Rethink Compliance LLC v Name Redacted

ARBITRATION

AND

ADMINISTRATIVE PANEL DECISION

Rethink Compliance LLC v. Name Redacted

Case No. D2023-2562

1. The Parties

The Complainant is Rethink Compliance LLC, United States of America (“United States”), represented by

Nelson Mullins Riley & Scarborough, L.L.P., United States.

The Respondent is Name Redacted.[1]

2. The Domain Name and Registrar

The disputed domain name <rethinkcomplianceco.info> (the “Disputed Domain Name”) is registered with

GoDaddy.com, LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on June 14, 2023.

On the same day, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Disputed Domain Name. Also on June 14, 2023, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Disputed Domain Name which differed from the named Respondent (Redacted for Privacy / Domains By Proxy, LLC) and contact information in the Complaint.

The Center sent an email communication to the Complainant on June 23, 2023 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on June 28, 2023.

page 2

The Center verified that the Complaint together with the amended Complaint satisfied the formal

requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for

Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for

Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the the due date for Response was July 19, 2023. The Respondent did not submit any response. Accordingly,

the Center notified the Respondent’s default on July 24, 2023.

The Center appointed Lynda M. Braun as the sole panelist in this matter on July 26, 2023. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

Founded in 2015, the Complainant is a compliance services company that provides businesses with compliance training, communications, and consulting services. The Complainant serves more than 125 companies worldwide and its products and services reach millions of global employees annually.

At least as early as 2016, the Complainant has used its RETHINK COMPLIANCE trademark in commerce in

the United States in connection with the provision of the Complainant’s compliance training, consulting, and

other related services to its clients. In addition, the Complainant owns a registered trademark for the RETHINK COMPLIANCE trademark, registered with the United States Patent and Trademark Office

(“USPTO”) on August 9, 2022 in international classes 35, 41, 42 and 45 (hereinafter collectively referred to

as the “RETHINK COMPLIANCE Mark”.)

The Complainant is also the owner of the domain name <rethinkcomplianceco.com>, which the Complainant

uses to host its official website at “ and for its associated email addresses.

The Disputed Domain Name was registered on May 10, 2023, and resolves to the Registrar’s landing page with sponsored third-party pay-per-click (“PPC”) hyperlinks, although with no substantive content. Upon

registering the Disputed Domain Name, the Respondent used it in connection with an email job offer

phishing scam, wherein the Respondent impersonated the Complainant and the Complainant’s CEO, in

connection with an offer of non-existent remote jobs to individuals who the Complainant believes the

Respondent scraped from online job placement websites such as “CareerBuilder”.

5. Parties’ Contentions

A. Complainant

The following are the Complainant’s contentions:

- the Complainant has common law and registered trademark rights in the RETHINK COMPLIANCE Mark;

- the Disputed Domain Name is confusingly similar to the Complainant’s RETHINK COMPLIANCE Mark;

- the Respondent has no rights or legitimate interests in respect of the Disputed Domain Name;

- the Disputed Domain Name was registered and is being used in bad faith as part of an email-based phishing scheme in which the Respondent impersonated an executive of the Complainant so that the Respondent could obtain sensitive information from unsuspecting job applicants of the Complainant; and

page 3

- the Complainant seeks the transfer of the Disputed Domain Name from the Respondent to the Complainant

in accordance with paragraph 4(i) of the Policy.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

In order for the Complainant to prevail and have the Disputed Domain Name transferred to the Complainant, the Complainant must prove the following (Policy, paragraph 4(a)):

(i) the Disputed Domain Name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and

(ii)       the Respondent has no rights or legitimate interests in respect of the Disputed Domain Name; and

(iii)      the Disputed Domain Name has been registered and is being used in bad faith.

A. Identical or Confusingly Similar

Paragraph 4(a)(i) of the Policy requires a two-fold inquiry: a threshold investigation into whether a complainant has rights in a trademark, followed by an assessment of whether the disputed domain name is

identical or confusingly similar to that trademark. The Panel concludes that in the present case, the Disputed
Domain Name is confusingly similar to the RETHINK COMPLIANCE Mark as explained below.

The Complainant has established rights in the RETHINK COMPLIANCE Mark based on its several years of use as well as its registered trademark for the RETHINK COMPLIANCE Mark in the United States. The registration of a mark satisfies the threshold requirement of having trademark rights for purposes of standing to file a UDRP case. Thus, the Panel finds that the Complainant has rights in the RETHINK COMPLIANCE Mark. As stated in section 1.2.1 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions,

Third Edition (“WIPO Overview 3.0”), “[w]here the complainant holds a nationally or regionally registered

trademark or service mark, this prima facie satisfies the threshold requirement of having trademark rights for

purposes of standing to file a UDRP case”. Thus, the Panel finds that the Complainant satisfied the

threshold requirement of having rights in the RETHINK COMPLIANCE Mark.

The Disputed Domain Name consists of the RETHINK COMPLIANCE Mark in its entirety, followed by the term “co”, and then followed by the generic Top-Level Domain (“gTLD”) “.info”.[2] Where the trademark is

recognizable in the Disputed Domain Name, the addition of a term, such as “co”, does not prevent a finding of confusing similarity. See WIPO Overview 3.0, section 1.8 (“where the relevant trademark is recognizable

within the disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative,

meaningless, or otherwise) would not prevent a finding of confusing similarity under the first element”).

Finally, the addition of a gTLD such as “.info” in a domain name is a technical requirement. Thus, it is well

established that such element may typically be disregarded when assessing whether a domain name is identical or confusingly similar to a trademark. See Proactiva Medio Ambiente, S.A. v. Proactiva, WIPO Case No. D2012-0182 and WIPO Overview 3.0, section 1.11.1. Thus, the Panel concludes that the

Disputed Domain Name is confusingly similar to the Complainant’s RETHINK COMPLIANCE Mark.

page 4

Accordingly, the Panel finds that the first element of paragraph 4(a) of the Policy has been met by the

Complainant.

B. Rights or Legitimate Interests

Under the Policy, a complainant has to make out a prima facie case that the respondent lacks rights or legitimate interests in the disputed domain name. Once such a prima facie case is made, the respondent carries the burden of production of evidence that demonstrates rights or legitimate interests in the disputed domain name. If the respondent fails to do so, the complainant may be deemed to have satisfied paragraph 4(a)(ii) of the Policy. See WIPO Overview 3.0, section 2.1.

In this case, given the facts as set out above, the Panel finds that the Complainant has made out a prima

facie case. The Respondent has not submitted any arguments or evidence to rebut the Complainant’s prima

facie

case. Furthermore, the Complainant has not authorized, licensed or otherwise permitted the relationship with the Respondent. There is also no evidence that the Respondent is commonly known by the Disputed Domain Name or by any similar name, nor any evidence that the Respondent was using or making demonstrable preparations to use the Disputed Domain Name in connection with a bona fide offering of goods or services. See Policy, paragraph 4(c). The Respondent, by using an email associated with the

Disputed Domain Name (for example, “[...]@rethinkcomplianceco.info”), sought to impersonate the

Complainant to fraudulently gather the personal information of unsuspecting third-party job applicants.
The job applicants were contacted by an individual purporting to be the CEO of the Complainant.

Such use of the Disputed Domain Name to impersonate the Complainant and perpetuate a fraudulent phishing scheme does not confer rights or legitimate interests on the Respondent. See WIPO Overview 3.0, section 2.13.1 (“Panels have categorically held that the use of a domain name for illegal activity (e.g., the

sale of counterfeit goods or illegal pharmaceuticals, phishing, distributing malware, unauthorized account
access/hacking, impersonation/passing off, or other types of fraud) can never confer rights or legitimate

interests on a respondent.”). See also CMA CGM v. Diana Smith, WIPO Case No. D2015-1774 (finding that

the respondent had no rights or legitimate interests in the disputed domain name holding that “such phishing

scam cannot be considered a bona fide offering of goods or services nor a legitimate noncommercial or fair

use of the Domain Name”).

In sum, the Panel concludes that the Complainant has established an unrebutted prima facie case that the Respondent lacks rights or legitimate interests in the Disputed Domain Name. Rather, the Panel finds that the Respondent is using the Disputed Domain Name for commercial gain with the intent to mislead by

potentially defrauding the Complainant’s job applicants by incorporating the Disputed Domain Name into

emails sent by the Respondent to those applicants. Such use cannot conceivably constitute a bona fide

offering of a product or service within the meaning of paragraph 4(c)(i) of the Policy.

Accordingly, the Panel finds that the second element of paragraph 4(a) of the Policy has been met by the

Complainant.

C. Registered and Used in Bad Faith

The Panel finds that based on the record, the Complainant has demonstrated the existence of the

Respondent’s bad faith registration and use of the Disputed Domain Name pursuant to paragraph 4(a)(iii) of

the Policy.

First, the Respondent’s phishing scheme to email job-seeking individuals fraudulent job offers purporting to

come from the Complainant, and to collect the personal information of such individuals, evidences a clear

intent to disrupt the Complainant’s business, deceive individuals, and trade off the Complainant’s goodwill by

creating an unauthorized association between the Respondent and the Complainant’s RETHINK

COMPLIANCE Mark. See Banco Bradesco S.A. v. Fernando Camacho Bohm, WIPO Case

No. D2010-1552. Such conduct is emblematic of the Respondent’s bad faith registration and use of the

page 5

Disputed Domain Name. Numerous UDRP panels have found that email-based phishing schemes that use

a complainant’s trademark in the disputed domain name are evidence of bad faith. See, e.g., BHP Billiton

Innovation Pty Ltd v. Domains By Proxy LLC / Douglass Johnson, WIPO Case No. D2016-0364 (“[T]he use

of an email address associated with the disputed domain name, to send a phishing email for the purposes of

dishonest activity is in itself evidence that the disputed domain name was registered and is being used in

bad faith.”).

Second, the registration of a domain name that is confusingly similar to a registered trademark by an entity that has no relationship to that mark may be sufficient evidence of opportunistic bad faith. See Ebay Inc. v. Wangming, WIPO Case No. D2006-1107; Veuve Clicquot Ponsardin, Maison Fondée en 1772 v. The

Polygenix Group Co., WIPO Case No. D2000-0163 (use of a name connected with such a well-known service and product by someone with no connection to the service and product suggests opportunistic bad faith). Based on the circumstances here, the Respondent registered and used the Disputed Domain Name

in bad faith in an attempt to create a likelihood of confusion with the Complainant’s RETHINK COMPLIANCE

Mark.

Third, the Panel finds that the Respondent had actual knowledge of the Complainant’s RETHINK

COMPLIANCE Mark and targeted the Complainant when it registered the Disputed Domain Name,

demonstrating the Respondent’s bad faith. Based on the Respondent’s almost identical Disputed Domain

Name to the Complainant’s trademark and domain name, it strains credulity to believe that the Respondent

had not known of the Complainant or its RETHINK COMPLIANCE Mark when registering the Disputed

Domain Name. The Respondent’s awareness of the Complainant and its RETHINK COMPLIANCE Mark

additionally suggests that the Respondent’s decision to register the Disputed Domain Name was intended to

cause confusion with the Complainant’s RETHINK COMPLIANCE Mark and to disrupt the Complainant’s

business. Such conduct indicates that the Respondent registered the Disputed Domain Name in bad faith.

Accordingly, the third element of paragraph 4(a) of the Policy has been met by the Complainant.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Disputed Domain Name <rethinkcomplianceco.info> be transferred to the Complainant.

/Lynda M. Braun/

Lynda M. Braun

Sole Panelist
Date: August 9, 2023

light of the potential identity theft, the Panel has redacted the Respondent’s name from this Decision. However, the Panel has attached

as Annex 1 to this Decision an instruction to the Registrar regarding transfer of the Disputed Domain Name, which includes the name of
the Respondent. The Panel has authorized the Center to transmit Annex 1 to the Registrar as part of the order in this proceeding and

has indicated that Annex 1 to this Decision shall not be published due to the exceptional circumstances of this case. See ASOS plc. v.

Name Redacted, WIPO Case No. D2017-1520. All references in this Decision to “Respondent” are references to the unknown

underlying registrant of the Disputed Domain Name.

<rethinkcomplianceco.info>, save for the different Top-Level Domain.