Although cybersquatters continue to target large law firms — apparently attempting to trick clients and/or employees into making inappropriate payments — the Uniform Domain Name Dispute Resolution Policy (UDRP) continues to provide appropriate legal relief.
In one of the most recent disputes, McGuireWoods LLP recovered the domain name <mcgulrewoods.com>, which the law firm said was being used “to send fraudulent emails to [its] clients in furtherance of a phishing scheme aimed at obtaining their personal and financial information or an attempt to distribute malware or viruses.” (Note the use of a letter “l” instead of a letter “i” in the firm’s name — an increasingly common cybersquatting trick involving “look-alike” domain names.)
McGuireWoods — a 200-year-old law firm with 26 offices in the United States, Europe and Asia — uses the domain name <mcguirewoods.com>.
Not surprisingly, the UDRP panel had no difficulty finding that the law firm satisfied all three elements of the UDRP in the dispute over <mcgulrewoods.com>: (1) the domain name was (despite the misspelling) confusingly similar to the law firm’s rights in the MCGUIREWOODS service mark; (2) the registrant of the domain name had no rights or legitimate interests in the domain name; and (3) the domain name was registered and used in bad faith, in part because of the phishing allegations, which were not contradicted.
McGuireWoods also won another UDRP decision recently, for the domain name <mcguirewoodslegal.com>. Although it is unclear from that decision whether the domain name was being used for phishing purposes (the decision refers only to the fact that the domain name was used in connection with “a parking page offering pay-per-click links some of which relate to [the law firm’s] competition”), it is easy to imagine how it could be put to nefarious use.
Indeed, McGuireWoods has initiated (and won) at least five UDRP proceedings in recent years, for six domain names. The problem has become so significant that the firm has even published a prominent “Fraud Alert” on its website, warning its clients and others about phishing scams:
A common scam involves fraudsters falsely claiming that a law firm or a firm lawyer is handling a legal matter, many times an eviction, and threatening to take punitive action if the victim of the scam fails to provide personal information (for example, date of birth, Social Security number, bank and account information, and credit card information) and funds immediately.
Fraudsters also illicitly use law firm names in scams involving counterfeit checks that are mailed to unsuspecting victims, along with a request that the victim cash or deposit the check, send most of the funds to a third party and keep the balance of the funds. When the bank determines the check is counterfeit, the victim may be liable for any funds the bank disbursed.
As the law firm correctly notes, it is also a victim of these scams: “While McGuireWoods is aware that corrupt individuals have used our firm name and our lawyers’ names to attempt to perpetrate criminal scams on innocent victims, the firm, our lawyers and staff are not responsible for a third party’s conduct or liable for damages caused by their conduct.”
Of course, McGuireWoods is not the only law firm targeted by cybersquatters. As I have written before, other large law firms have been subjected to cybersquatting-related phishing scams for years. The ABA Journal recently reported that an associate at Dentons Canada “was duped into transferring more than $2.5 million into a fraudster’s account” in a scam that involved emails.
The attacks aren’t limited to large law firms. A six-lawyer firm reported (in an article titled “Internet Thieves Are Attacking Law Firms; Here's Our Story”) that it had “been the subject of a half-dozen attacks” in only six months.
Clearly, law firms and their clients — like everyone who uses the Internet — needs to be aware of how phishing emails are used by cybersquatters. And, when appropriate, law firms, like all trademark owners, can invoke the UDRP to slow the problem.