The dispute involves Carvana, LLC, a prominent online used car retailer, and the individual respondent, Jelap Falod, regarding the domain name carvanahr.com. This proceeding addresses the unauthorized use of the Carvana brand in a domain that suggests a direct connection to the company’s internal human resources department. Carvana argued that the registration was an attempt to exploit its established reputation by creating a misleading association with its corporate infrastructure, potentially to facilitate phishing or other fraudulent activities targeting employees or applicants.
Administrative Decision and Core Reasoning
The decision to transfer the domain was based on several critical observations regarding the nature of the registration. The domain name incorporates the entirety of the Carvana trademark, merely appending the suffix “hr,” which is a common abbreviation for human resources. This combination creates a significant risk that internet users will mistake the site for an official company portal. There was no evidence that the respondent had any authorization to use the name or that they were commonly known by it. Furthermore, the domain was associated with a website featuring suspicious links, which indicates an intent to mislead rather than any legitimate commercial or non-commercial use. The circumstances of the registration suggest that the respondent was fully aware of the brand’s prominence and sought to capitalize on it for deceptive purposes, rather than for a bona fide offering of goods or services.
Identifying Misleading Practices
Evidence indicated that the domain was likely intended for phishing campaigns, targeting either employees or potential job seekers. By mimicking a corporate HR channel, the respondent created a significant security risk for the brand’s ecosystem. The use of a brand-plus-keyword format is a classic tactic used to bypass basic user scrutiny and gain trust under false pretenses.
Strengthening the Corporate Digital Perimeter
This case underscores the importance of monitoring for “departmental” typosquatting or brand-plus-keyword domains. Organizations must be vigilant not only about direct copycats but also about domains that imply a specific internal function, such as HR, support, or billing. These specific variations are often precursors to sophisticated social engineering attacks that can compromise sensitive corporate data.
If your organization is being targeted by similar deceptive registrations, contact the ClaimOn team to assist you in reclaiming these assets and reinforcing your brand’s digital security.
