5 May, 2026

Typosquatting of ALSTOM Group Identifier Exposes Corporate Portfolio Gaps

UDRP Cases

ALSTOM recovered the domain alstorngroup.net after a respondent registered the typo-variant to host industry-related pay-per-click links. The WIPO panel found the registration was a deliberate attempt to exploit the ‘Alstom Group’ corporate identity and ordered a full transfer.

Case Snapshot

Case Number D2026-0976
Complainant ALSTOM
Respondent Diana iulia, Hedonova LLC
Disputed Domain
alstorngroup.net
Threat Tactic Typo Domains
Decision Date 2026-04-17
Panelist Francisco Castillo-Chacón
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-0976

Exploitation of Corporate Identifiers and B2B Procurement Traffic

The registration of alstorngroup.net represents a calculated attempt to exploit the "Alstom Group" corporate identity through typographical mimicry. By substituting the letter ‘m’ with the character combination ‘rn’, the respondent created a domain that is visually confusing to users, especially within industrial procurement channels where the "Alstom Group" name is a primary identifier for subsidiaries and employee email communications. This tactic specifically targets gaps in a brand’s defensive registration strategy by combining a well-known trademark with a common descriptive term ("group") in the .net Top-Level Domain (TLD), which is frequently perceived by corporate users as a legitimate alternative for infrastructure and networking services.

Beyond mere brand dilution, the initial use of the domain to host pay-per-click (PPC) links creates direct commercial risks through the diversion of high-value B2B traffic. The presence of links for "Global Sourcing," "Industrial Equipment Supplies," and "Industrial Automation" demonstrates an intentional effort to siphon traffic from users seeking ALSTOM’s rail and transport services. This diversion not only redirects potential procurement partners to third-party industrial suppliers but also compromises the integrity of the Complainant’s digital ecosystem. Even though the domain later transitioned to an inactive parking page, the panel recognized that such passive holding, when combined with the deliberate mimicry of a famous mark and a failure to respond to cease-and-desist efforts, indicates a persistent threat of future unauthorized use or potential impersonation fraud.

Strategic Exploitation of Corporate Identifiers and Industry-Specific Evidence

ALSTOM successfully secured the transfer of the disputed domain by demonstrating that the respondent’s registration of alstorngroup.net was a calculated attempt to mimic the specific Alstom Group corporate identifier used for subsidiaries and employee email addresses. By providing documented evidence of pay-per-click links active between February and March 2026—specifically those referencing Global Sourcing and Industrial Equipment Supplies—the complainant established a direct link between the typo-variant and its own industrial sector. This industry-specific targeting proved that the respondent intended to attract B2B procurement traffic by creating a likelihood of confusion with the ALSTOM trademark, which is a well-known identifier in the rail and transport sectors with global registrations dating back to 1998.

The persuasiveness of the case was reinforced by the visual similarity of the ‘rn’ typographical addition, which the panel noted would likely be read by internet users as the letter ‘m’. Furthermore, the complainant’s proactive strategy in sending a cease-and-desist letter on February 5, 2026, and documenting the respondent’s subsequent failure to reply, provided necessary evidence of bad faith. Even though the domain later resolved to an inactive parking page, the evidence of prior commercial use through industry-related links prevented the respondent from claiming a lack of commercial intent. This highlights how forensic monitoring of domain resolution changes can be a critical factor for brand owners when the respondent attempts to hide earlier infringing activity through passive holding.

Practical Recommendations

  • Prioritize monitoring for character-substitution typos such as ‘rn’ for ‘m’ or ‘cl’ for ‘d’, as these visual look-alikes are highly effective at deceiving B2B procurement teams and bypassing simple string-match filters.
  • Perform a defensive audit and registration of the ‘[Brand]Group’ string across all major TLDs (.com, .net, .fr) if that specific corporate identifier is used for subsidiary naming or employee email architecture.
  • Implement automated web-crawling to archive Pay-Per-Click (PPC) landing pages immediately upon detection, as bad-faith actors frequently pivot to ‘passive holding’ once a Cease-and-Desist letter is received to hide evidence of commercial exploitation.
  • Expand domain monitoring to include combinations of the brand name with high-value industry keywords (e.g., ‘sourcing’, ‘industrial’, ‘automation’) to preempt the diversion of specialized B2B traffic to competitors.
  • Conduct a TLD gap analysis specifically for the .net extension for all core corporate identifiers; as demonstrated in this case, the use of .net for corporate-sounding domains poses a significant risk for email-based impersonation.

Frequently Asked Questions (FAQ)

Why was the domain ‘alstorngroup.net’ considered confusingly similar to the ALSTOM trademark?

The WIPO panel determined that ‘alstorngroup.net’ is confusingly similar because it incorporates the protected ALSTOM mark with a minor typographical substitution (‘rn’ instead of ‘m’) combined with the term ‘group,’ which directly mimics the Complainant’s established corporate identifier used across its subsidiaries.

What evidence established the Respondent’s lack of rights or legitimate interests in the domain?

The panel found that the Respondent had no authorization to use the ALSTOM mark and provided no evidence of a bona fide offering of goods or services. The domain was used solely to host pay-per-click links for industrial equipment and later sat as an inactive parking page, neither of which constitutes a legitimate interest.

How did the panel conclude that the Respondent acted in bad faith?

Bad faith was proven by the Respondent’s deliberate effort to attract internet traffic for commercial gain through typographical mimicry of a famous mark. This was further reinforced by the Respondent’s failure to respond to a cease-and-desist letter and the use of links specifically targeting the Complainant’s industrial business sector.

What is the primary business risk associated with this type of domain registration?

This case highlights the risk of brand dilution and traffic diversion where unauthorized parties register typo-variants of corporate identifiers. Such domains can redirect B2B procurement traffic to third-party competitors or unauthorized suppliers, potentially damaging brand reputation and creating risks for future corporate impersonation.

Is your brand portfolio vulnerable to typosquatting?

The ALSTOM case highlights how attackers use subtle domain misspellings to siphon B2B traffic. If your brand relies on corporate identifiers, perform a proactive audit to identify and neutralize look-alike domains before they are weaponized.

Start domain recovery

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.