, “[a] Panel shall decide a complaint on the basis of the statements and documents submitted and in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable”.

6.1 Preliminary Matters: Consolidation and Multiple Respondents

The Rules, paragraph 3(c), provide that a “complaint may relate to more than one domain name, provided that the domain names are registered by the same domain-name holder.” Panels have also consolidated proceedings where they found that multiple domain names appeared to be under common control, consolidation would be equitable for all parties, and consolidation would be in the interest of procedural efficiency. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 4.11.2.

As noted above in reviewing the factual background, the registrants for the two Domain Names gave patently false or incomplete names, “090” and “m m”, respectively, with different addresses. The email address given for one registrant is in a domain name, <jealousfrults.com>, that appears to be typosquatted in precisely the same manner, substituting a visually similar “l” for an “I”, as was done in creating the deceptive domain name <sufoollfe.com> to imitate the Complainant’s vendor Sufoo Life and its domain name <sufoolife.com>. The Panel does not consider it likely to be a pure coincidence that both of those deceptive domain names, <jealousfrults.com> and <sufoolife.com>, were registered on the same day, September 9, 2020, with the same registrar. That was the same day on which <sufoolife.com> was first used to send fraudulent emails to the Complainant, inducing the Complainant to send money to a bank account controlled by an unknown person.

The first Domain Name was used in September and October 2020 in multiple attempts to phish invoice and bank details from one of the Complainant’s vendors and to use that information as part of a scheme to induce the Complainant to make payments to a bank account controlled by another person. The evidence indicates that the second Domain Name was used in October 2020 as part of the same scheme, using the same language and methods, the same employee’s names in almost all cases, and the same vendor, Sufoo Life.

The Panel finds that (a) the Domain Names are likely under common control, (b) consolidation would be equitable to all parties, and (c) consolidation is in the interest of procedural efficiency. The registrants identified by the Registrars only as “090” and “m m” will be referred to hereafter as the “Respondent”.

A. Identical or Confusingly Similar

The first element of a UDRP complaint “functions primarily as a standing requirement” and entails “a straightforward comparison between the complainant’s trademark and the domain name”. See WIPO Overview 3.0, section 1.7.

The Complainant holds a registered WEEE trademark and claims common law WEEE and SAYWEEE.COM marks. The Complainant has claimed to be in operation under the latter since June 2015 but has not otherwise furnished evidence of acquired distinctiveness to establish common law protection for SAYWEE.COM as a mark, such as “(i) the duration and nature of use of the mark, (ii) the amount of sales under the mark, (iii) the nature and extent of advertising using the mark, (iv) the degree of actual public (e.g., consumer, industry, media) recognition, and (v) consumer surveys.” See WIPO Overview 3.0, section 1.3. “Sayweee” is in the Complainant’s domain name string but does not feature currently on its website.

Nevertheless, the distinctive WEEE trademark is registered and is incorporated in its entirety in both Domain Names. The addition of the dictionary word “say” and an additional letter “w” or “y” does not prevent a finding of confusing similarity. See id. sections 1.8, 1.9. As usual, the generic Top-Level Domain (“gTLD”) “.com” is disregarded as a standard registration requirement. See id. section 1.11.2.

The Panel concludes that the first Policy element is established on these facts.

B. Rights or Legitimate Interests

Paragraph 4(c) of the Policy gives non-exclusive examples of instances in which the respondent may establish rights or legitimate interests in the domain name, by demonstrating any of the following:

(i) before any notice to it of the dispute, the respondent’s use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or

(ii) that the respondent has been commonly known by the domain name, even if it has acquired no trademark or service mark rights; or

(iii) the respondent is making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.

Because a respondent in a UDRP proceeding is in the best position to assert rights or legitimate interests in a domain name, it is well established that after a complainant makes a prima facie case, the burden of production on this element shifts to the respondent to come forward with relevant evidence of its rights or legitimate interests in the domain name. See WIPO Overview 3.0, section 2.1. The Complainant in this proceeding has demonstrated trademark rights, the lack of permission to use its mark, and the Respondent’s use of the Domain Names only for fraudulent or phishing emails. This suggests trademark abuse, not evidence of a bona fide commercial activity, so the burden shifts to the Respondent to produce evidence of rights or legitimate interests. The Respondent has not done so.

The Panel concludes, therefore, that the Complainants prevails on the second element of the Policy.

C. Registered and Used in Bad Faith

The Policy, paragraph 4(b), furnishes a non-exhaustive list of circumstances that “shall be evidence of the registration and use of a domain name in bad faith”. The list is not meant to be exclusive, and UDRP panels have often had occasion to find bad faith in the context of other instance of abuse or illicit activity.

“Panels have held that the use of a domain name for purposes other than to host a website may constitute bad faith. Such purposes include sending email, phishing, identity theft, or malware distribution. (In some such cases, the respondent may host a copycat version of the complainant’s website.) Many such cases involve the respondent’s use of the domain name to send deceptive emails, e.g., to obtain sensitive or confidential personal information from prospective job applicants, or to solicit payment of fraudulent invoices by the complainant’s actual or prospective customers.” (WIPO Overview 3.0, section 3.4.)

Such is the case here. The Respondent was clearly aware of the Complainant and targeted it. The Respondent used each Domain Name within days of its registration for phishing emails as part of a well-prepared (and partly successful) scheme to defraud the Complainant and one of its suppliers, as detailed above, by seeking details about invoices and bank accounts and then misdirecting payments to the Complainant’s supplier. The Respondent obscured its identity in the registration of two deceptive Domain Names and promptly used them in a fraud scheme that it had launched a few days prior to the registration of the first Domain Name. This must certainly be considered bad faith in the registration and use of the Domain Names.

The Panel concludes that the Complainant has established the third element of the Complaint, bad faith.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Names, <saywweee.com> and <sayyweee.com>, be transferred to the Complainant.

W. Scott Blackmer
Sole Panelist
Date: May 20, 2021