Apple recently won a UDRP for the domains www.applestor.com and www.wwwitune.com. The decision is pretty unremarkable – Respondent failed to file a response to the complaint and therefore the panel presumed that it did not have rights to either name, and from a simple comparison of the names to Apple’s trademarks for APPLE STORE and ITUNES, it found the names were nearly identical and clearly a case of typo-squatting.
The interesting part of the decision is on the bad faith prong where the panel alluded to Apple’s charge that the www.applestor.com domain posted links which were part of a “phishing” scam. The panel stated that: “[c]oncerning the use of the disputed domain names, there is evidence that suggests that the Respondent used the disputed domain name <applestor.com> to attract Internet users to phishing websites and deceive them into divulging private information. The Respondent very likely gained from the illegitimate use of users’ sensitive information.” Using a registered trademark as a part of a domain name in order to sponsor a phishing scam is evidence of uber-egregious bad faith.
The only issue that we have with the decision is that the website for www.applestor.com is still (as of this writing) up and running (and appears to still be in Respondent’s possession) and resolves to a page that has pictures of food and listings for various Apple brand products on numerous parts of the page. All the links resolve to a site which is identified as www.searchmagnified.com. A quick search for the term “searchmagnfied” reveals numerous complaints of malware and computer hijacking associated with www.searchmagnified.com. If the site was/is part of a phishing scam or a portal for a phishing scam then Apple should simultaneously (with the UDRP filing) have made an effort to have the Registrar Directi Internet Solutions Pvt. Ltd. (“Directi”) disable the site. If Apple did raise this issue with Directi, then Directi should have done something to prevent users from being scammed.
Directi’s registration policy specifically prohibits “phishing” (this it not novel, they all do) as per Sec. 4(5) they can suspend, cancel, freeze… the site associated with the domain when there is evidence of a phishing scam. Phishing is serious business and if this was/is going on it seems wholly insufficient to have it as a basis for the panel’s decision in finding bad faith without any immediate action or effort to put a stop to it.
Good for Apple in getting these domains, but would someone please stop the damage if this scam is still operating?!