Meta Platforms, Inc. v Imad Yousfi

ADMINISTRATIVE PANEL DECISION

Meta Platforms, Inc. v. Imad Yousfi

Case No. D2022-0985

1. The Parties

The Complainant is Meta Platforms, Inc., United States of America (“United States”), represented by Hogan

Lovells (Paris) LLP, France.

The Respondent is Imad Yousfi, Morocco.

2. The Domain Name and Registrar

The disputed domain name <fbsecuritycheck.com> is registered with Nominalia Internet S.L. (the

“Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on March 22, 2022. On March 23, 2022, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On March 25, 2022, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on March 25, 2022 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on March 29, 2022.

The Center verified that the Complaint together with amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the
Complaint, and the proceedings commenced on March 29, 2022. In accordance with the Rules, paragraph
5, the due date for Response was April 18, 2022. The Respondent did not submit any response.
Accordingly, the Center notified the Respondent’s default on April 19, 2022.

page 2

The Center appointed Edoardo Fano as the sole panelist in this matter on April 26, 2022. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

The Panel has not received any requests from the Complainant or the Respondent regarding further submissions, waivers or extensions of deadlines, and the Panel has not found it necessary to request any further information from the Parties.

Having reviewed the communication records in the case file provided by the Center, the Panel finds that the Center has discharged its responsibility under the Rules, paragraph 2(a), “to employ reasonably available means calculated to achieve actual notice to the Respondent”. Therefore, the Panel shall issue its Decision based upon the Complaint, the Policy, the Rules, and the Supplemental Rules, and without the benefit of a response from the Respondent.

The language of the proceeding is English, being the language of the Registration Agreement, as per paragraph 11(a) of the Rules.

4. Factual Background

The Complainant is Meta Platforms, Inc., a United States company operating the Facebook social network website and mobile application, commonly known as “FB”, and owning several trademark registrations for FB, among which the following:

- European Union Trade Mark No. 008981383 for FB, registered on August 23, 2011;

- United States Registration No. 4,659,777 for FB, registered on December 23, 2014;

- Moroccan Trademark No. 209641 for FB, registered on February 3, 2020.

The Complainant operates on the Internet at the main website “ as well as with many other generic Top-Level Domains (“gTLDs”) and country code Top-Level Domains (“ccTLDs”) consisting of the trademark FB, including <fb.com>.

The Complainant provided evidence in support of the above.

According to the WhoIs records, the disputed domain name was registered on September 25, 2021, and it currently points to a webpage indicating that it has been suspended. The Complainant provided evidence that the disputed domain name previously resolved to a website having the same “look and feel” of the

official website of Facebook, with a log in page entitled “Facebook Security Check” on which Facebook users
were required to provide their login information (i.e., username and password) for the purpose of verifying

their identity.

5. Parties’ Contentions

A. Complainant

The Complainant states that the disputed domain name is confusingly similar to its trademark FB, as the
disputed domain name wholly contains the Complainant’s trademark with the addition of the dictionary terms
“security” and “check”.

Moreover, the Complainant asserts that the Respondent has no rights or legitimate interests in respect of the disputed domain name since it has not been authorized by the Complainant to register the disputed domain name or to use its trademark within the disputed domain name, it is not commonly known by the disputed

page 3

domain name and it is not making either a bona fide offering of goods or services, or a legitimate
noncommercial or fair use of the disputed domain name. Before being suspended, the disputed domain
name was used by the Respondent to point to a fake Facebook log in page, inviting unsuspecting Facebook
users to provide their account credentials in connection with a phishing scheme.

The Complainant submits that the Respondent has registered the disputed domain name in bad faith, since the Complainant’s trademark FB is distinctive and internationally known. Therefore, the Respondent targeted the Complainant’s trademark at the time of registration of the disputed domain name and the Complainant contends that the use of the disputed domain name to point to a website mimicking the Complainant’s official website, by creating a likelihood of confusion with the Complainant’s trademark as to the disputed domain name’s source, sponsorship, affiliation, or endorsement as part of a phishing scheme, qualifies as bad faith registration and use.

B. Respondent

The Respondent has made no reply to the Complainant’s contentions and is in default. In reference to paragraphs 5(f) and 14 of the Rules, no exceptional circumstances explaining the default have been put forward or are apparent from the record.

A respondent is not obliged to participate in a proceeding under the Policy, but if it fails to do so, reasonable
facts asserted by a complainant may be taken as true, and appropriate inferences, in accordance with
paragraph 14(b) of the Rules, may be drawn (see, e.g., Reuters Limited v. Global Net 2000, Inc., WIPO Case
No. D2000-0441; Microsoft Corporation v. Freak Films Oy, WIPO Case No. D2003-0109; SSL International
PLC v. Mark Freeman, WIPO Case No. D2000-1080; Altavista Company v. Grandtotal Finances Limited et.
al., WIPO Case No. D2000-0848; Confédération Nationale du Crédit Mutuel, Caisse Fédérale du Crédit

Mutuel Nord Europe v. Marketing Total S.A., WIPO Case No. D2007-0288).

6. Discussion and Findings

Paragraph 4(a) of the Policy lists three elements, which the Complainant must satisfy in order to succeed:

(i) the disputed domain name is identical or confusingly similar to a trademark or service mark in which the

Complainant has rights; and

(ii) the Respondent has no rights or legitimate interests in respect of the disputed domain name; and

(iii) the disputed domain name has been registered and is being used in bad faith.

A. Identical or Confusingly Similar

The Panel finds that the Complainant is the owner of the trademark FB both by registration and acquired reputation and that the disputed domain name is confusingly similar to the trademark FB.

Regarding the addition of the terms “security” and “check”, the Panel notes that it is now well established that the addition of terms or letters to a domain name does not prevent a finding of confusing similarity between the disputed domain name and the trademark (see, e.g., Aventis Pharma SA., Aventis Pharma Deutschland GmbH v. Jonathan Valicenti, WIPO Case No. D2005-0037; Red Bull GmbH v. Chai Larbthanasub, WIPO Case No. D2003-0709; America Online, Inc. v. Dolphin@Heart, WIPO Case No. D2000-0713). The addition of the terms “security” and “check” does not therefore prevent the disputed domain name from being confusingly similar to the Complainant’s trademark. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 1.8.

page 4

It is also well accepted that a generic Top-Level Domain (“gTLD”), in this case “.com”, is typically ignored
when assessing the similarity between a trademark and a domain name. See WIPO Overview 3.0, section
1.11.

The Panel finds that the Complainant has therefore met its burden of proving that the disputed domain name is confusingly similar to the Complainant’s trademark, pursuant to the Policy, paragraph 4(a)(i).

B. Rights or Legitimate Interests

Paragraph 4(a)(ii) of the Policy requires the Complainant to prove that the Respondent has no rights or legitimate interests in the disputed domain name.

The Respondent may establish rights or legitimate interests in the disputed domain name by demonstrating in accordance with paragraph 4(c) of the Policy any of the following circumstances, in particular but without limitation:

“(i) before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain
name or a name corresponding to the domain name in connection with a bona fide offering of goods or

services; or

(ii) you (as an individual, business, or other organization) have been commonly known by the domain name,

even if you have acquired no trademark or service mark rights; or

(iii) you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial
gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.”

According to paragraph 4(a) of the Policy, the Complainant has the burden of proving the three elements of the Policy. However, satisfying the burden of proving a lack of the Respondent’s rights or legitimate interests in respect of the disputed domain name according to paragraph 4(a)(ii) of the Policy is potentially quite difficult, since proving a negative circumstance is generally more complicated than establishing a positive one. As such, it is well accepted that it is sufficient for the Complainant to make a prima facie case that the Respondent has no rights or legitimate interests in the disputed domain name in order to shift the burden of production to the Respondent. If the Respondent fails to demonstrate rights or legitimate interests in the disputed domain name in accordance with paragraph 4(c) of the Policy or on any other basis, the Complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy.

The Complainant in its Complaint, and as set out above, has established a prima facie case that the Respondent has no rights or legitimate interests in the disputed domain name. It asserts that the Respondent, who is not currently associated with the Complainant in any way, is not commonly known by the disputed domain name and is not making a bona fide offering of goods or services or a legitimate noncommercial or fair use of the disputed domain name: prior to its suspension, the disputed domain name was used by the Respondent to point to a fake Facebook log in page, inviting unsuspecting Facebook users to provide their account credentials in connection with a phishing scheme.

According to the WIPO Overview 3.0, section 2.13.1:

“2.13.1 Panels have categorically held that the use of a domain name for illegal activity (e.g., the sale of
counterfeit goods or illegal pharmaceuticals, phishing, distributing malware, unauthorized account
access/hacking, impersonation/passing off, or other types of fraud) can never confer rights or legitimate
interests on a respondent […].”

The prima facie case presented by the Complainant is enough to shift the burden of production to the Respondent to demonstrate that it has rights or legitimate interests in the disputed domain name. However, the Respondent has not presented any evidence of any rights or legitimate interests it may have in the disputed domain name.

page 5

Moreover, the Panel finds that the composition of the disputed domain name carries a risk of implied affiliation. See WIPO Overview 3.0, section 2.5.1.

The Panel therefore finds that paragraph 4(a)(ii) of the Policy has been satisfied.

C. Registered and Used in Bad Faith

Paragraph 4(b) of the Policy provides that “for the purposes of paragraph 4(a)(iii) of the Policy, the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:

(i) circumstances indicating that [the respondent has] registered or has acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of the complainant, for valuable

consideration in excess of its documented out-of-pocket costs directly related to the domain name; or

(ii) that [the respondent has] registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that [the respondent has] engaged in a pattern of such conduct; or

(iii) that [the respondent has] registered the domain name primarily for the purpose of disrupting the business

of a competitor; or

(iv) that by using the domain name, [the respondent has] intentionally attempted to attract, for commercial
gain, Internet users to [the respondent’s] website or other online location, by creating a likelihood of
confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of [the
respondent’s] website or location or of a product or service on [the respondent’s] website or location”.

Regarding the registration in bad faith of the disputed domain name, the reputation of the Complainant’s trademark FB in the social networks field is clearly established and the Panel finds that the Respondent likely knew of the Complainant and its trademark and deliberately registered the disputed domain name in bad faith, especially because, before being suspended, the disputed domain name resolved to a website impersonating the Complainant’s official website, inviting Facebook users to provide their login information.

The Panel further notes that the disputed domain name, prior to its suspension, was also used in bad faith since on the relevant website the Respondent was trying to impersonate the Complainant, in connection to a phishing scheme, with the purpose of intentionally attempting to create a likelihood of confusion with the Complainant’s trademark as to the disputed domain name’s source, sponsorship, affiliation or endorsement.

The above suggests to the Panel that the Respondent intentionally registered and is using the disputed domain name in order to create confusion with the Complainant’s trademark and attract, for commercial gain in connection to a phishing scheme, Internet users to its website in accordance with paragraph 4(b)(iv) of the Policy.

As regards the current use in bad faith of the disputed domain name, which after being suspended resolves to an inactive webpage, the Panel considers that bad faith may exist even in cases of so-called “passive holding”, as found in the landmark UDRP decision Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003. In the circumstances of this case, the Panel finds that such passive holding does not prevent a finding of bad faith. See, WIPO Overview 3.0, section 3.3.

WIPO Overview 3.0, section 3.2.1.

Furthermore, the Panel considers that the nature of the disputed domain name, incorporating the bad faith. See,

page 6

The Panel finds that the Complainant has presented evidence to satisfy its burden of proof with respect to the issue of whether the Respondent has registered and is using the disputed domain name in bad faith.

The Panel therefore finds that paragraph 4(a)(iii) of the Policy has been satisfied.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <fbsecuritycheck.com> be transferred to the Complainant.

/Edoardo Fano/
Edoardo Fano
Sole Panelist
Date: April 28, 2022