By Steve Levy
We’ve all heard of patent trolls and perhaps trademark or copyright trolls but I’ve only ever considered the idea of a UDRP troll in the depths of my dark imagination. That is until now. It seems that bold and almost-clever bad actors have realized that it may be possible to steal a domain name by abusing the UDRP process. The concept is to file a complaint, provide borderline or even fake evidence, hope the legitimate domain owner defaults and that the panelist doesn’t smell something fishy, and then have the registrar transfer the domain name after winning the UDRP case. It’s a bit far-fetched but, in this age of AI-generated content, it’s not difficult to produce things like trademark registration certificates, website screenshots, and fake advertisements, etc. See my recent post about false evidence in UDRP cases.
In a recent case, the Complainant claimed to be a software provider and the owner of the domain name qw.com. It says that it lost the highly valuable 2-letter domain name through a hacking attack and that it received an email signed “The Hacker” in which demand was made for a payment of USD $20,000 in Bitcoin in exchange for return of the domain name. Submitted into evidence was the Whois record for the disputed domain name, showing “Quickware” as the registrant and “Fred Williams” as a contact. Also provided were a copy of a 2007 Certificate of Incorporation for the company Quickware, Inc from the State of Georgia, and a US Trademark Registration for the QUICKWARE mark. The domain name resolves to a page titled “Quickware” offering specialized software and the company’s phone number is listed as well.
The Respondent claimed that the Complainant is impersonating Quickware, Inc and its vice president Mr. Fred Williams and is fraudulently seeking to gain control of the valuable domain name. An affidavit was filed by a Mr. Fred Williams who claimed to be the real vice president of Quickware, Inc. and copies of correspondence that the Registrar had received showing repeated requests to change the password or email associated with the disputed domain name were also provided. Respondent also noted that he had received emails from the same address that sent the 20,000 Bitcoin demand.
The panel starts out with the question, who is the real Fred Williams? It concluded that the Complainant is actually a fraudster impersonating the Respondent. This is based on evidence that Quickware, Inc dissolved in 2011 and, thus, does not continue to exist as a legal entity. Further, even if the company still existed, the trademark registration cited by the Complainant is held by an entirely unrelated company so there is no trademark on which to ground a UDRP complaint.
In this situation the domain owner took action by responding to the complaint and the panel saw through the Complainant’s charade. However, this could have gone very differently as domain owners don’t always recognize the names of UDRP dispute providers and there’s a risk of a complaint notification email being disregard as spam or a hoax. Brand owners are wise to alert the contact listed in their Whois records (often simply a domain name administrator in any number of possible company departments) to be on the lookout for any message that could signal the filing of a complaint against one of their domain names. At that point, the best approach is an aggressive and well-supported response to prevent the loss of what is likely a valuable company asset.