About Intellectual Property IP Training IP Outreach IP for… IP and... IP in... Patent & Technology Information Trademark Information Industrial Design Information Geographical Indication Information Plant Variety Information (UPOV) IP Laws, Treaties & Judgements IP Resources IP Reports Patent Protection Trademark Protection Industrial Design Protection Geographical Indication Protection Plant Variety Protection (UPOV) IP Dispute Resolution IP Office Business Solutions Paying for IP Services Negotiation & Decision-Making Development Cooperation Innovation Support Public-Private Partnerships The Organization Working with WIPO Accountability Patents Trademarks Industrial Designs Geographical Indications Copyright Trade Secrets WIPO Academy Workshops & Seminars World IP Day WIPO Magazine Raising Awareness Case Studies & Success Stories IP News WIPO Awards Business Universities Indigenous Peoples Judiciaries Genetic Resources, Traditional Knowledge and Traditional Cultural Expressions Economics Gender Equality Global Health Climate Change Competition Policy Sustainable Development Goals Enforcement Frontier Technologies Mobile Applications Sports Tourism PATENTSCOPE Patent Analytics International Patent Classification ARDI – Research for Innovation ASPI – Specialized Patent Information Global Brand Database Madrid Monitor Article 6ter Express Database Nice Classification Vienna Classification Global Design Database International Designs Bulletin Hague Express Database Locarno Classification Lisbon Express Database Global Brand Database for GIs PLUTO Plant Variety Database GENIE Database WIPO-Administered Treaties WIPO Lex - IP Laws, Treaties & Judgments WIPO Standards IP Statistics WIPO Pearl (Terminology) WIPO Publications Country IP Profiles WIPO Knowledge Center WIPO Technology Trends Global Innovation Index World Intellectual Property Report PCT – The International Patent System ePCT Budapest – The International Microorganism Deposit System Madrid – The International Trademark System eMadrid Article 6ter (armorial bearings, flags, state emblems) Hague – The International Design System eHague Lisbon – The International System of Appellations of Origin and Geographical Indications eLisbon UPOV PRISMA Mediation Arbitration Expert Determination Domain Name Disputes Centralized Access to Search and Examination (CASE) Digital Access Service (DAS) WIPO Pay Current Account at WIPO WIPO Assemblies Standing Committees Calendar of Meetings WIPO Official Documents Development Agenda Technical Assistance IP Training Institutions COVID-19 Support National IP Strategies Policy & Legislative Advice Cooperation Hub Technology and Innovation Support Centers (TISC) Technology Transfer Inventor Assistance Program WIPO GREEN WIPO's Pat-INFORMED Accessible Books Consortium WIPO for Creators WIPO ALERT Member States Observers Director General Activities by Unit External Offices Job Vacancies Procurement Results & Budget Financial Reporting Oversight

WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

MultiPlan, Inc. v. WhoisGuard Protected, WhoisGuard, Inc. / Lilly Walton

Case No. D2021-1123

1. The Parties

The Complainant is MultiPlan, Inc., United States of America (“United States”), represented by Orrick, Herrington & Sutcliffe, LLP, United States.

The Respondent is WhoisGuard Protected, WhoisGuard, Inc., Panama / Lilly Walton, United States.

2. The Domain Name and Registrar

The disputed domain name <multlplan.com> (“Domain Name”) is registered with NameCheap, Inc. (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on April 13, 2021. On April 13, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On April 13, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on April 16, 2021 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on April 21, 2021.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on April 27, 2021. In accordance with the Rules, paragraph 5, the due date for Response was May 17, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on June 22, 2021.

The Center appointed Ellen B. Shankman as the sole panelist in this matter on July 12, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The date of the Domain Name registration is February 10, 2021.

The Complainant claims longstanding common law rights used in commerce in the healthcare industry at least as early as May 1991, and provided evidence of multiple trademark registrations for the MULTIPLAN mark, including, inter alia: United States Reg. No. 1,839,584 issued on June 14, 1994 in International Class 35 and for a MULTIPLAN stylized mark United States Reg. No. 5,329,431 issued on November 7, 2017.

The Panel also conducted an independent search to determine that the Domain Name currently resolves to an inactive “error” page.

The Complainant provided evidence that the Domain Name has been used to support and send targeted emails seeking payment of money under an apparent phishing attempt using names of actual employees of the Complainant. In light of potential identity theft, the Panel has omitted the names of the employees of the Complainant presented in the evidence provided by the Complainant of the targeted phishing activity by the Respondent.

5. Parties’ Contentions

A. Complainant

The Complaint contends that the Complainant is in the business of pioneering innovative solutions for healthcare payers. Its roots trace back to 1980, when MultiPlan originated as a New York hospital network. Forty years later, the Complainant has grown and innovated, and now offers the most comprehensive portfolio of cost management solutions in the healthcare industry, and serves 700 clients through which its services reach 60 million consumers.

The Complainant has, since at least as early as 1991, used the trademark MULTIPLAN in connection with its innovative healthcare payment services. The Complainant registered the domain name <multiplan.com> on October 10, 1995. Typing “www.multiplan.com” into the address bar redirects to “www.multiplan.us”, relating to a domain name which the Complainant registered on February 12, 2020 and currently serves as the homepage for the Complainant’s website. The Complainant uses this website for the advertisement, promotion, and rendering of its services to customers.

The Complaint claims that preying on the Complainant’s well-known reputation in the healthcare field, the Respondent launched a phishing attack on MultiPlan’s clients, seeking sensitive payment information through spoofed email accounts utilizing names of actual account managers and other employees of the Complainant and seeking an ACH transfer of funds. ACH, short for automated clearing house, is a “computer-based electronic network for processing transactions”. A person seeking to make an ACH transfer needs the following information: name, routing number, and account number. Thus, in seeking an update regarding ACH information, the sender was requesting that the recipient provide this highly sensitive account information. Instead, the targeted recipient received a notification from his email account’s scam prevention tool that alerted him to the potential risk. Thereafter, the recipient to the phishing attempt informed the Complainant’s account manager that the scammer replaced the “i” in “@multiplan.com” – the relating to the Complainant’s domain name – with an “l” in connection with email addresses similar to those operated by the Complainant’s employees. The account manager subsequently escalated the issue internally, where it was determined that the scammer had registered the Domain Name only weeks before and used it in an attempt to scam the Complainant’s customers.

The Complaint claims that by nature, the healthcare industry involves the sharing of considerable sensitive information: personal identifying information, insurance information, and payment information. Accordingly, the industry is ripe with nefarious actors looking to scam unsuspecting individuals.

The Complainant’s reputation, goodwill, and dedication to protecting its clients from such scamming attempts is being usurped by the Respondent who registered a domain name that is confusingly similar to the MULTIPLAN mark, does not have any rights or legitimate interest in the Domain Name, and who in bad faith is using the Domain Name and the Complainant’s reputation to scam the Complainant’s customers.

The only difference between the Domain Name and the MULTIPLAN mark, is that the “i” in “multi” has been replaced with an “l”—a capital “I” very closely resembles a lowercase “l,” indeed they are virtually identical. The substitution of a single letter not only fails to distinguish the disputed domain from the Complainant’s trademarks and registered domain names, but demonstrates that the Respondent was actually targeting the Complainant’s mark in registering the Domain Name with its typosquatting.

The Respondent is not in any way associated with the Complainant and has never received any authorization to use the MULTIPLAN mark. In choosing a confusingly similar Domain Name, the Respondent’s intention to confuse the Complainant’s customers precludes a finding that the Respondent is engaged in the bona fide offering of goods or services. The Respondent has no reason to use the Domain Name except to divert Internet users who mistakenly type “multlplan”. The practice of diverting users to another site prevents the users from realizing that they have made a typographical error. The Complainant also provided evidence that at one time the Domain Name resolved to a pay-per-click (“PPC”) site, diverting Internet users to the Respondent’s website for commercial gain, which also is evidence of bad faith. Moreover, the practice of typosquatting may itself be per se evidence of bad faith registration.

The Complaint argues that the Respondent’s bad faith is further demonstrated when considering exactly what the Respondent has done with the Domain Name. Within several weeks of registering the Domain Name, the Respondent utilized spoofed email accounts to pose as the Complainant and target the Complainant’s clients. This shows that the Respondent was aware of the Complainant and its mark at the time of registration. In order for the Respondent to have perpetrated the phishing scheme, it would have had to know the name of two of the Complainant’s employees, a client of the Complainant, a contact at the client, and the type of ACH information that the Complainant would commonly seek from its customers. To have this information, the Respondent undoubtedly would have been aware of the MULTIPLAN mark at the time of registration. Not only was the Respondent aware of the Complainant, but it specifically used its knowledge to target the Complainant’s clients to seek sensitive information needed to facilitate fraudulent wire transfers.

To summarize the Complaint, the Complainant is the owner of registrations for the trademark MULTIPLAN, in respect of healthcare services. The Domain Name is confusingly similar to the trademark owned by the Complainant. By registering the Domain Name that comprises the Complainant’s trademark by replacing the letter “i” in the Complainant’s mark with the letter “l” (which in many fonts is an identical or nearly-identical homoglyph, particularly when capitalized), and the addition of the “.com” generic Top‑Level Domain (“gTLD”), the Respondent has created a domain name that is confusingly similar to the Complainant’s trademark. The addition of these does not prevent a finding of confusing similarity. Therefore, the Domain Name could be considered virtually identical and/or confusingly similar to the Complainant’s trademark. The Complainant contends that the Respondent has no rights or legitimate interests in respect of the Domain Name. The Respondent has used the Domain Name to conduct a targeted phishing scheme which is evidence of opportunistic bad faith. The Domain Name was registered and is being used in bad faith. Thus, the Respondent’s registration and use of the Domain Name constitutes bad faith registration and use under the Policy, and the Complainant requests transfer of the Domain Name.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

The burden for the Complainant under paragraph 4(a) of the Policy is to prove:

(i) that the Domain Name registered by the Respondent is identical or confusingly similar to a trademark or service mark in which the Complainant has rights;

(ii) that the Respondent has no rights or legitimate interests in respect of the Domain Name; and

(iii) that the Domain Name has been registered and used in bad faith

The Complainant must prove in this administrative proceeding that each of the aforementioned three elements is present in order to obtain the transfer of the Domain Name.

In accordance with paragraph 14(a) of the Rules, if the Respondent does not submit a Response, in the absence of exceptional circumstances, the Panel shall decide the dispute based upon the Complaint. Since the Respondent did not respond to this Complaint, the facts regarding the use and reputation of the Complainant’s mark are taken from the Complaint and are generally accepted as true in the circumstances of this case.

A. Identical or Confusingly Similar

The Panel finds that the Complainant has satisfactorily proven that it has registered trademark rights for MULITPLAN.

Further, the Panel finds that the Domain Name consists of a common, obvious, or intentional misspelling of the Complainant’s mark and so the Domain Name is confusingly similar to the Complainant’s trademark for the purposes of the first element. In this regard, the Panel finds that the replacement the letter “i” in the Complainant’s mark with the letter “l”, a nearly-identical homoglyph to the Domain Name does not prevent a finding of confusing similarity between the Domain Name and the Complainant’s trademark as it remains recognizable in the Domain Name. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 1.9. See, e.g., Halliburton Energy Servs., Inc. v. Registration Private, Domains by Proxy, LLC / Name Redacted, WIPO Case No. D2015-2094 (“The Disputed Domain Name contains the entirety of Complainant’s mark and simply changes the letter ‘b’ to ‘d.’ [T]his changing does not dispel the confusing similarity of the Disputed Domain Name to Complainant’s mark”).

Accordingly, the Panel finds that the Complainant has satisfied the first requirement that the Domain Name is identical or confusingly similar to the Complainant’s registered trademark, under paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests

Paragraph 4(c) of the Policy in turn identifies three means through which a respondent may establish rights or legitimate interests in a domain name. Although the complainant bears the ultimate burden of establishing all three elements of paragraph 4(a) of the Policy, UDRP panels have recognized that this could result in the often-impossible task of proving a negative, requiring information that is primarily, if not exclusively, within the knowledge of the respondent. Thus, the consensus view is that the burden of production shifts to the respondent to come forward with evidence of rights or legitimate interests in the disputed domain name, once the complainant has made a prima facie showing. See, e.g., Document Technologies, Inc. v. International Electronic Communications Inc., WIPO Case No. D2000-0270.

The Complainant asserts that the Respondent has no rights or legitimate interests in respect of the Domain Name and that it is not related to or affiliated in any way with the Complainant, nor has the Complainant authorized the Respondent to use its trademarks. The Respondent is not known by the Domain Name, does not have permission to use the Complainant’s mark, and is not using the Domain Name for a bona fide offering of goods or services nor making a legitimate noncommercial or fair use of the Domain Name. The Respondent has also used the Domain Name to support a phishing scheme, almost certainly for the Respondent’s commercial gain, which is not a legitimate noncommercial purpose.

The Panel agrees and finds no rights or legitimate interests by the Respondent in the Domain Name. The Panel’s finding is consistent with other UDRP panels that have categorically held that the use of a domain name for illegal activity (e.g., phishing, distributing malware, unauthorized account access/hacking, impersonation/passing off, or other types of fraud) can never confer rights or legitimate interests on a respondent. See, e.g., WIPO Overview 3.0, section 2.13.1 (“Panels have categorically held that the use of a domain name for illegal activity (e.g., the sale of counterfeit goods or illegal pharmaceuticals, phishing, distributing malware, unauthorized account access/hacking, impersonation/passing off, or other types of fraud) can never confer rights or legitimate interests on a respondent.”); see also, e.g., Wikimedia Foundation, Inc. v. Nanci Nette, Name Management Group, WIPO Case No. D2018-0717.

Based on the available record, the Panel finds that the Complainant has established a prima facie case, which was not refuted, and that the Respondent lacks rights or legitimate interests in the Domain Name.

Therefore, the Complainant has satisfied the second requirement that the Respondent has no rights or legitimate interests in the Domain Name, under paragraph 4(a)(ii) of the Policy.

C. Registered and Used in Bad Faith

The Panel is convinced that the Respondent knew about the Complainant in choosing the Domain Name. See Inter IKEA Systems B.V. v. Targetclix / Anh Vo, WIPO Case No. D2011-1087 (“It is not conceivable that Respondent would not have had actual notice of Complainant’s trademark rights at the time of the registration of the Domain Names [….] [Therefore] the Domain Names are not one that one could legitimately adopt other than for the purpose of creating an impression of an association with Complainant.”).

The Panel is persuaded that the Respondent has demonstrated a knowledge of and familiarity with the Complainant’s brand. In light of the facts set forth within this Complaint, the Panel finds that it is “not possible to conceive of a plausible situation in which the Respondent would have been unaware of” the Complainant’s brand at the time the Domain Name was registered. See Telstra Corp. Ltd. v. Nuclear Marshmallows, WIPO Case No. D2000-0003.

The Panel agrees with the Complainant’s contention that indeed, the Respondent’s purpose in registering the Domain Name was probably to capitalize on the reputation of the Complainant’s trademark and opportunistic to support illegitimate purposes. See Hoffmann-La Roche Inc. v. Doroven, WIPO Case No. D2010-1196.

A respondent’s use of a complainant’s mark – for said respondent’s commercial benefit – to attract Internet users otherwise seeking said complainant evinces a finding of bad faith is also consistent with the Policy, paragraph 4(b)(iv). See WIPO Overview 3.0, section 3.1.4 (“Panels have moreover found the following types of evidence to support a finding that a respondent has registered a domain name to attract, for commercial gain, Internet users to its website by creating a likelihood of confusion with the complainant’s mark: (i) actual confusion, (ii) seeking to cause confusion (including by technical means beyond the domain name itself) for the respondent’s commercial benefit, even if unsuccessful, (iii) the lack of a respondent’s own rights to or legitimate interests in a domain name, (iv) redirecting the domain name to a different respondent-owned website, even where such website contains a disclaimer, (v) redirecting the domain name to the complainant’s (or a competitor’s) website, and (vi) absence of any conceivable good faith use.”). The present circumstances, including the lack of the Respondent’s own rights or legitimate interests and the absence of any conceivable good faith use, support the Panel’s finding that the Respondent registered and is using the Domain Name in bad faith.

The Panel is persuaded that the Respondent deliberately registered the Domain Name to create a misleading and fraudulent impression of association and confusion with the Complainant and intended opportunistically to benefit on the goodwill of the Complainant‘s trademarks and to profit from consumer confusion, and to obtain sensitive and valuable data in bad faith. Given the distinctiveness of the Complainant’s trademark and reputation, together with the evidence of the email sent imitating the Complainant, the Panel agrees with the Complainant’s claims that the Respondent has registered the Domain Name with full knowledge of the Complainant’s trademark and uses it for the purpose of defrauding people based on the likelihood of confusion and imitation of the Complainant and its brand.

The Panel finds that by switching the letter “i” for the letter “l” the Domain Name was registered in bad faith and with the intention of causing confusion with the word mark and the Complainant’s domain name and in an attempt to divert Internet traffic otherwise rightfully bound for the Complainant. See e.g. LinkedIn Corporation WIPO Case No. D2015-1679 (“[t]he fact that Respondent substituted the letter “l” for the second letter “i” in the Complainant’s to look as though the “l” were a capitalized “i,” as is the case in the corporate and trade name of the Complainant, constitutes further evidence of this bad faith”).

Furthermore, the Panel finds that the emails sent utilizing the Domain Name constitutes a fraudulent phishing scheme, aiming to deceive Internet users to believe they are dealing with the Complainant. See WIPO Case No. D2017-1225, Accor SA v. Domain Admin, C/O ID#10760, Privacy Protection Service INC d/b/a PrivacyProtect.org / Yogesh Bhardwaj. Not only was the Respondent aware of the Complainant, but it specifically used its knowledge to target the Complainant’s clients to seek sensitive ACH information needed to facilitate fraudulent wire transfers

The Panel finds that this is a classic example of the unfortunate abusive and opportunistic registration to create confusion that the UDRP is intended to address, and finds that the Respondent is using the Domain Name opportunistically to benefit financially from the Complainant’s trademark, to make targeted fraudulent requests involving personal data and financial transfers, in bad faith use and registration.

The Respondent, at the time of initial filing of the Complaint, had employed a privacy service to hide its identity, which past Panels have held serves as further evidence of bad faith registration and use. See Dr. Ing. H.C. F. Porsche AG v. Domains by Proxy, Inc., WIPO Case No. D2003-0230. See also WIPO Overview 3.0, section 3.6 (“Panels have also viewed a respondent’s use of a privacy or proxy service which is known to block or intentionally delay disclosure of the identity of the actual underlying registrant as an indication of bad faith.”).

Given the evidence of the Complainant’s prior rights in the trademark, the timing of the registration of the Domain Name with apparent full knowledge of the Complainant, and the use of the Domain Name to support fraudulent emails, the Panel finds that the Complainant has satisfied the third requirement that the Respondent has registered and is using the Domain Names in bad faith, under paragraph 4(a)(iii) of the Policy.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name <multlplan.com> be transferred to the Complainant.

Ellen B. Shankman
Sole Panelist
Date: July 20, 2021

https://www3.wipo.int/contact/en/area.jsp?area=arbitration https://www.wipo.int/pressroom/en/ https://www.wipo.int/tools/en/disclaim.html https://www.wipo.int/en/web/privacy-policy/ https://www.wipo.int/en/web/accessibility/ https://www.wipo.int/tools/en/sitemap.html https://www3.wipo.int/newsletters/en/ https://www.wipo.int/podcasts/en/ https://www.wipo.int/news/en/