16 July, 2026

Addressing Email Impersonation and Typo-Squatting Risks in Legal Services

UDRP Cases

Greenberg Traurig, LLP successfully petitioned for the transfer of gtt-law.com after the respondent configured the domain for potential email fraud. The panelist found the domain to be confusingly similar and ruled for transfer due to bad faith registration.

Case Snapshot

Case Number D2026-2115
Complainant Greenberg Traurig, LLP
Respondent Name Redacted
Disputed Domain
gtt-law.com
Threat Tactic Phishing and Email Fraud
Decision Date 2026-06-30
Panelist Richard W. Page
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-2115

Business Risk: Email Impersonation and Infrastructure Hijacking

The registration of gtt-law.com represents a direct threat to corporate security and brand integrity by leveraging a common typosquatting variation of Greenberg Traurig’s established domain, gtlaw.com. By incorporating an additional letter ‘T’ and a hyphen, the respondent created a deceptive facsimile designed to intercept professional communications. Although the domain does not host a public-facing website, the configuration of Mail Exchange (MX) records provides a critical technical indicator that the domain was intended for use in phishing campaigns or business email compromise (BEC). For a law firm, such unauthorized infrastructure poses an acute danger to client-attorney privilege and financial security, as bad actors can convincingly impersonate firm representatives to solicit sensitive information or execute fraudulent payment requests.

The absence of legitimate web content, combined with the active email configuration, underscores the respondent’s intent to exploit the firm’s reputation for malicious purposes. While the provided evidence does not document specific successful exfiltration of funds or data, the deployment of such infrastructure creates an immediate operational security risk. Professional services firms must recognize that these ‘passive’ domain registrations are frequently precursors to active social engineering. By proactively monitoring for slight typographical variations of brand identifiers, organizations can preemptively secure these assets via UDRP proceedings before they are weaponized to facilitate fraud or degrade client trust in official firm communications.

Strategy Breakdown: Combating Email Infrastructure Abuse

Greenberg Traurig’s successful strategy hinged on demonstrating that the respondent’s domain, while inactive in terms of website content, was actively configured with mail exchange (MX) records. By shifting the focus from traditional website-based traffic diversion to the functional threat of email infrastructure abuse, the complainant provided the panel with concrete evidence of bad-faith intent. This technical analysis proved critical in establishing that the respondent’s primary motive was to facilitate fraudulent communications, creating an clear risk of impersonation and business email compromise that directly leveraged the firm’s established brand identity.

The complainant bolstered its case by highlighting how the specific typographical manipulation—adding an extra ‘T’ and a hyphen—was a calculated attempt to mimic their official ‘gtlaw.com’ domain. By framing this as a direct threat to the firm’s professional integrity rather than a mere technical registry dispute, Greenberg Traurig successfully met the high burden of proof for showing that the respondent lacked legitimate interests. The panelist’s decision confirms that for professional services firms, demonstrating the potential for malicious email interception is an effective, evidence-based approach to reclaiming domains that serve as platforms for impersonation.

Practical Recommendations

  • Implement continuous, automated domain monitoring specifically targeting permutations of your primary domain that include additional characters, hyphenations, and industry-specific keywords like ‘law’.
  • Analyze MX record configurations during your domain triage process to immediately identify ‘passive’ domains that are technically staged for phishing and business email compromise (BEC).
  • Maintain a defensive portfolio of high-risk typo-squatted domains that mirror your core branding to preemptively block registration by malicious actors.
  • Draft pre-prepared cease-and-desist templates that cite technical evidence of MX record activity as proof of ‘bad faith’ use to accelerate dispute resolutions under UDRP.

Frequently Asked Questions (FAQ)

Why was the domain gtt-law.com considered confusingly similar to Greenberg Traurig’s trademark?

The panel determined that the domain incorporates the firm’s protected ‘GT’ mark in its entirety. The inclusion of an extra ‘T’, a hyphen, and the suffix ‘law’ did not distinguish the domain from the firm’s legitimate infrastructure at gtlaw.com, instead heightening the likelihood of consumer confusion regarding the source of legal services.

What evidence proved that the respondent acted in bad faith?

The panel found bad faith because the respondent, who had no legitimate rights or interests in the domain, configured the domain with active MX (mail exchange) records. This technical setup indicates an intent to facilitate fraudulent email communications while impersonating the firm, rather than using the domain for a legitimate website.

How does the registration of a domain without a website constitute a business threat?

Even in the absence of a visible website, the configuration of MX records allows a bad actor to send spoofed emails. In this case, the domain was a clear threat because it allowed the respondent to create the appearance of official Greenberg Traurig communications to potentially conduct phishing or business email compromise attacks.

What was the practical outcome of this UDRP proceeding?

Following the respondent’s default, the WIPO panelist ruled in favor of Greenberg Traurig, LLP, ordering the immediate transfer of the disputed domain gtt-law.com to the law firm to prevent further brand impersonation and potential misuse.

Concerned about fake email or invoice fraud?

Protect your firm from brand impersonation. Learn how to secure your infrastructure against MX record misuse and potential business email compromise.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.