Belfius Bank SA / Belfius Bank NV successfully secured the transfer of the domain belfius-gebruiker.net in a WIPO UDRP proceeding. The disputed domain combined the bank’s trademark with the Dutch word for ‘user’ (‘gebruiker’) and was held passively. The panel ordered its transfer after finding the registration was designed to exploit association with the bank’s services in bad faith.
Case Snapshot
| Case Number | D2025-4582 |
|---|---|
| Complainant | Belfius Bank SA / Belfius Bank NV |
| Respondent | Marle Bikan |
| Disputed Domain | belfius-gebruiker.net |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2025-12-25 |
| Panelist | Andrea Cappai |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4582 |
The Impersonation and Credential Harvesting Risks of Localized Customer-Targeted Domains
The registration of belfius-gebruiker.net by an unauthorized third party highlights the acute security risks financial institutions face from targeted "brand-plus-keyword" domain strategies. By combining the registered trademark BELFIUS with the Dutch descriptive term "gebruiker" (meaning "user"), the domain targets a specific, localized demographic of Belfius Bank SA / Belfius Bank NV’s customer base. This linguistic pairing significantly heightens the risk of corporate impersonation, as customers searching for online banking portals or user accounts could easily mistake this unauthorized address for a legitimate, interactive customer hub. Although there is no documented evidence of active phishing or financial losses associated with this specific domain, the structural formulation of the name presents an immediate, latent threat of localized credential harvesting and customer trust erosion.
Furthermore, the passive holding of this domain name does not diminish its commercial hazard, but rather represents an ongoing administrative and security monitoring burden. The registrant, Marle Bikan, utilized a privacy service to conceal their identity and failed to reply to the Complainant’s contentions, demonstrating a lack of transparent, legitimate interest. For brand protection professionals, passive holding by an unrelated foreign entity requires continuous surveillance to ensure the inactive site is not suddenly weaponized for fraudulent activities, email fraud, or malware distribution. Securing a proactive transfer via UDRP proceedings is therefore an essential preventative measure to eliminate the operational overhead required to monitor these latent lookalike domains.
Panel Analysis: Deconstructive Bad Faith and the Impersonation Threat of Localized Customer Portals
In evaluating the first UDRP element, Sole Panelist Andrea Cappai focused on the direct structural comparison between the Complainant’s prior-registered BELFIUS trademark and the disputed domain name, ‘belfius-gebruiker.net’. The panel found that incorporating the trademark in its entirety established confusing similarity. The addition of the Dutch descriptive term ‘gebruiker’—meaning ‘user’—did not dispel this confusion. Instead, for a Belgian financial institution whose client base widely speaks Dutch, the addition of a localized keyword serves to reinforce an association with Belfius Bank’s online interactive portals, heightening the threat of customer deception.
Regarding rights or legitimate interests, the Respondent, Marle Bikan, failed to submit a response or demonstrate any bona fide preparations to use the domain name. Belfius Bank established that the Respondent had received no authorization or license to utilize the BELFIUS mark. Because the domain remained completely inactive and the Respondent was not commonly known by the name, the panel determined that the second element of the Policy was satisfied. This lack of response left the Complainant’s prima facie case entirely uncontradicted.
Under the bad faith analysis, the panel applied the established doctrine of passive holding. Although the disputed domain did not resolve to an active website and there was no evidence of active phishing, the registration was deemed to be in bad faith. Given the bank’s substantial reputation and the specific targeting of the term ‘user’ (gebruiker), there is no plausible good faith explanation for a third party in Morocco to register this domain. The Respondent’s initial use of a proxy service to conceal their identity further substantiated the finding of bad faith registration and use.
From an intellectual property and risk management perspective, this dispute illustrates the high vulnerability of financial institutions to brand-plus-keyword registrations. While passive holding does not cause immediate operational disruptions, unauthorized portals incorporating terms like ‘user’ represent primed infrastructure for future credential harvesting or localized phishing. Promptly leveraging the UDRP process allows brand owners to neutralize these latent digital threats and preserve systemic trust before malicious activation occurs.
Deconstructing the Complainant’s Brand-Plus-Keyword Strategy
Belfius Bank’s successful UDRP strategy relied on demonstrating that the respondent’s use of a descriptive localized keyword was a calculated attempt to exploit the bank’s established commercial footprint. By incorporating the Dutch word ‘gebruiker’ (meaning ‘user’) alongside the entire ‘BELFIUS’ trademark, the disputed domain ‘belfius-gebruiker.net’ created an immediate, deceptive association with the bank’s interactive online banking services. The complainant’s legal team reinforced this argument by presenting clear evidence of their prior trademark rights, including Benelux and European Union registrations dating back to May 2012. This established a clear foundation of priority, allowing the panelist to conclude that the addition of a descriptive customer-facing term did not dispel confusing similarity, but rather increased the likelihood of confusion among the bank’s Dutch-speaking client base.
Furthermore, the complainant successfully secured the transfer by applying the passive holding doctrine to address the inactive status of the disputed domain. Even though there was no documented evidence of active phishing campaigns, malware hosting, or actual customer financial losses associated with the site, the bank effectively argued that the respondent’s behavior constituted bad faith registration and use. The combination of using a registration privacy service to conceal the identity of the Morocco-based respondent, failing to reply to the complaint, and registering a domain combining a financial trademark with a term targeting ‘users’ left no plausible good-faith explanation. This case illustrates how proactive UDRP enforcement against inactive, highly target-specific lookalike domains can neutralize customer security and reputational risks before actual credential harvesting occurs.
Practical Recommendations
- Proactively monitor for brand-plus-keyword variations incorporating localized client-facing terms (such as the Dutch ‘gebruiker’ for user) to identify and flag potential lookalike portals targeting specific language demographics.
- Utilize the UDRP ‘passive holding’ doctrine to secure transfers of high-risk domains mimicking financial brands, even if the domain is currently inactive and no live phishing or customer losses have been documented.
- Deploy automated alert systems to track newly registered domains that combine core brand names with interactive terms while utilizing WHOIS privacy services, enabling early detection and rapid legal review.
- Conduct localized defensive registration audits for core financial brands paired with transactional and user-access keywords (e.g., ‘login’, ‘user’, ‘portal’) in native languages of key operating markets to pre-empt bad-faith registrations.
Frequently Asked Questions (FAQ)
Why was ‘belfius-gebruiker.net’ considered confusingly similar to the BELFIUS trademark?
The panel found that the domain name incorporates the BELFIUS trademark in its entirety. The addition of the Dutch term ‘gebruiker’ (user) does not distinguish the domain from the brand; instead, it creates a false association with the complainant’s banking services by implying it is a specialized portal for customers.
What evidence established that the respondent lacked rights or legitimate interests in the disputed domain?
The complainant demonstrated that the respondent was not authorized or licensed to use the BELFIUS mark. Furthermore, the respondent was not commonly known by the name ‘belfius-gebruiker’ and failed to provide any evidence of preparations to use the domain in connection with a bona fide offering of goods or services.
How did the panel conclude the domain was registered and used in bad faith despite it being an inactive page?
The panel applied the doctrine of ‘passive holding.’ Given the notoriety of the BELFIUS financial brand and the lack of a plausible good-faith explanation for the respondent’s choice of domain name, the inactivity of the site did not prevent a finding of bad faith registration and use.
What is the primary risk posed by ‘brand-plus-keyword’ domains like this one?
These domains pose a significant risk of ‘customer credential harvesting’ or phishing. By adding descriptive keywords like ‘gebruiker’ to a recognized financial trademark, attackers aim to gain the trust of localized users, making it vital for institutions to proactively monitor and neutralize such variations.
Detected an impersonation domain using your brand?
Cyber-squatters often combine your trademark with descriptive keywords to target your customers. If you have identified a suspicious domain mimicking your brand, contact us to assess your UDRP eligibility and recover the asset.
This case note is for informational purposes only and is not legal advice.



