Carrefour SA successfully regained the domain carre-four-me.com following a WIPO ruling against an anonymous respondent. The panel ordered the transfer after confirming the domain was used to impersonate the brand and facilitate potential phishing activity.
Case Snapshot
| Case Number | D2026-2019 |
|---|---|
| Complainant | Carrefour SA |
| Respondent | suke, su ke |
| Disputed Domain | carre-four-me.com |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2026-06-23 |
| Panelist | Moonchul Chang |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-2019 |
Threat Assessment: Retail Impersonation and Consumer Security Risks
The registration of ‘carre-four-me.com’ represents a calculated effort to leverage Carrefour SA’s global retail brand identity for malicious purposes. By utilizing a hyphenated variation of the established ‘CARREFOUR’ mark, the respondent created a deceptive environment designed to misdirect consumers. The website associated with this domain displayed the protected trademark and offered products for sale, a tactic that directly undermines brand equity and dilutes the consumer perception of authorized Carrefour retail channels. Such unauthorized use serves to capture traffic intended for the legitimate entity, increasing the risk of commercial fraud and damaging the long-standing trust associated with the brand’s international operations.
Beyond simple brand dilution, the domain posed a tangible security threat to the public. Evidence presented during the proceedings confirmed that the domain triggered active phishing warnings, indicating that the platform was being weaponized to intercept consumer data or facilitate fraudulent transactions. The discrepancy between the registrant information provided at the time of the UDRP complaint and the details verified by the registrar highlights the challenges in identifying anonymous bad actors who use falsified data to mask their activities. This case underscores the necessity of proactive monitoring for hyphenated typosquatting, as these domains function not merely as landing pages, but as infrastructure for broader cyber threats against a brand’s customer base.
Panel Reasoning: Evaluating Confusion, Unauthorized Use, and Malicious Intent
To succeed under the UDRP, the Complainant successfully satisfied the three-pronged requirement of Policy 4(a). The Panel found that the disputed domain name, ‘carre-four-me.com’, was confusingly similar to the globally recognized CARREFOUR trademark. By incorporating the trademark in a hyphenated format—’carre-four’—the registrant created a distinct risk of consumer confusion. The Panel noted that the Complainant’s extensive global retail footprint, operating over 14,000 stores, reinforces the strength of the mark and underscores the likelihood that consumers would mistakenly associate the domain with Carrefour SA’s legitimate services.
Regarding rights and legitimate interests, the Panel determined the Respondent lacked authorization to utilize the CARREFOUR mark. The Respondent failed to respond to the complaint, and no evidence was provided to suggest a bona fide offering of goods or services. Instead, the evidence demonstrated that the website actively impersonated the Complainant by displaying the CARREFOUR mark and offering products for sale. This unauthorized visual mimicry constitutes a clear effort to trade on the brand’s goodwill without any lawful basis, failing to establish any rights under the Policy.
Finally, the Panel reached a definitive conclusion regarding bad faith, noting that the Respondent registered the domain with full awareness of the Complainant’s widely known trademark. The use of the site to impersonate the brand, coupled with the triggering of security warnings for potential phishing, evidenced a clear malicious intention. By creating a digital storefront designed to deceive the public, the Respondent demonstrated an intent to disrupt the Complainant’s business and exploit consumer trust. Consequently, the Panel ordered the transfer of the domain, confirming the systematic abuse of the CARREFOUR identity for fraudulent purposes.
Strategic Enforcement Against Brand Impersonation and Phishing
The successful recovery of the carre-four-me.com domain was predicated on the Complainant’s ability to substantiate claims of bad faith through technical evidence rather than relying solely on trademark infringement assertions. By submitting documentation that the disputed site triggered automated security warnings for potential phishing, the Complainant demonstrated that the Respondent’s use went beyond simple cybersquatting into active consumer deception. This evidence allowed the panel to move beyond the threshold of basic similarity, establishing that the Respondent was leveraging the well-known CARREFOUR mark with malicious intent, which directly supports the legal findings of bad faith use under the UDRP.
Procedurally, the brand’s strategy benefited from the Registrar’s verification process, which revealed a significant discrepancy between the Respondent’s provided contact details and the true underlying registrant identity. The prompt filing of the complaint shortly after the domain’s registration on April 29, 2026, ensured that the malicious activity was addressed within a 12-day window from the panel’s appointment. The Respondent’s subsequent failure to file a response left the Complainant’s documented evidence of identity impersonation and fraudulent retail activity uncontested, creating an efficient pathway for the panel to mandate the transfer of the domain.
Practical Recommendations
- Include screenshot evidence of browser-based security/phishing warnings in UDRP filings to strengthen the ‘bad faith’ argument regarding malicious intent.
- Utilize the Registrar Verification process to highlight identity discrepancies between the provided contact information and the actual registrant, which serves as an indicator of bad faith.
- Monitor brand-specific keyword combinations (e.g., brand-name + hyphenated elements) in proactive domain registration alerts to shorten the detection-to-enforcement timeline.
- Leverage the lack of a formal response from the respondent in cases of clear impersonation to request expedited panel review and minimize the window of active phishing risk.
- Document the unauthorized display of trademarked imagery or branding on the disputed site, as visual mimicry is a critical factor for panels in establishing the ‘confusing similarity’ and ‘impersonation’ elements.
Frequently Asked Questions (FAQ)
Why was the domain ‘carre-four-me.com’ considered confusingly similar to the Carrefour brand?
The panel found the domain confusingly similar because it incorporated the widely recognized CARREFOUR trademark in a hyphenated format (‘carre-four’), which creates a high likelihood of consumer confusion when combined with additional characters.
What evidence proved that the Respondent lacked legitimate rights to use the domain?
The Complainant demonstrated that no authorization was granted for the use of the CARREFOUR mark, and the Respondent failed to provide any evidence of a bona fide offering of goods or services, choosing instead to use the site to impersonate the brand.
How did the WIPO panel determine the domain was registered and used in bad faith?
Bad faith was established by the Respondent’s use of the site to mimic the official Carrefour retail platform to sell products, compounded by security reports identifying the domain as a potential phishing threat, demonstrating a clear malicious intent to deceive consumers.
What was the practical outcome and speed of this UDRP proceeding?
The proceeding was resolved in only 12 days; the panelist ruled in favor of Carrefour SA, ordering the transfer of the domain name after the Respondent failed to respond to the complaint.
Facing corporate impersonation through a domain?
Protect your brand from malicious actors using your trademark to host phishing sites and unauthorized retail platforms. Secure your digital perimeter with a proactive UDRP enforcement strategy.
This case note is for informational purposes only and is not legal advice.



