5 May, 2026

Banking Impersonation and Portfolio Gaps: Banca Mediolanum S.p.A. v. solange meco

UDRP Cases

Banca Mediolanum S.p.A. successfully secured the transfer of mediolanumgroup.com after it was used to host a high-fidelity impersonation of its banking services. The Respondent, located in Benin, utilized the bank’s official trademarks and registered office address to deceive users, leading the WIPO panel to find clear bad faith registration and use.

Case Snapshot

Case Number D2025-4400
Complainant Banca Mediolanum S.p.A.
Respondent solange meco
Disputed Domain
mediolanumgroup.com
Threat Tactic Corporate Impersonation
Decision Date 2026-01-02
Panelist María Alejandra López García
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4400

Corporate Identity Portfolio Gaps and High-Fidelity Banking Impersonation

The registration of mediolanumgroup.com highlights a critical vulnerability in global domain portfolios regarding corporate structure terminology. By appending the descriptive term ‘group’ to the established MEDIOLANUM trademark, the Respondent exploited a logical naming convention that users naturally associate with official holding companies or international divisions. While Banca Mediolanum S.p.A. maintains an extensive portfolio of Italian country-code top-level domains (ccTLDs) such as bancamediolanum.it and mediolanumprivatebanking.it, the availability of the ‘brand plus group’ string in the .com TLD provided a low-cost entry point for a fraudulent actor to establish a credible-looking hub for international banking services. This represents a clear portfolio gap where the lack of defensive registrations for global corporate identifiers allowed a third party to capitalize on the Complainant’s multi-channel banking reputation.

The risk to customer trust is compounded by the high-fidelity nature of the impersonation. The Respondent did not merely display the trademark but replicated the Complainant’s specific banking activities and included its actual registered office address details. This level of detail significantly increases the efficacy of phishing attempts and credential theft, as users are less likely to question the legitimacy of a site that mirrors official corporate data points. For a financial institution managing EUR 144.4 billion in assets, the presence of a fraudulent site offering finance and banking-related activities creates a direct channel for illicit commercial gain by creating a likelihood of confusion with the source of the services.

The use of the Privacy Protect, LLC service and the Respondent’s location in Benin illustrate the cross-border challenges of brand protection in the financial sector. Although the disputed domain became inactive during the course of the UDRP proceedings, the initial active phase allowed for potential data collection and user deception under the guise of an official entity. The tactical shift from an active impersonation site to an inactive ‘site can’t be reached’ page often serves as a method to evade detection or mitigate legal repercussions after a complaint is filed. For brand owners, this case underscores the necessity of proactive defensive registrations for key corporate identity terms to prevent bad actors from utilizing privacy-shielded registrations to bypass local jurisdictional controls.

Strategic Recovery via Evidence of Impersonation and Defensive Gap Analysis

The Complainant’s success was driven by the presentation of evidence demonstrating a high-fidelity impersonation of its banking and financial operations. By documenting that the Respondent’s website not only utilized the MEDIOLANUM trademark but also replicated the bank’s official registered office address and specific business activities, the Complainant established an undeniable intent to deceive. This level of granular impersonation is a critical evidentiary threshold in financial services disputes, as it proves the Respondent sought to divert customers for commercial gain by creating a likelihood of confusion. Even when the domain became inactive during the proceedings, the initial evidence of active fraud supported a finding of bad faith registration and use, demonstrating that current inactivity does not shield a respondent from the consequences of documented past abuse.

From a brand protection perspective, this case highlights a significant portfolio gap involving the .com extension and the brand-plus-keyword naming convention. Despite Banca Mediolanum S.p.A. managing EUR 144.4 billion in assets as of June 2025, the availability of mediolanumgroup.com allowed an individual in Benin to exploit the logical corporate identifier ‘group’. This reveals the risk of failing to secure defensive registrations for corporate structure variations in the primary global TLD. The Respondent’s use of a privacy service and their geographic distance further necessitated a formal WIPO proceeding to recover a domain that directly mirrored the bank’s corporate identity. For IP professionals, the case confirms that a comprehensive defensive strategy must include ‘group’ and other common corporate suffixes in the .com TLD to prevent high-stakes financial impersonation.

Practical Recommendations

  • Secure ‘brand + group’ variations in the .com TLD to prevent bad actors from exploiting corporate structural naming conventions to host high-fidelity impersonation sites.
  • Capture time-stamped visual evidence and source code of fraudulent websites immediately upon discovery, as respondents frequently take sites offline during UDRP proceedings to hide evidence of bad faith.
  • Implement domain monitoring triggers specifically for the registration of domains that combine your trademark with business-specific keywords like ‘group’, ‘finance’, or ‘banking’ to identify phishing risks before they scale.
  • Utilize the UDRP Registrar Verification process to unmask registrants behind privacy services, which is critical for establishing a pattern of bad faith when the respondent is located in a high-risk jurisdiction.
  • Monitor for the unauthorized use of official corporate metadata, such as registered office addresses and VAT numbers, on third-party domains to detect ‘business identity’ theft beyond simple trademark infringement.

Frequently Asked Questions (FAQ)

Why was the domain mediolanumgroup.com considered confusingly similar to the Banca Mediolanum trademark?

The WIPO panel determined that the disputed domain name incorporates the Complainant’s ‘MEDIOLANUM’ trademark in its entirety, merely adding the descriptive term ‘group’. This creates a high likelihood of confusion, as the domain suggests an official affiliation or subsidiary of the established banking entity.

What evidence confirmed the Respondent’s lack of rights or legitimate interests in the disputed domain?

There was no evidence that the Respondent, identified as an individual in Benin, held any trademark rights to ‘MEDIOLANUM’ or had received authorization from Banca Mediolanum to use the name. Furthermore, the Respondent was not commonly known by the domain name and offered no legitimate noncommercial or fair use.

How did the panel establish that the domain was registered and used in bad faith?

Bad faith was proven by the Respondent’s active replication of the Complainant’s business finance activities on the website, including the unauthorized use of the bank’s trademarks and its official registered office address. This deliberate impersonation demonstrated an intentional effort to attract internet users for commercial gain by deceiving them into believing the site was official.

What does the transition of the domain from an active site to an inactive state signify for UDRP proceedings?

The Respondent’s decision to make the site inactive (‘This site can’t be reached’) during the proceedings did not protect the domain from transfer. UDRP panels frequently view such ‘passive holding’ of a domain—especially when it was previously used for active impersonation—as continuing evidence of bad faith, ultimately leading to the order of transfer to the Complainant.

Facing corporate impersonation through a domain?

Protect your brand’s reputation and client trust. Our experts specialize in identifying and recovering domains used for high-fidelity corporate impersonation to mitigate the risks of credential theft and phishing.

Assess impersonation threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.