Banca Mediolanum S.p.A. successfully secured the transfer of mediolanumgroup.com after it was used to host a high-fidelity impersonation of its banking services. The Respondent, located in Benin, utilized the bank’s official trademarks and registered office address to deceive users, leading the WIPO panel to find clear bad faith registration and use.
Case Snapshot
| Case Number | D2025-4400 |
|---|---|
| Complainant | Banca Mediolanum S.p.A. |
| Respondent | solange meco |
| Disputed Domain | mediolanumgroup.com |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2026-01-02 |
| Panelist | María Alejandra López García |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4400 |
Corporate Identity Portfolio Gaps and High-Fidelity Banking Impersonation
The registration of mediolanumgroup.com highlights a critical vulnerability in global domain portfolios regarding corporate structure terminology. By appending the descriptive term ‘group’ to the established MEDIOLANUM trademark, the Respondent exploited a logical naming convention that users naturally associate with official holding companies or international divisions. While Banca Mediolanum S.p.A. maintains an extensive portfolio of Italian country-code top-level domains (ccTLDs) such as bancamediolanum.it and mediolanumprivatebanking.it, the availability of the ‘brand plus group’ string in the .com TLD provided a low-cost entry point for a fraudulent actor to establish a credible-looking hub for international banking services. This represents a clear portfolio gap where the lack of defensive registrations for global corporate identifiers allowed a third party to capitalize on the Complainant’s multi-channel banking reputation.
The risk to customer trust is compounded by the high-fidelity nature of the impersonation. The Respondent did not merely display the trademark but replicated the Complainant’s specific banking activities and included its actual registered office address details. This level of detail significantly increases the efficacy of phishing attempts and credential theft, as users are less likely to question the legitimacy of a site that mirrors official corporate data points. For a financial institution managing EUR 144.4 billion in assets, the presence of a fraudulent site offering finance and banking-related activities creates a direct channel for illicit commercial gain by creating a likelihood of confusion with the source of the services.
The use of the Privacy Protect, LLC service and the Respondent’s location in Benin illustrate the cross-border challenges of brand protection in the financial sector. Although the disputed domain became inactive during the course of the UDRP proceedings, the initial active phase allowed for potential data collection and user deception under the guise of an official entity. The tactical shift from an active impersonation site to an inactive ‘site can’t be reached’ page often serves as a method to evade detection or mitigate legal repercussions after a complaint is filed. For brand owners, this case underscores the necessity of proactive defensive registrations for key corporate identity terms to prevent bad actors from utilizing privacy-shielded registrations to bypass local jurisdictional controls.
Analytical Review: High-Fidelity Impersonation and Corporate Portfolio Gaps
The Panel’s finding on confusing similarity centered on the verbatim incorporation of the MEDIOLANUM trademark within the disputed domain name. By appending the descriptive term ‘group,’ the Respondent failed to create a distinct identity, instead reinforcing the perceived connection to the Complainant’s corporate entity, the Mediolanum Group. Given that Banca Mediolanum S.p.A. has held European Union trademark rights since 2006 and manages approximately EUR 144.4 billion in assets, the mark is recognized as well-known in the financial sector. This established reputation makes it highly improbable that the Respondent, located in Benin, selected the term ‘mediolanum’ without prior knowledge of the bank’s significant market presence.
Regarding rights or legitimate interests, the Panel noted a total absence of evidence suggesting the Respondent was commonly known by the disputed name or held any independent intellectual property rights over the term. The Complainant confirmed that no authorization or license had been granted to ‘solange meco.’ Furthermore, the use of the domain to host a website that replicated the Complainant’s banking and financial services—including the unauthorized use of the bank’s registered office address—constitutes a per se lack of legitimate interest. Under the UDRP, such deceptive use is viewed as a calculated effort to capitalize on a Complainant’s goodwill rather than a bona fide offering of goods or services.
The determination of bad faith was supported by the Respondent’s intentional attempt to attract Internet users for commercial gain by creating a likelihood of confusion. The replication of the Complainant’s business activities and the use of its official corporate metadata indicate a sophisticated level of targeting. The initial concealment of the registrant’s identity via ‘Privacy Protect, LLC’ and the subsequent deactivation of the site during the proceedings (‘This site can’t be reached’) further evidenced a pattern of opportunistic registration. For the Panel, these factors collectively demonstrated that the domain was both registered and used with the specific intent of defrauding potential banking customers.
From a brand protection perspective, this case illustrates a critical vulnerability in global TLD portfolio management. While Banca Mediolanum maintained a robust presence across various .it extensions—including specialized domains such as mediolanumprivatebanking.it and mediolanumfiduciaria.it—the omission of the ‘brand plus keyword’ configuration in the .com space provided a clear entry point for fraudulent activity. For IP professionals, this highlights that even established financial institutions must secure descriptive corporate variations in major TLDs to prevent bad actors from exploiting naming conventions typically associated with international corporate structures.
Strategic Recovery via Evidence of Impersonation and Defensive Gap Analysis
The Complainant’s success was driven by the presentation of evidence demonstrating a high-fidelity impersonation of its banking and financial operations. By documenting that the Respondent’s website not only utilized the MEDIOLANUM trademark but also replicated the bank’s official registered office address and specific business activities, the Complainant established an undeniable intent to deceive. This level of granular impersonation is a critical evidentiary threshold in financial services disputes, as it proves the Respondent sought to divert customers for commercial gain by creating a likelihood of confusion. Even when the domain became inactive during the proceedings, the initial evidence of active fraud supported a finding of bad faith registration and use, demonstrating that current inactivity does not shield a respondent from the consequences of documented past abuse.
From a brand protection perspective, this case highlights a significant portfolio gap involving the .com extension and the brand-plus-keyword naming convention. Despite Banca Mediolanum S.p.A. managing EUR 144.4 billion in assets as of June 2025, the availability of mediolanumgroup.com allowed an individual in Benin to exploit the logical corporate identifier ‘group’. This reveals the risk of failing to secure defensive registrations for corporate structure variations in the primary global TLD. The Respondent’s use of a privacy service and their geographic distance further necessitated a formal WIPO proceeding to recover a domain that directly mirrored the bank’s corporate identity. For IP professionals, the case confirms that a comprehensive defensive strategy must include ‘group’ and other common corporate suffixes in the .com TLD to prevent high-stakes financial impersonation.
Practical Recommendations
- Secure ‘brand + group’ variations in the .com TLD to prevent bad actors from exploiting corporate structural naming conventions to host high-fidelity impersonation sites.
- Capture time-stamped visual evidence and source code of fraudulent websites immediately upon discovery, as respondents frequently take sites offline during UDRP proceedings to hide evidence of bad faith.
- Implement domain monitoring triggers specifically for the registration of domains that combine your trademark with business-specific keywords like ‘group’, ‘finance’, or ‘banking’ to identify phishing risks before they scale.
- Utilize the UDRP Registrar Verification process to unmask registrants behind privacy services, which is critical for establishing a pattern of bad faith when the respondent is located in a high-risk jurisdiction.
- Monitor for the unauthorized use of official corporate metadata, such as registered office addresses and VAT numbers, on third-party domains to detect ‘business identity’ theft beyond simple trademark infringement.
Frequently Asked Questions (FAQ)
Why was the domain mediolanumgroup.com considered confusingly similar to the Banca Mediolanum trademark?
The WIPO panel determined that the disputed domain name incorporates the Complainant’s ‘MEDIOLANUM’ trademark in its entirety, merely adding the descriptive term ‘group’. This creates a high likelihood of confusion, as the domain suggests an official affiliation or subsidiary of the established banking entity.
What evidence confirmed the Respondent’s lack of rights or legitimate interests in the disputed domain?
There was no evidence that the Respondent, identified as an individual in Benin, held any trademark rights to ‘MEDIOLANUM’ or had received authorization from Banca Mediolanum to use the name. Furthermore, the Respondent was not commonly known by the domain name and offered no legitimate noncommercial or fair use.
How did the panel establish that the domain was registered and used in bad faith?
Bad faith was proven by the Respondent’s active replication of the Complainant’s business finance activities on the website, including the unauthorized use of the bank’s trademarks and its official registered office address. This deliberate impersonation demonstrated an intentional effort to attract internet users for commercial gain by deceiving them into believing the site was official.
What does the transition of the domain from an active site to an inactive state signify for UDRP proceedings?
The Respondent’s decision to make the site inactive (‘This site can’t be reached’) during the proceedings did not protect the domain from transfer. UDRP panels frequently view such ‘passive holding’ of a domain—especially when it was previously used for active impersonation—as continuing evidence of bad faith, ultimately leading to the order of transfer to the Complainant.
Facing corporate impersonation through a domain?
Protect your brand’s reputation and client trust. Our experts specialize in identifying and recovering domains used for high-fidelity corporate impersonation to mitigate the risks of credential theft and phishing.
This case note is for informational purposes only and is not legal advice.



