Insights from Williams + Hughes
Fishing for Phishers: Recent UDRPs brought by the UK Commissioners for HM Revenue and Customs
Post by Williams + Hughes | Posted 6 years ago on Thursday, August 10th, 2017

Phishing, the fraudulent act of soliciting money from members of the public through emailed demands, is a scourge, in which phishers deceive especially the elderly or naive.

On 22 February 2017, the Commissioners for Her Majesty’s Revenue and Customs of London (the Complainants) filed a complaint at the WIPO Arbitration and Mediation Center over the domain name HMRCONLINEGOV.COM, which has been registered with Network Solutions, LLC under the name of Dani Gan (the Respondent) of Allambie Heights, in New South Wales, Australia. The domain was registered on 2 October 2016, but had not been used and at the time of the complaint, only redirected visitors to a web page containing references to the Complainant and other websites.

As the decision notes, “The Commissioners for HM Revenue and Customs, is a non-ministerial department of the United Kingdom Government responsible for the collection of taxes, the payment of some forms of state support and the administration of other regulatory regimes.” It operates a website located at hmrc.gov.uk

This sort of domain name policing activity by government agencies (and also financial institutions) responsible for dealing with the public’s finances is important. As noted in another, separate UDRP complaint brought by HMRC:

Complainant is accountable for safeguarding the flow of money to the Exchequer through its collection, compliance and enforcement activities and ensures that money is available to fund the UK’s public services. Complainant also administers statutory payments within the UK, such as statutory sick pay and statutory maternity pay and it helps families and individuals with targeted financial support through the payment of tax credits. Almost every UK individual and business is a direct customer of Complainant.”

The very useful website www.udrpsearch.com indicates that HMRC has three active UDRP complaints against various individuals, was successful in another six, and terminated one. (One of those individuals noted that his or her name was the subject of identity theft, and that name was redacted from the decision.) Thee active cases are for the following domain names:

  • hmrc-tax-service.com, service-hmrc-tax.com, tax-hmrc-service.com (D2017-1492)
  • taxreturn-hmrc.com, taxreturnhmrc.com (D2017-1333)
  • refund-tax-hm-rc.com (D2017-1312)

The outcome of these three UDRP complaints remains to be seen. But by pressing on with UDRPs against recidivist cybersquatters, such as the famous Cameron Jackson (who has been involved in fifty-five domain UDRPs as the respondent), complainants assist future complainants by collectively building a body of evidence of systemic cybersquatting.

In respect of the UDRP complaint issued in respect of Mr Gan, the Complainants tried to contact the Respondent on 12 January 2017 by way of a letter demanding the transfer of the domain name. This was met with silence. Another letter was dispatched on 19 January 2017, but this second attempt at correspondence also solicited no reply from the Respondent.

As noted in paragraph 4.6 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition (“WIPO Overview, 2.0”), the failure of the Respondent to reply does not necessarily result in a default in favor of the Complainant. The onus is still on the Complainant to satisfy the three requirements outlined in paragraph 4(a) of the Uniform Domain Name Dispute Resolution Policy, namely a.) the disputed domain name is identical or confusingly similar to a trade mark or service mark to which the Complainant has rights, b.) the Respondent has no rights or legitimate interests in respect of the disputed domain name, and c.) the disputed domain name has been registered and is being used in bad faith.

Under the first requirement, the Complainant filed evidence of a trade mark registration for the HMRC name in the UK, which had a priority date of March 2008. This was a prudent action for the Complainant to have taken, and one often overlooked by government entities: a trade mark is prima facie evidence of rights in a brand, and government departments should plan for an eventuality where a trade mark certificate will help when other arguments around goodwill might be tricky. (The decision does not identify it, but the trade mark has the registration number UK00002471470.) But also in support of this argument that the first element of a UDRP complaint was fulfilled, the Complainant also provided proof that third parties in the UK and other jurisdictions commonly refer to theComplainants as, simply, “HMRC”.

With ownership of “HMRC” established, the Complaint argued that the disputed domain name is confusingly similar to “HMRC”, as the words “online” and “gov” are not enough to distinguish the domain name from the Complainant’s HMRC mark. Obviously, these sorts of ancillary, descriptive terms merely suggest that the domain name is an official and/or online presence for the Complainant’s services.The arbitrator agreed.

The Complainant was also successful in the second requirement, that the Respondent had no rights or entitlement to the domain. With the Respondent making no effort to defend himself and his continued use of the disputed domain name even after the two cease and desist letters, the Panel adopted the view that the Respondent did not have any legitimate purpose for its registration, except to commercially exploit the Complainant’s HMRC mark.

The third requirement, that the Respondent’s registration of the disputed domain name was done in bad faith, was also found in favour of the Complainants. The disputed domain name fully incorporates the Complainant’s mark and the terms “online” and “gov,” presumably as a way of confusing consumers into thinking that the disputed domain name is connected to the Complainant. This was supported by evidence that links contained on the webpage resolving from the disputed domain name pointed visitors to various business:

“…it appears that Respondent has placed, or allowed to be placed, a web page at the disputed domain name that includes click-through advertising concerning Complainant, its services, income tax filing, pensions and government insurance. As Respondent has chosen not to respond in this proceeding, the Panel can only conclude, based on the available evidence, that Respondent did not register the disputed domain name for any legitimate purpose, but actively sought to capitalize on Complainant’s HMRC mark by registering a domain name that would likely be seen as related to Complainant or Complainant’s services…. the evidence suggests that Respondent specifically targeted Complainant and its HMRC mark, and did so opportunistically and in bad faith.”

People who received email demands for payments of even small sums from a website with the address “HMRCOnlineGov.com” would be forgiven for thinking that they had outstanding tax payments. The Complainant alleged that the disputed domain name had been used for fraudulent activity through phishing scams, but the Panel was unable to determine whether there has been use of the disputed domain name for fraud due to the limited amount of evidence submitted. It ultimately did not matter in so far as this domain name dispute was concerned. The Complainant was successful in establishing the three requirements outlined in paragraph 4(a) of the UDRP. The disputed domain name HMRCONLINEGOV.COM was ordered by way of the UDRP process to be transferred to the Complainant.

 

This article is general information only, at the date it is posted.  It is not, and should not be relied upon as, legal advice.  This article might not be updated over time and therefore may not reflect changes to the law.  Please feel free to contact us for legal advice that is specific to your situation.

Copyright © 2024 Williams+ Hughes. All Rights Reserved | Privacy | Terms & Conditions