Old Cybersquatting Tactic is New Again: A Case Study from the Banking Industry

In the early days of domain name disputes (that is, the mid-1990s), cybersquatters targeted trademark owners by registering exact trademarks in the .com top-level domain (TLD) -- often, because a trademark owner had not yet heard (or appreciated the potential) of the Internet. A writer for Wired magazine famously registered <mcdonalds.com> and, in an article in October 1994, wrote about how he struggled to educate the fast-food chain about domain names. "It's easy to find an unused domain name, and so far, there are no rules that would prohibit you from owning a bitchin' corporate name, trademarked or not," Joshua Quittner wrote almost 22 years ago, before most of the public really knew about domain names.

Indeed, many of the early decisions under the Uniform Domain Name Dispute Resolution Policy (UDRP) involved so-called exact-matches of well-known trademarks: <christiandior.com>, <encyclopediabrittanica.com>, <general-electric.com>, <baileysirishcream.com>, <hamburgerhamlet.com>, <stanleybostitch.com>, <greenbaypackers.com>, <southerncompany.com> and many, many more.

The Evolution of Cybersquatting

But then, as trademark owners woke up to the Internet, they proactively registered their primary trademarks as domain names if they were still available. Or, they used the UDRP or the courts to wrestle them away from cyberquatters. And, then even tried to get a step or two ahead of the cybersquatters by registering in less-popular TLDs such as .net and .org.

As a result, cybersquatting evolved. Exact-matches became less popular, and "typosquatting" -- that is, the registration of a domain name that contains a typographical variation of a trademark, such as <plaboy.com> and <wallstreetjouranl.com> -- took off. Cybersquatters also began to register domain names that contained words in addition to a trademark (such as <lexuschicago.com> and <gayebay.com>). None of these changes eliminated cybersquatting (indeed, the number of UDRP complaints continues to rise), they just changed the landscape.

Now, the arrival of hundreds of new TLDs is making the old form of cybersquatting new again.

The Case of comerica.mortgage

For example, Comerica Bank, which uses the <comerica.com> domain name (created September 1995) recently filed a UDRP complaint for the domain name <comerica.mortgage>.

According to the UDRP decision, Comerica is one of the 35 largest U.S. financial and bank holding companies, with more than $71 billion in assets with offices in Canada and Mexico, in addition to the United States. It began using the COMERICA trademark in 1982 and owns numerous United States registrations for the mark. In addition to using the <comerica.com> domain name, Comerica also wisely registered <comerica.net> and <comerica.org> (both created February 1998).

Despite its size and apparent Internet savvy, Comerica did not register <comerica.mortgage> when the .mortgage TLD was launched in 2014. While it's unclear why Comerica chose to pass on this domain name, someone else registered it and, according to the UDRP decision, "offered to sell the disputed domain name to [Comerica] at a price higher than what he paid for it" and also "redirect[ed] [it] to a website where Respondent offers other domain name names for sale."

Fortunately for Comerica, the UDRP panel had no problem finding that the bank satisfied all three elements of the domain name dispute policy, that is:

  • The domain name <comerica.mortgage> is confusingly similar to the COMERICA trademark. Indeed, the panel wrote that "the addition of the '.mortgage' gTLD serves to enhance the likelihood of confusion because it references the field in which Complainant operates." (As I've written before, the TLD has increasingly become an important factor in some UDRP disputes. See, "When is the Top-Level Domain (TLD) Relevant in a Domain Name Dispute?")
  • The registrant of the <comerica.mortgage> domain name had no rights or legitimate interests in it because Comerica "ha[d] not licensed or otherwise permitted Respondent to use the COMERICA Mark, and... there is no evidence that Respondent has been commonly known by the disputed domain name. Further, the Panel finds that Respondent’s use of the disputed domain name to redirect to a website which Respondent is using to sell other domain names is not a bona fide use."
  • The <comerica.mortgage> domain name was registered and used in bad faith because, among other things, the .mortgage TLD "references [Comerica's] business" and the registrant "intentionally attracts Internet uses to Respondent’s own website by creating a likelihood of confusion with Complainant’s mark, and he commercially benefits from this confusion by offering domain names for sale at this website."

As a result, the UDRP panel ordered transfer of the <comerica.mortgage> domain name to Comerica, and Comerica now simply redirects it to its existing website at www.comerica.com.

Interestingly, however, Comerica does not control the exact-match of its trademark in other new TLDs, such as .money, .fund or .financial. Although these domain names have not been registered by Comerica, they also haven't been registered by anyone else -- which means that Comerica may find itself filing additional UDRP complaints in the future. Indeed, in addition to <comerica.mortgage>, Comerica also already has filed (and won) a UDRP complaint for <comerica.xyz>. (Although the .xyz TLD does not necessarily relate to the banking and financial services industry, it has proven to be one of the more popular new TLDs.)

What to Do

As the Comerica decisions make clear, cybersquatters are finding new opportunities in the new TLDs. And, Comerica is certainly not alone, as other trademark owners -- not only in the banking and financial services sector, but in virtually all industries -- need to pay renewed attention to how domain names affect their brands.

It['s still early in the launch of new TLDs, but cybersquatters often stay one step ahead of trademark owners. So, for those companies that fail to register their trademarks in the new TLDs and later find problems, the UDRP -- and, to some extent, the Uniform Rapid Suspension System (URS) -- should prove to be very helpful.