WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

KPMG International Cooperative v. Eze Lavezzi

Case No. D2021-3166

1. The Parties

The Complainant is KPMG International Cooperative, Netherlands, represented by Taylor Wessing, United Kingdom.

The Respondent is Eze Lavezzi, United Kingdom.

2. The Domain Name and Registrar

The disputed domain name <kpmg-auditor.com> is registered with PDR Ltd. d/b/a PublicDomainRegistry.com (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on September 24, 2021. On September 27, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On September 28, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on October 6, 2021 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on October 7, 2021.

The Center verified that the Complaint, together with the amended Complaint, satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on October 13, 2021. In accordance with the Rules, paragraph 5, the due date for Response was November 2, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on December 6, 2021.

The Center appointed James Bridgeman as the sole panelist in this matter on December 10, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant is the owner of the KPMG service mark which it licenses to a worldwide network of independent firms which provide audit, tax and advisory services. The Complainant owns over 480 trademark registrations containing the name KPMG throughout the world, which include

- United States of America registered trademark KPMG, registration number 2339547, registered on the Principal Register on April 11, 2000 for services in international classes 9, 16, 35, 36, 41 and 42;
- European Union Trade Mark registration KPMG, registration number 1011220, registered on April 25, 2000 for services in classes 9, 16, 35, 36, 41, and 42;
- European Union Trade Mark registration KPMG (figurative), registration number 1179662, registered on June 27, 20 for services in classes 9, 16, 35, 36, 41 and 42.

The Complainant and its network have an established Internet presence with a global website at the URL ”https://home.kpmg/uk/en/home.html”.

The disputed domain name was registered on June 18, 2021 and does not resolve to any active website but has been used to establish an email account which has been used to send misleading emails, impersonating the Complainant to a third party businessperson.

There is no information available about the Respondent, who has availed of a privacy service to conceal his identity on the published WhoIs, except for that provided in the Complaint, as amended, the Registrar’s WhoIs, and the information provided by the Registrar in response to the request by the Center for details of the registration of the disputed domain name.

5. Parties’ Contentions

A. Complainant

The Complainant claims rights in the KPMG mark established by its ownership of the abovementioned portfolio of service mark registrations and extensive use of the mark by its licensee under license since 1987. The members of its network now operate in approximately 147 countries, with more than 219,000 employees worldwide, with a combined revenue of USD 28.96 billion in 2018.

The Complainant has adduced evidence that it has been ranked consistently for many years as one of the “Big Four” professional services firms, together with Deloitte, Ernst & Young (EY) and PricewaterhouseCoopers (PwC).

The Complainant submits that the disputed domain name is confusingly similar to the KPMG mark in which it has rights, arguing that the disputed domain name contains the KPMG mark in its entirety, in combination with the term “auditor”.

The Complainant argues that the KPMG mark is the dominant and principal component of the disputed domain name is identical to the distinctive and famous KPMG trademark, which in combination with the descriptive term “auditor” conveys the meaning that the disputed domain name relates to the financial services offered by the Complainant, a company within its corporate group, or an economic undertaking connected with the Complainant.

Additionally, the Complainant argues that the elements “auditor” and KPMG are regularly used together to describe the company’s global auditing operations, for example in the Global Review, a copy of which is exhibited an annex to the Complaint.

The Complainant alleges that the Respondent has no rights or legitimate interests in the disputed domain name arguing that the disputed domain name was registered on June 18, 2021, many years after the establishment of the Complainant’s well-known KPMG mark.

The disputed domain name does not resolve to a valid website; a screen capture of the inactive screen generated by the disputed domain name is exhibited in an annex to the Complaint.

The Complainant refers to copy emails annexed to the Complaint, which have been redacted for confidentiality and data protection purposes and submits that it has come to its attention that the Respondent has used the disputed domain name on at least one occasion in an unlawful, fraudulent email scam.

The copy emails show that on August 25, 2021, a businessperson in El Salvador received a fraudulent email from “[employees name] – KPMG”, using the email address [employeename]@kpmg-auditor.com and impersonating a Complainant’s employee.

The Panel does not disclose the name of the employee in this Decision, but notes that the full name and details of the employee, who is a partner in the Complainant’s organization, are provided in the Complaint.

The email provided bank details “to proceed with the transfer of 982,765.00 USD”. On August 26, 2021, the businessperson received another email purporting to come from the Complainant’s employee, asking “when do you think you will have the Swift vouchers ready for today’s payment”. On August 27, 2021, the person purporting to be the Complainant’s employee asked the businessperson to make a payment of USD 1,974,164.000 in four instalments and asked for confirmation of whether the businessman was going to make “all the payments today and thus not have a delay, or if you are only going to make the first payment that I mention”.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

Paragraph 4(a) of the Policy requires the Complainant to establish that:

(i) the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and
(ii) the Respondent has no rights or legitimate interests in respect of the disputed domain name; and
(iii) the disputed domain name has been registered and is being used in bad faith.

A. Identical or Confusingly Similar

The Complainant has provided convincing evidence of its rights in the KPMG mark established by its ownership of the abovementioned portfolio of service mark registrations described above and the evidence also shows that the KPMG mark has an extensive international reputation and goodwill which has been established by its use by the Complainant and its network of licensees since 1987. Together the members of the network had a combined revenue of USD 28.96 billion in 2018.

The disputed domain name <kpmg-auditor.com> consists of the Complainant’s distinctive trademark, a hyphen and the word “auditor” followed by the generic Top-Level Domain extension <.com>.

The Complainant’s KPMG mark is the initial, dominant and only distinctive element of the disputed domain name. Neither the hyphen nor the term “auditor” add any distinguishing character to the disputed domain name and in the context of the present Complaint the gTLD <.com> extension may be ignored for the purposes of considering whether the disputed domain name is confusingly similar to the disputed domain name, as it would be considered by Internet users to be a necessary technical element for a domain name.

This Panel finds therefore that on the balance of probabilities the disputed domain name is confusingly similar to the KPMG mark in which the Complainant has rights and the Complainant has therefore satisfied the first element of the test in paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests

The Complainant has made out an uncontested prima facie case that the Respondent has no rights or legitimate interests in the disputed domain name arguing that

- the WhoIs shows that the disputed domain name was registered on June 18, 2021, many years after the establishment of the Complainant’s well-known KPMG mark in 1897;
- the disputed domain name does not resolve to a valid website, as shown by the screen capture which is exhibited in an annex to the Complaint;
- it was brought to the attention of the Complainant that in more than one occasion, the Respondent has used the disputed domain name as an email address in an attempt to perpetrate an unlawful, fraudulent email scam purporting to impersonate and misrepresent himself as a senior executive in the Complainant’s organization, as shown by the copy redacted email correspondence adduced in an annex to the Complaint. The email chain shows that the disputed domain name was used as an email address in making a fraudulent request to a businessperson for payment of USD 1,974,164;
- the Complainant asserts that it has no connection with the Respondent, the disputed domain name or the email address that purported to be used by its partner.
- the Respondent is using the disputed domain name and the name of the Complainant opportunistically to make targeted, fraudulent requests and elicit the transfer of funds from at least one third-party;
- there is no credible evidence of the Respondent’s use of, or demonstrable preparations to use, the disputed domain name or a name corresponding to the disputed domain name in connection with a bona fide offering of goods or services – or no credible legitimate basis on which the Respondent could use the disputed domain name for bona fide purposes;
- there is no credible evidence that the Respondent has been – or no credible legitimate basis on which the Respondent could be – commonly known by the disputed domain name; and
- there is no credible evidence that – or no credible legitimate basis on which – the Respondent is, or could be, making any legitimate non-commercial or fair use of the disputed domain name, especially since the disputed domain name is not actively used by the Respondent.

It is well established that when a complainant makes out a prima facie case that a respondent has no rights or legitimate interests in a domain name in issue, the burden of production shifts to the respondent to establish such rights or interests.

The Respondent has failed to discharge the burden of production and therefore this Panel must find that the Complainant has established that the Respondent has no rights or legitimate interests in the disputed domain name.

The Complainant has therefore succeeded in the second element of the test in paragraph 4(a)(ii) of the Policy.

C. Registered and Used in Bad Faith

It is more than improbable that the registrant chose and registered the disputed domain name,that is composed primarily of the combination of the Complainant’s KPMG mark and the term “auditor”, without prior knowledge of the Complainant, its mark and its international network of accounting and auditing firms.

KPMG is a distinctive, coined word, with no obvious meaning other than as the Complainant’s trademark and the element “auditor” is descriptive of the services provided by the Complainant’s network.

This Panel finds therefore that on the balance of probabilities the disputed domain name was chosen and registered in bad faith, with the Complainant’s mark in mind, with the intention of creating the impression that there is an association between the disputed domain name and the KPMG network and trademark.

There is credible, uncontested evidence adduced by the Complainant to show that the disputed domain name was used as an email address in an attempt to carry out a phishing scam on August 25 and 26, by making a fraudulent request to a business person to transfer USD 1,974,164.

The email correspondence is redacted but shows that the emails sent to the third party business person, was configured in the form “[employeename]@kpmg-auditor.com”. (name supplied in the Complaint.

This Panel finds therefore that the disputed domain name is being used in bad faith as an email address in a purported attempt to impersonate an employee of the Complainant and to mislead a third party.

As the Complainant has proven on the balance of probabilities that the disputed domain name was registered and is being used in bad faith, the Complainant has succeeded in the third and final element of the test in paragraph 4(a)(iii) of the Policy and is entitled to the relief requested in the Complaint.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <kpmg-auditor.com> be transferred to the Complainant.

James Bridgeman
Sole Panelist
Date: December 16, 2021