16 July, 2026

Addressing Corporate Impersonation and Domain Redirection Risks

UDRP Cases

Telefonaktiebolaget LM Ericsson successfully reclaimed the domain ‘ericsson-na.com’ after a panelist determined the respondent used it in bad faith. The domain redirected traffic to the official Ericsson site and held active MX records, posing a significant risk for potential email impersonation.

Case Snapshot

Case Number D2026-1529
Complainant Telefonaktiebolaget LM Ericsson
Respondent ericsson NA, ericsson
Disputed Domain
ericsson-na.com
Threat Tactic Typo Domains
Decision Date 2026-06-19
Panelist Alvaro Loureiro Oliveira
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1529

Business Risks of Domain Impersonation and Email Fraud Infrastructure

The use of a typosquatted domain such as ‘ericsson-na.com’ creates significant operational and reputation risks for brand owners, primarily through the potential for sophisticated business email compromise (BEC). In this matter, although the respondent redirected traffic to the complainant’s legitimate website, the domain was simultaneously configured with active MX records. While there was no documented evidence of actual financial fraud or successful phishing attacks, the presence of these mail-exchange records provides a clear technical capability for attackers to craft deceptive email communications that appear to originate from an official company source. This configuration, when paired with the unauthorized incorporation of a well-known trademark, constitutes a proactive threat vector that can damage consumer trust and corporate security protocols.

Furthermore, the reliance on redirection tactics combined with obscured registrant information complicates the identification of bad actors and necessitates a rapid legal response to mitigate brand dilution. By directing unsuspecting users to the complainant’s official site, the respondent leveraged the established reputation of the ERICSSON mark to lend a veneer of legitimacy to their activities, potentially luring stakeholders into a state of reduced vigilance. The registrant’s efforts to mask their identity during the verification process underscore the importance of monitoring for typosquatted registrations that, even when currently passive or redirecting, serve as foundational infrastructure for future, more damaging fraudulent campaigns.

Strategic Leverage of Technical Indicators in Domain Recovery

The Complainant effectively utilized a multi-layered evidentiary approach by combining clear evidence of trademark ownership with technical proof of the Respondent’s malicious intent. By establishing a decades-long international reputation for the ERICSSON mark, the Complainant created a strong foundation for the assertion that the inclusion of its trademark in the ‘ericsson-na.com’ domain was intentionally confusing. This strategy was bolstered by the absence of any legitimate authorization for the Respondent to use the mark, effectively countering any potential claims of fair use or common-law rights.

The most persuasive element of the strategy was the focus on the technical configuration of the disputed domain. By highlighting the presence of active MX records, the Complainant demonstrated that the domain was not merely a passive holding, but was technically equipped for deceptive email communications. While the panel noted that no actual financial loss or fraudulent email fraud was proven, the combination of these MX records with a redirection to the official Ericsson website provided sufficient evidence for a finding of bad faith registration and use. This highlights the value for brand owners in documenting technical domain attributes, such as email functionality, even in the absence of a consummated cyberattack.

Practical Recommendations

  • Conduct regular technical audits for active MX records on suspicious domains to provide objective evidence of potential phishing or business email compromise (BEC) risks for UDRP filings.
  • Utilize domain redirection to the official brand site as affirmative evidence of ‘targeting’ and ‘bad faith’ usage, even in the absence of documented consumer financial loss.
  • Document discrepancies between publicly available WHOIS data and registrar-verified information to demonstrate a pattern of obfuscation by the respondent.
  • Proactively monitor for hyphenated or geo-appended variations of core trademarks, as these ‘typosquatting’ structures are consistently found to be confusingly similar under UDRP precedents.
  • Standardize the inclusion of historical trademark registration evidence and evidence of long-standing global reputation in all UDRP complaints to solidify the ‘rights and legitimate interests’ argument.

Frequently Asked Questions (FAQ)

Why was the domain ‘ericsson-na.com’ considered confusingly similar to the Ericsson trademark?

The panel found that ‘ericsson-na.com’ incorporated the well-known ERICSSON trademark in its entirety. The addition of the suffix ‘-na’ was determined to be insufficient to prevent a finding of confusing similarity, as it did not diminish the core association with the complainant’s brand.

What evidence confirmed that the respondent lacked legitimate interests in the disputed domain?

The respondent had no authorization from Ericsson to use the ERICSSON trademark. Furthermore, the record contained no evidence that the respondent was commonly known by the domain name or that it was being used for any bona fide commercial offering, favoring a finding of no legitimate rights.

How did the presence of active MX records support the finding of bad faith?

While there was no proof of actual fraud, the panel ruled that configuring MX records on a domain incorporating a famous trademark—combined with redirecting traffic to the complainant’s official site—demonstrated clear intent to facilitate potential phishing or corporate impersonation, satisfying the requirement for bad faith use.

What was the tactical outcome for Ericsson in this WIPO case?

Ericsson successfully secured the transfer of the domain ‘ericsson-na.com’. This case serves as a precedent that even without proof of actual financial harm, proactive monitoring for deceptive domain configurations and traffic redirection is an effective strategy for brand protection under the UDRP.

Need to recover a look-alike domain?

Similar to the Ericsson case, typosquatted domains often hide active MX records designed for email spoofing. Protect your brand reputation by proactively monitoring and securing trademark-infringing domains before they are weaponized.

Start domain recovery

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.