5 May, 2026

How Brand-Plus-Keyword Domains Threaten Financial Institution Trust: The belfius-gebruiker.net Case

UDRP Cases

Belfius Bank SA / Belfius Bank NV successfully secured the transfer of the domain belfius-gebruiker.net in a WIPO UDRP proceeding. The disputed domain combined the bank’s trademark with the Dutch word for ‘user’ (‘gebruiker’) and was held passively. The panel ordered its transfer after finding the registration was designed to exploit association with the bank’s services in bad faith.

Case Snapshot

Case Number D2025-4582
Complainant Belfius Bank SA / Belfius Bank NV
Respondent Marle Bikan
Disputed Domain
belfius-gebruiker.net
Threat Tactic Brand Plus Keyword
Decision Date 2025-12-25
Panelist Andrea Cappai
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4582

The Impersonation and Credential Harvesting Risks of Localized Customer-Targeted Domains

The registration of belfius-gebruiker.net by an unauthorized third party highlights the acute security risks financial institutions face from targeted "brand-plus-keyword" domain strategies. By combining the registered trademark BELFIUS with the Dutch descriptive term "gebruiker" (meaning "user"), the domain targets a specific, localized demographic of Belfius Bank SA / Belfius Bank NV’s customer base. This linguistic pairing significantly heightens the risk of corporate impersonation, as customers searching for online banking portals or user accounts could easily mistake this unauthorized address for a legitimate, interactive customer hub. Although there is no documented evidence of active phishing or financial losses associated with this specific domain, the structural formulation of the name presents an immediate, latent threat of localized credential harvesting and customer trust erosion.

Furthermore, the passive holding of this domain name does not diminish its commercial hazard, but rather represents an ongoing administrative and security monitoring burden. The registrant, Marle Bikan, utilized a privacy service to conceal their identity and failed to reply to the Complainant’s contentions, demonstrating a lack of transparent, legitimate interest. For brand protection professionals, passive holding by an unrelated foreign entity requires continuous surveillance to ensure the inactive site is not suddenly weaponized for fraudulent activities, email fraud, or malware distribution. Securing a proactive transfer via UDRP proceedings is therefore an essential preventative measure to eliminate the operational overhead required to monitor these latent lookalike domains.

Deconstructing the Complainant’s Brand-Plus-Keyword Strategy

Belfius Bank’s successful UDRP strategy relied on demonstrating that the respondent’s use of a descriptive localized keyword was a calculated attempt to exploit the bank’s established commercial footprint. By incorporating the Dutch word ‘gebruiker’ (meaning ‘user’) alongside the entire ‘BELFIUS’ trademark, the disputed domain ‘belfius-gebruiker.net’ created an immediate, deceptive association with the bank’s interactive online banking services. The complainant’s legal team reinforced this argument by presenting clear evidence of their prior trademark rights, including Benelux and European Union registrations dating back to May 2012. This established a clear foundation of priority, allowing the panelist to conclude that the addition of a descriptive customer-facing term did not dispel confusing similarity, but rather increased the likelihood of confusion among the bank’s Dutch-speaking client base.

Furthermore, the complainant successfully secured the transfer by applying the passive holding doctrine to address the inactive status of the disputed domain. Even though there was no documented evidence of active phishing campaigns, malware hosting, or actual customer financial losses associated with the site, the bank effectively argued that the respondent’s behavior constituted bad faith registration and use. The combination of using a registration privacy service to conceal the identity of the Morocco-based respondent, failing to reply to the complaint, and registering a domain combining a financial trademark with a term targeting ‘users’ left no plausible good-faith explanation. This case illustrates how proactive UDRP enforcement against inactive, highly target-specific lookalike domains can neutralize customer security and reputational risks before actual credential harvesting occurs.

Practical Recommendations

  • Proactively monitor for brand-plus-keyword variations incorporating localized client-facing terms (such as the Dutch ‘gebruiker’ for user) to identify and flag potential lookalike portals targeting specific language demographics.
  • Utilize the UDRP ‘passive holding’ doctrine to secure transfers of high-risk domains mimicking financial brands, even if the domain is currently inactive and no live phishing or customer losses have been documented.
  • Deploy automated alert systems to track newly registered domains that combine core brand names with interactive terms while utilizing WHOIS privacy services, enabling early detection and rapid legal review.
  • Conduct localized defensive registration audits for core financial brands paired with transactional and user-access keywords (e.g., ‘login’, ‘user’, ‘portal’) in native languages of key operating markets to pre-empt bad-faith registrations.

Frequently Asked Questions (FAQ)

Why was ‘belfius-gebruiker.net’ considered confusingly similar to the BELFIUS trademark?

The panel found that the domain name incorporates the BELFIUS trademark in its entirety. The addition of the Dutch term ‘gebruiker’ (user) does not distinguish the domain from the brand; instead, it creates a false association with the complainant’s banking services by implying it is a specialized portal for customers.

What evidence established that the respondent lacked rights or legitimate interests in the disputed domain?

The complainant demonstrated that the respondent was not authorized or licensed to use the BELFIUS mark. Furthermore, the respondent was not commonly known by the name ‘belfius-gebruiker’ and failed to provide any evidence of preparations to use the domain in connection with a bona fide offering of goods or services.

How did the panel conclude the domain was registered and used in bad faith despite it being an inactive page?

The panel applied the doctrine of ‘passive holding.’ Given the notoriety of the BELFIUS financial brand and the lack of a plausible good-faith explanation for the respondent’s choice of domain name, the inactivity of the site did not prevent a finding of bad faith registration and use.

What is the primary risk posed by ‘brand-plus-keyword’ domains like this one?

These domains pose a significant risk of ‘customer credential harvesting’ or phishing. By adding descriptive keywords like ‘gebruiker’ to a recognized financial trademark, attackers aim to gain the trust of localized users, making it vital for institutions to proactively monitor and neutralize such variations.

Detected an impersonation domain using your brand?

Cyber-squatters often combine your trademark with descriptive keywords to target your customers. If you have identified a suspicious domain mimicking your brand, contact us to assess your UDRP eligibility and recover the asset.

Assess brand threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.