Constellation Energy Corporation successfully recovered consteliatlon.com after a Respondent used the typosquatted domain to impersonate employees and defraud vendors. The scheme involved sending emails to divert vendor payments and hosting a pay-per-click site. The WIPO Panel ordered an immediate transfer based on clear evidence of bad faith and impersonation.
Case Snapshot
| Case Number | D2026-0528 |
|---|---|
| Complainant | Constellation Energy Corporation |
| Respondent | Dave Dave, CLEAR CRM |
| Disputed Domain | consteliatlon.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-03-20 |
| Panelist | Kimberley Chen Nobles |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-0528 |
Exploitation of Typosquatting for Vendor Payment Diversion and Phishing
The registration of consteliatlon.com represents a targeted typosquatting tactic designed to exploit the subtle visual similarity between the characters ‘i’ and ‘l’. By transposing these specific letters from their original positions in the CONSTELLATION trademark, the Respondent created a domain that is nearly indistinguishable from the legitimate corporate domain during a cursory review by vendors or employees. This technical deception served as the foundational infrastructure for a sophisticated phishing campaign directed at Constellation Energy Corporation’s vendor network. The Respondent leveraged this confusion to impersonate company personnel, specifically attempting to intercept and divert vendor payments to unauthorized accounts. This method demonstrates how typosquatted domains are frequently utilized as more than mere traffic-diversion tools, functioning instead as a primary instrument for executing business email compromise and supply chain fraud.
Beyond the immediate financial risk of diverted payments, the use of the domain for fraudulent communications creates an acute risk to commercial reputation and operational trust. When a bad actor successfully impersonates an employee to interact with business partners, it undermines the perceived integrity of the Complainant’s digital communication security. The dual-use nature of the domain—hosting pay-per-click (PPC) links while simultaneously maintaining active email capabilities—illustrates a multifaceted monetization strategy. While the PPC landing page captured organic traffic from users making typographical errors, the email functionality was specifically tuned to exploit the company’s financial outflows. For large-scale energy providers with extensive international operations and thousands of employees, this type of character-reversal typosquatting poses a persistent threat to the security of the accounts payable cycle.
The Panel’s findings highlight that using a confusingly similar domain to facilitate active fraud is an irrefutable indicator of bad faith registration and use. From a business perspective, the Respondent’s tactic of setting up email communications specifically to target vendors demonstrates a predatory intent aimed at the Complainant’s established commercial goodwill and financial relationships. Because the domain was configured to facilitate active outreach rather than remaining a passive site, the threat was elevated from a passive trademark infringement to an active fraudulent scheme. This case underscores the necessity for brand owners to monitor for character-swap variants, as these domains are highly effective at bypassing human visual audits in professional B2B environments.
Panel Reasoning: Character Reversal and Fraudulent Impersonation
The Panel’s determination on confusing similarity centered on the precise transposition of characters within the consteliatlon.com domain name. By reversing the position of the letter ‘i’ and the letter ‘l’ of the CONSTELLATION trademark, the Respondent engaged in a calculated typosquatting technique designed to deceive users through visual proximity. The Panel found that this minor structural variation does not prevent a finding of confusing similarity under UDRP standards, as the core identifiable trademark remains the dominant element of the disputed string, purposefully manipulated to capture traffic from users making common typographical errors.
Regarding rights or legitimate interests, the Respondent failed to provide any evidence of a bona fide offering of goods or services. The Complainant established that no authorization or license was granted for the Respondent to use the CONSTELLATION marks. Furthermore, the Panel viewed the Respondent’s use of the domain to host pay-per-click links and facilitate impersonation-based fraud as fundamentally inconsistent with a legitimate interest. The lack of a response to the Center’s notifications further reinforced the conclusion that the Respondent possessed no credible legal right to the domain, as fraud can never be the basis for a legitimate interest.
The bad faith analysis focused on the active deployment of the domain for targeted fraudulent purposes. Evidence showed the Respondent configured email capabilities to impersonate a Constellation Energy employee, specifically contacting vendors in an attempt to divert payments to unauthorized accounts. This level of premeditated deception, combined with the registration of a purposefully misspelled trademark variant, demonstrates a clear intent to disrupt the Complainant’s business and achieve illicit financial gain. The Panelist noted that using a domain for such impersonation and fraudulent email communications constitutes bad faith registration and use under the Policy.
For IP professionals and brand owners, this case highlights the increasing convergence of passive traffic diversion and active phishing outreach. While the landing page generated revenue via third-party links, the primary business risk was the underlying email infrastructure used for supply chain fraud. The decision confirms that using a typosquatted domain for corporate impersonation provides an indisputable basis for transfer, as such conduct targets the integrity of the Complainant’s internal business relationships and trademark reputation simultaneously.
Strategic Demonstration of Typosquatting and Fraudulent Intent
The Complainant’s strategy succeeded by providing clear, technical evidence of the ‘character reversal’ typosquatting method. By documenting that the domain consteliatlon.com transposed the ‘i’ and ‘l’ characters of the CONSTELLATION trademark, the Complainant established a high degree of visual similarity that was difficult to dismiss as a coincidence. This technical evidence was supported by the Complainant’s extensive trademark portfolio across the United States, Canada, and the European Union. For IP professionals, this highlights the effectiveness of showing the specific typographic mechanics used to deceive users, as the Panelist, Kimberley Chen Nobles, found the domain was specifically designed to exploit visual similarities to the Complainant’s well-established energy brand.
Beyond the initial visual similarity, the case was made persuasive through evidence of active corporate impersonation and supply chain fraud. The Complainant successfully proved that the Respondent had configured the domain for email communications specifically to target vendors. By impersonating a Complainant employee to request the diversion of payments to fraudulent accounts, the Respondent transitioned the dispute from a typical traffic diversion case into a high-stakes bad faith analysis. The dual-threat nature of the domain—combining passive pay-per-click traffic generation with active phishing—left the Respondent with no credible defense for legitimate use. This comprehensive documentation of the Respondent’s fraudulent outreach was the deciding factor in proving both bad faith registration and bad faith use.
Practical Recommendations
- Implement domain monitoring services that specifically target character transposition (e.g., swapping ‘i’ and ‘l’) to identify typosquatted infrastructure before it can be used in active phishing campaigns.
- Ensure the IT and security teams preserve full email headers and message bodies of fraudulent communications, as this evidence of employee impersonation is decisive in proving bad faith registration and use under the UDRP.
- Establish mandatory out-of-band verification (e.g., phone calls to known contacts) for all vendor requests to update payment or banking information, mitigating the risk of financial loss from ‘business email compromise’ (BEC) using look-alike domains.
- Identify and defensively register visually similar typos of core brand domains where character reversal or substitution is common, particularly for brands with recurring vertical characters like ‘l’, ‘i’, and ‘t’.
- Monitor disputed domains for MX (Mail Exchange) record configurations; the presence of email capabilities on a domain otherwise used for passive pay-per-click (PPC) links indicates a high-priority threat that justifies immediate legal or UDRP action.
Frequently Asked Questions (FAQ)
Why was the domain ‘consteliatlon.com’ considered confusingly similar to the Constellation Energy trademark?
The WIPO Panel determined that the domain used a classic typosquatting technique, where the letter ‘i’ and the letter ‘l’ were transposed. This subtle character reversal created a visual similarity that was designed to deceive users into believing the domain was an official property of Constellation Energy Corporation.
What evidence did the Panel use to prove the Respondent acted in bad faith?
Bad faith was established through the dual use of the domain: it served as a landing page for pay-per-click advertising and, more critically, as an infrastructure for email fraud. The Respondent actively impersonated Constellation Energy employees in communications with company vendors to divert payments, which the Panel cited as clear evidence of predatory intent.
How did the Respondent demonstrate a lack of rights or legitimate interests in the disputed domain?
The Respondent failed to file a response to the Complaint. In the absence of any rebuttal, the Panel found no evidence that the Respondent had any connection to the Constellation trademark or had been commonly known by the name, leading to the conclusion that the registration was purely for fraudulent exploitation.
What is the primary business risk highlighted by this case outcome?
The case illustrates a high-risk scenario where typosquatting transitions from passive traffic diversion to active supply chain fraud. By impersonating internal personnel, the Respondent attempted to manipulate vendor payment workflows, posing a direct threat to the Complainant’s financial integrity and business partnerships.
Need to recover a look-alike domain?
Don’t wait for a typosquatted domain to be used for vendor phishing or impersonation. Our team provides UDRP eligibility assessments to help you secure and recover deceptive domains before they impact your business operations.
This case note is for informational purposes only and is not legal advice.



