Meta Platforms, Inc. v Fakebook, Security

ARBITRATION

AND

ADMINISTRATIVE PANEL DECISION

Meta Platforms, Inc. v. Fakebook, Security

Case No. D2023-0530

1. The Parties

Complainant is Meta Platforms, Inc., United States of America, represented by Tucker Ellis, LLP, United

States of America (“United States”)

Respondent is Fakebook, Security, United States.

2. The Domain Name and Registrar

The disputed domain name <facebooksecurityalert.info> is registered with Google LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on February 3, 2023. amended Complaint on February 9, 2023.

On February 6, 2023, the Center transmitted by email to the Registrar a request for registrar verification in
connection with the disputed domain name. On February 6, 2023, the Registrar transmitted by email to the
Center its verification response disclosing registrant and contact information for the disputed domain name
which differed from the initially named Respondent (Redacted for Privacy, Contact Privacy Inc. Customer
7151571251) and contact information in the Complaint. The Center sent an email communication to
Complainant on February 7, 2023, providing the registrant and contact information disclosed by the
The Center verified that the Complaint together with the amended Complaint satisfied the formal
requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for
Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for
Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on February 10, 2023. In accordance with the Rules, paragraph 5, the due date for Response was March 2, 2023. Respondent did not submit any response. Accordingly, the Center

notified Respondent’s default on March 6, 2023.

page 2

The Center appointed Scott R. Austin as the sole panelist in this matter on March 10, 2023. The Panel finds
that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of

Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The following facts appear from the Complaint (as amended solely to add the Registrar-provided registrant information) and its annexes, which have not been contested by Respondent.

Complainant is the company formerly known as Facebook Inc., which on October 28, 2021, announced its change of name to Meta Platforms, Inc. (“Meta”), which was publicized worldwide. Complainant operates the world-famous Facebook social networking website and mobile application which enable users to create their own personal profiles and connect with each other on their personal computers and mobile devices.

Complainant’s social networking business has more than one billion daily active accounts and over two billion monthly active users from all over the world. Forbes magazine has noted that the Facebook app is the third most downloaded app globally and the seventh most downloaded app in the United States. The Facebook Mark ranked 15th in Interbrand’s current Best Global Brands report.

Complainant has registered and operates numerous domain names incorporating the FACEBOOK Mark in
combination with various generic and country code top-level domain extensions, including
<facebookok.org>, <facebook.net>, and <facebook.com>.

Complainant offers several security features as part of its products, such as login alerts and two-factor authentication. Complainant also owns the domain name <facebook-security.com>, which redirects to “ a webpage on Complainant’s official FACEBOOK Mark website (the “Official

FACEBOOK Mark Website”) where Complainant updates users about how to protect their information both on and off the Facebook social media platform.

Complainant owns the exclusive rights to the Facebook trademarks and service marks (collectively, the
“FACEBOOK Mark”), which it has used since 2004 and has secured ownership of trademark registrations for

the FACEBOOK Mark in many jurisdictions throughout the world, including the following:

On October 4, 2022, Respondent registered the disputed domain name, which currently resolves to an inactive website; attempts to access a website at the disputed domain name generated an error message indicating “This site can’t be reached”. Annexes to the Complaint show that the disputed domain name is listed by credible domain name tracking services as having previously been used in relation to spam, malware, or other illegitimate conduct.

page 3

5. Parties’ Contentions

A. Complainant

Complainant contends that the disputed domain name is identical or confusingly similar to Complainant’s trademark; that Respondent has no rights or legitimate interests in respect of the disputed domain name; and that the disputed domain name was registered and is being used in bad faith.

B. Respondent

Respondent did not reply to Complainant’s contentions.

6. Discussion and Findings

Paragraph 15 of the Rules provides that the Panel is to decide the Complaint on the basis of the statements and documents submitted in accordance with the Policy, the Rules, and any rules and principles of law that it deems applicable.

The onus is on Complainant to make out its case and it is apparent from the terms of the Policy that Complainant must show that all three elements set out in paragraph 4(a) of the Policy have been established before any order can be made to transfer a domain name. As the proceedings are administrative, the standard of proof under the Policy is often expressed as the “balance of the probabilities” or “preponderance of the evidence” standard. Under this standard, an asserting party needs to establish that it is more likely than not that the claimed fact is true. See, WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 4.2.

Thus, for Complainant to succeed it must prove within the meaning of paragraph 4(a) of the Policy and on the balance of probabilities that:

1.        The disputed domain name is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and

2.        Respondent has no rights or legitimate interests in respect of the disputed domain name; and

3.        The disputed domain name has been registered and is being used in bad faith.

The Panel will deal with each of these requirements in turn.

A. Identical or Confusingly Similar

prima facie

Ownership of a nationally registered trademark constitutes evidence that the complainant has the and mobile app products and services dating back to 2004. Complainant has submitted sufficient evidence in the form of electronic copies of active United States and international trademark registration certificates, showing the above referenced trademark registrations for the FACEBOOK Mark in the name of Complainant in either its current or former name. Complainant has, through such valid and subsisting trademark registrations, demonstrated its rights in the FACEBOOK Mark. See Advance Magazine Publishers Inc., Les Publications Conde Nast S.A. v. Voguechen, WIPO Case No. D2014-0657.

requisite rights in a mark for purposes of paragraph 4(a)(i) of the Policy. WIPO Overview 3.0, section 1.2.1.

With Complainant’s rights in the FACEBOOK Mark established, the remaining question under the first element of the Policy is whether the disputed domain name is identical or confusingly similar to Complainant’s FACEBOOK Mark. It is well accepted that the first element functions primarily as a standing requirement and that the threshold test for confusing similarity involves a “reasoned but relatively

page 4

WIPO

straightforward comparison between the complainant’s trademark and the disputed domain name”. the entirety of a trademark, or where at least a dominant feature of the relevant mark is recognizable in the domain name, the domain name will normally be considered confusingly similar to that mark for purposes of UDRP standing”. See id., see also Awesome Kids LLC v. Selavy Comm., WIPO Case No. D2001-0210.

A side by side comparison between the disputed domain name and the FACEBOOK Mark shows the disputed domain name consists of the Mark in its entirety and is identical except for the addition of the trailing terms “security” and “alert” appended to Complainant’s FACEBOOK Mark. Here, as Complainant

contends, the subject domain name plainly misappropriates all the textual components from Complainant’s
FACEBOOK Mark.

Numerous prior UDRP panels have held that the addition of a term to a complainant’s mark fails to prevent a finding of confusing similarity. See, e.g., Facebook, Inc. v. Paulette Collier, WIPO Case No. D2021-3175. The Panel notes the relevance of Respondent’s choice of the terms “security” and “alert” to add to Complainant’s mark to form the disputed domain name given that security is a feature of Complainant’s social networking services, a factor more appropriately considered under the second and third elements of the Policy below.

Finally, the Top-Level Domain (“TLD”) in a domain name (e.g., “.com”, “.club”, “.co”) typically adds no meaning or distinctiveness to a disputed domain name and is viewed as a standard registration requirement; as such it is disregarded under the paragraph 4(a)(i) analysis. Accordingly, the TLD of the disputed domain name here, “.info”, does not avoid a finding of confusing similarity. See, WIPO Overview 3.0, section 1.11; see also Research in Motion Limited v Thamer Ahmed Alfarshooti, WIPO Case No. D2012-1146.

In light of the above, the Panel finds the disputed domain name confusingly similar to the FACEBOOK Mark
in which Complainant possesses rights and Complainant has thus satisfied its burden under paragraph

4(a)(i) of the Policy.

B. Rights or Legitimate Interests

Under the second element of the Policy, the complainant has to make out a prima facie case that the
respondent does not have rights to or legitimate interests in the disputed domain name, upon which the
burden of production on this element shifts to the respondent to come forward with relevant evidence
demonstrating rights to or legitimate interests in the dispute domain name. If the respondent fails to come
forward with such evidence, a complainant is deemed to have satisfied the second element. WIPO
Overview 3.0, section 2.1. See also The American Automobile Association, Inc. v. Privacy--Protect.org et al.,
WIPO Case No. D2011-2069.

Paragraph 4(a)(ii) of the Policy also directs an examination of the facts to determine whether a respondent has rights or legitimate interests in a domain name. Paragraph 4(c) lists a number of ways in which a respondent may demonstrate that it does have such rights or interests.

The first example, under paragraph 4(c)(i), is where “before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services”.

Here, the annex to the Complaint shows Respondent is passively holding the disputed domain name as entering the subject domain name into a web browser generates an error message indicating that the site cannot be reached. Prior UDRP panels have held that use of a disputed domain name to resolve to a blank or inactive web page does not represent a bona fide use of the disputed domain name. See Microsoft Corporation v. Charilaos Chrisochoou, WIPO Case No. D2004-0186; WIPO Overview 3.0, section 2.9.

In addition, the evidence submitted here shows the disputed domain name has been flagged by several security vendors as malicious. Prior panels have held that such evidence supports a finding that a

page 5

respondent is not making a bona fide offering of goods or services. See, e.g., The Commissioners for HM
Revenue and Customs v. WhoisGuard Protected, WhoisGuard, Inc. / Hoshyar Marshall, WIPO Case No.
D2021-0344; see also The Nature’s Bounty Co. v. Matthew Pynhas, Matthew Pynhas, WIPO Case No.
D2017-0736.

Based on the foregoing decisions, this Panel finds the disputed domain name, flagged as malicious by multiple credible security vendors, is not being used in connection with a bona fide offering of goods or services under the factors specified by paragraph 4(c)(i) of the Policy.

The second example, under paragraph 4(c)(ii), is a scenario in which a respondent is commonly known by the domain name. Complainant states that it has not given permission to Respondent to use the FACEBOOK Mark. Complainant also shows that Respondent is not commonly known by the disputed domain name because the original Respondent listed in the WhoIs record submitted with the initial Complaint displayed “Redacted for Privacy, Contact Privacy Inc. Customer 7151571251” of Canada. The Registrar identified the underlying registrant in its verification process, “Fakebook, Security” of the United States, who has been substituted via the amended Complaint as Respondent in lieu of the initial Respondent. The Respondent’s intentional misspelling of Complainant’s name in this manner further evinces Respondent’s intent to impersonate and falsely associate its activities with Complainant. Thus, there is no evidence in this case to suggest that Respondent is commonly known by the disputed domain name, that it is licensed or otherwise authorized to use Complainant’s trademark, or that it has acquired any trademark rights relevant thereto. As such, the Panel finds this sub-section of the Policy is of no help to Respondent and the facts presented here support a lack of rights and legitimate interests in the disputed domain name. See Expedia, Inc. v. Dot Liban, Hanna El Hinn, WIPO Case No. D2002-0433.

Complainant has met its initial burden as it is generally regarded as prima facie evidence of no rights or legitimate interests if a complainant shows that the disputed domain name is identical or confusingly similar to Complainant’s trademark, that Respondent is not commonly known by the disputed domain name, and that Complainant has not authorized Respondent to use its mark (or an expression which is confusingly similar to its mark), whether in the disputed domain name or otherwise. See, Roust Trading Limited v. AMG LLC, WIPO Case No. D2007-1857; see also Abbott Laboratories v. Li Jian Fu, Li Jian Fu, WIPO Case No. D2016-0501.

Commissioners for HM Revenue and Customs, supra; see also Bloomberg Finance, L.P. v. Huang Wei, WIPO Case No. D2015-1378.

As to the third and final example under paragraph 4(c)(iii) of the Policy, the Panel finds there is no evidence nor any plausible fair use to which the disputed domain name may be put under the circumstances of this proceeding. Even worse, multiple credible security vendors have flagged the disputed domain name as malicious. See
here that Respondent is making a legitimate noncommercial or fair use of the disputed domain name,
without intent for commercial gain to misleadingly divert consumers or to tarnish Complainant’s trademark.

In light of the above, and with no Response or other submission in this case to rebut Complainant’s assertions and evidence, the Panel finds that the facts of this case demonstrate that Respondent has no rights or legitimate interests in the disputed domain name. Complainant has successfully met its burden under paragraph 4(a)(ii) of the Policy.

C. Registered and Used in Bad Faith

Finally, Complainant must prove, by a preponderance of the evidence, that the disputed domain name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy. See, e.g., Hallmark Licensing, LLC v. EWebMall, Inc., WIPO Case No. D2015-2202. Paragraph 4(b) of the Policy sets out a

non-exhaustive list of circumstances that point to bad faith conduct on the part of a respondent. The panel may, however, consider the totality of the circumstances when analyzing bad faith under Policy, paragraph 4(a)(iii) and may make a finding of bad faith that is not limited to the enumerated factors in Policy, paragraph
4(b). See Do The Hustle, LLC v. Tropic Web, WIPO Case No. D2000-0624.

page 6

First, as noted in 6B above, Respondent is passively holding the disputed domain name based on the browser error it generates, representing either non-use or linking, but the disputed domain name also has been credibly identified by security specialists as a source of phishing, malware, and similar illegitimate conduct. Prior UDRP panels have found that use of a domain name that is confusingly similar to a complainant’s mark for malicious purposes while linked to an inactive website constitutes use in bad faith under paragraph 4(b)(iv) of the Policy. See Commissioners for HM Revenue and Customs, supra; WIPO Overview 3.0, Section 3.3.

Bad faith use seems especially appropriate given the totality of facts here. Assuming Respondent is the same registrant who registered the disputed domain name in 2022, approximately 18 years after Complainant began using its mark, Respondent has concealed its identity, failed to submit a response or to provide any evidence of actual or contemplated good-faith use of the disputed domain, and Complainant has submitted sufficient evidence that the subject domain name has been flagged as malicious by multiple security vendors. The factors present here, therefore are well-settled as supporting a finding of bad faith use for both passive holding or non-use of a disputed domain name that is confusingly similar to a complainant’s mark and to attract users for malicious purposes and Respondent’s commercial gain. See, e,g.,The Nature’s Bounty Co., supra; Instagram, LLC v. Asif Ibrahim, WIPO Case No. D2020-2552.

Given the widespread recognition of Complainant’s FACEBOOK Mark in the United States, where actual knowledge of Complainant’s rights when it registered the disputed domain name, which shows bad faith registration. See Facebook, Inc. v. Ricky Bhatia, WIPO Case No. D2017-2542 (citing multiple prior decisions as early as 2011 finding fame of FACEBOOK Mark).

Respondent is located, and the approximately 18 years of use of the FACEBOOK Mark prior to
The disputed domain name incorporates the mark in its entirety and is essentially identical to both
Complainant’s Mark and its official <facebook-security.com> domain name, coupled with a descriptive term
“alert”, which likely magnifies the false association with Complainant in light of Complainant’s security
features it provides as part of its social networking services displayed on its website and to which
Complainant’s official <facebook-security.com> domain name redirects. Adding the above uncontested
evidence submitted that the disputed domain name is listed as malicious by credible domain name tracking
services, the Panel finds the disputed domain name is among those domain names used in relation to spam,
malware, or other illegitimate conduct. With no explanation or submission from Respondent to dispute
Complainant’s assertions or the presented facts of this case, given the worldwide fame of Complainant’s
FACEBOOK Mark, this Panel finds it reasonable to conclude there are no circumstances under which

Respondent’s use of the subject domain name could plausibly be in good faith under the Policy. See
Facebook, Inc. Instagram, LLC v. Adam Szulewski, (S) stress8 Adam Szulewski, WIPO Case No.
D2016-2380

The Panel finds Complainant’s arguments and evidence persuasive and has received no arguments or evidence from Respondent to the contrary. Considering all the circumstances, the Panel concludes that Respondent has registered and used the disputed domain name in bad faith and Complainant has satisfied paragraph 4(a)(iii) of the Policy.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name, <facebooksecurityalert.info>, be transferred to Complainant.

/Scott R. Austin/
Scott R. Austin
Sole Panelist
Date: March 22, 2023