16 July, 2026

Addressing SSO Impersonation and Typosquatting Threats

UDRP Cases

Brixmor Property Group successfully secured the transfer of three domains used by a repeat bad actor to impersonate its authentication systems. The panel ruled that the registration of these domains constituted bad faith use, citing their similarity to the BRIXMOR trademark and active phishing activity.

Case Snapshot

Case Number D2026-1947
Complainant Brixmor Property Group, Inc.
Respondent Host Master, Njalla Okta LLC
Disputed Domain
brixmorsso.commybrixmorsfso.commybrixmorsso.com
Threat Tactic Corporate Impersonation
Decision Date 2026-06-22
Panelist Willem J. H. Leppink
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1947

Threat Assessment: SSO-Themed Impersonation and Credential Fraud

The registration of domains such as ‘brixmorsso.com’, ‘mybrixmorsso.com’, and ‘mybrixmorsfso.com’ represents a sophisticated attempt to weaponize corporate authentication workflows. By incorporating terms like ‘sso’ (Single Sign-On) alongside the BRIXMOR trademark, the Respondent aimed to deceive users into believing these domains were authentic entry points for the Complainant’s secure systems. This tactic exploits the inherent trust employees and customers place in standard enterprise login processes, significantly increasing the probability of successful credential theft and subsequent unauthorized access to sensitive corporate data.

The strategic use of these domains underscores a severe risk to customer trust and brand integrity. The identification of ‘brixmorsso.com’ as an unsafe and disguised phishing website by Google Safe Browsing serves as an indicator of the active harm posed by the Respondent’s campaign. Furthermore, the presence of inactive domains among the disputed set suggests a broader, opportunistic strategy where the Respondent maintains a reservoir of future attack vectors. Given the Respondent’s history as a named party in 67 prior UDRP proceedings, these tactics reflect a deliberate, recidivist pattern of abusive registration designed to facilitate fraud and undermine the Complainant’s established goodwill in the real estate sector.

Strategic Leverage of Patterned Misconduct and External Threat Intelligence

The Complainant successfully navigated the burden of proof by integrating empirical evidence of active phishing with a broader narrative of the Respondent’s documented pattern of abusive registrations. By leveraging third-party data from Google Safe Browsing, the Complainant provided the Panel with objective, verifiable proof that the disputed domain brixmorsso.com was being used for malicious, disguised phishing activities. This technical evidence, coupled with the linguistic analysis showing how the incorporation of ‘sso’ and ‘my’ prefixing sought to impersonate corporate authentication flows, established a clear trajectory of bad faith registration and use that transcended mere opportunistic domain squatting.

Furthermore, the strategy relied heavily on highlighting the Respondent’s extensive history as a repeat offender in 67 prior UDRP proceedings. By documenting this systematic behavior, the Complainant effectively neutralized potential defense claims, demonstrating that the Respondent’s primary intent was to trade on established brand goodwill through serial intellectual property infringement. This evidence of serial conduct allowed the Panel to confidently infer bad faith even regarding the remaining domains that were inactive at the time of filing, effectively treating them as a defensive stockpile for future fraud. This approach underscores the value for brand owners of maintaining granular records of external threat warnings and prior legal enforcement actions when challenging sophisticated impersonation campaigns.

Practical Recommendations

  • Proactively register defensive variations of your brand incorporating common enterprise service suffixes (e.g., ‘sso’, ‘login’, ‘portal’, ‘auth’) to prevent attackers from establishing perceived legitimacy.
  • Monitor security reputation databases like Google Safe Browsing and VirusTotal to capture real-time evidence of phishing site activity, which significantly strengthens UDRP complaints regarding bad faith use.
  • Perform automated ‘whois’ lookups and domain registration monitoring for new domains containing your trademark combined with technical terms to identify and act on passive holdings before they transition into active phishing campaigns.
  • Maintain a log of prior UDRP proceedings involving known bad actors to demonstrate a consistent ‘pattern of conduct’ when filing new complaints, as this evidence is highly persuasive to panels in establishing bad faith.

Frequently Asked Questions (FAQ)

Why were the disputed domains (e.g., brixmorsso.com) considered confusingly similar to the BRIXMOR trademark?

The panel found the domains confusingly similar because they incorporated the BRIXMOR trademark in its entirety. The addition of terms like ‘sso’ (Single Sign-On) and ‘my’ was clearly designed to deceive users into believing the domains were official Brixmor authentication portals.

How did the panel determine that the Respondent lacked legitimate rights or interests in these domains?

The Respondent failed to file a response to the Complaint. Furthermore, the evidence indicated the Respondent was using the domains for phishing or holding them as a deceptive infrastructure, which does not constitute a legitimate non-commercial or fair use under UDRP policy.

What evidence was most critical in proving the Respondent acted in bad faith?

The panel cited the active phishing warnings provided by Google Safe Browsing as direct evidence of bad faith use. Additionally, the Panel highlighted the Respondent’s history of being named in 67 prior UDRP proceedings, establishing a clear pattern of abusive domain registration.

Does the fact that some domains were inactive at the time of the filing impact the outcome?

No. Despite two of the domains (mybrixmorsfso.com and mybrixmorsso.com) being inactive at the time of filing, the Panel found the registration was still made in bad faith, particularly given the Respondent’s established history of trademark-abusive domain registrations and the simultaneous active phishing use of the related brixmorsso.com domain.

Facing corporate impersonation through a domain?

Protect your brand and user data from sophisticated SSO-themed phishing and credential theft tactics. Learn how to identify and mitigate domain-based impersonation risks through proactive UDRP strategies.

Assess impersonation threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.