Build-A-Bear Workshop, Inc. successfully recovered two typosquatted domains, buildabeare.com and buildabearr.com, via WIPO after the respondent used them to host replica storefronts. The panel ordered the transfer of both domains after finding clear evidence of bad faith and brand impersonation.
Case Snapshot
| Case Number | D2026-1939 |
|---|---|
| Complainant | Build-A-Bear Workshop, Inc. |
| Respondent | ANDREW S BONO |
| Disputed Domain | buildabeare.combuildabearr.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-06-23 |
| Panelist | Tobias Malte Müller |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1939 |
Business Risk: Brand Impersonation and Revenue Diversion through Typosquatting
The registration of ‘buildabeare.com’ and ‘buildabearr.com’ represents a calculated effort to leverage typosquatting for the purpose of brand impersonation. By deploying websites that acted as exact visual replicas of the official Build-A-Bear storefront—complete with the unauthorized use of the company’s logo and trademarks—the respondent created a high-risk environment for consumer deception. This tactic is specifically designed to intercept traffic intended for the legitimate domain, banking on user error to divert potential customers into a fraudulent ecosystem that purports to sell the brand’s merchandise.
Such replica sites pose a significant threat to organizational integrity by eroding consumer trust and facilitating unauthorized commercial gain at the expense of the brand. With $496 million in annual revenue at stake, the capacity for these sites to disrupt authorized sales channels and compromise the brand’s reputation is severe. Although the sites currently resolve to blank pages following enforcement action, their existence illustrates a broader vulnerability wherein typosquatted variations are weaponized to mimic legitimate, high-revenue e-commerce platforms. Proactive identification of these variants is essential to mitigate the risk of financial diversion and to prevent the degradation of brand equity associated with sophisticated imposter storefronts.
Legal Analysis of Typosquatting and Impersonation Tactics
The panel applied the standard UDRP three-element framework, evaluating whether the disputed domains, buildabeare.com and buildabearr.com, were confusingly similar to the Complainant’s trademark. The panel confirmed that the registration of these typosquatted variants satisfies the threshold for standing, as they clearly incorporate the Complainant’s established mark in a manner likely to cause consumer confusion. This determination highlights the legal vulnerability of brands to minimal variations in domain spelling, which serve as a primary vector for bad-faith exploitation.
Regarding the second element, the panel found no evidence that the Respondent held any rights or legitimate interests in the disputed domain names. The Respondent failed to contest the allegations, and there was no indication that the Respondent was commonly known by these names or had received authorization to use the Build-A-Bear trademarks. The absence of a response further supports the finding that the registration was unauthorized and lacked any underlying commercial or personal justification under the Policy.
The third element, bad faith, was established by the Respondent’s use of the sites as exact replicas of the official Build-A-Bear website. By mirroring the Complainant’s logo and storefront, the Respondent engaged in a deliberate attempt to deceive internet users and exploit the Complainant’s brand equity for commercial gain. This behavior fits the classic definition of cybersquatting, wherein the misuse of a brand’s intellectual property to pose as an official entity confirms both the malicious intent of the registration and the subsequent illicit use of the domain names.
For brand owners, this case underscores the necessity of aggressive monitoring and rapid enforcement strategies. Because the Respondent utilized the sites to mirror the Complainant’s official web presence, the harm extends beyond traffic diversion to potential direct financial fraud and erosion of consumer trust. The fact that the sites were resolved to blank pages following the Complainant’s enforcement action confirms that proactive takedowns are effective, but also suggests that defensive domain strategies should encompass high-risk typosquatting variations to prevent these risks before they manifest in a live, infringing storefront.
Strategic Enforcement Against Typosquatting and Impersonation
The successful recovery of the domains buildabeare.com and buildabearr.com hinged on the complainant’s ability to document the respondent’s deliberate use of visual deception to mirror the official Build-A-Bear digital infrastructure. By capturing screenshots of the fraudulent sites, which prominently displayed the company’s official trademark and logo, the complainant provided the panel with irrefutable evidence of bad faith. This strategy effectively bridged the gap between mere domain ownership and actionable commercial fraud, proving that the respondent’s typosquatted variations were specifically engineered to deceive consumers. Such proactive evidence collection is essential when addressing impersonation, as it converts a speculative claim of confusion into a clear demonstration of intent under the Policy.
Furthermore, the complainant’s strategy utilized its significant global brand presence, supported by a diverse international trademark portfolio, to reinforce its legal standing. By presenting clear evidence of established trademarks in key jurisdictions—including the United States, Europe, and China—the complainant effectively countered any potential claim of respondent legitimacy. This case highlights a critical business lesson regarding portfolio management: while the complainant successfully reclaimed these specific assets, the emergence of multiple typosquatted domains simultaneously emphasizes the need for automated monitoring of common brand misspellings. Integrating such monitoring into a broader defensive domain strategy allows brand owners to preemptively identify and mitigate risks before the respondent can leverage the site to divert revenue or erode consumer trust.
Practical Recommendations
- Implement automated typo-squatting monitoring services to identify domain registrations containing variations of core brand trademarks within 24 hours of creation.
- Prioritize defensive registration of high-probability typo-variants (e.g., repeating terminal characters or common keyboard neighbor errors) to close the attack surface before bad-faith actors can act.
- Develop a standardized ‘Evidence Preservation’ protocol, including high-resolution screenshots and traffic-tracking logs, to be captured immediately upon discovery of a fake shop to support UDRP ‘bad faith’ claims.
- Integrate registrar WHOIS monitoring into the IP enforcement pipeline to trigger immediate cease-and-desist or UDRP proceedings when anonymous or privacy-shielded registrations appear for brand-related domains.
- Establish a ‘Rapid Takedown’ framework that combines UDRP filings with ISP/registrar abuse reports to address the active storefronts that precede blank page status, ensuring domain transfer is achieved before the site vanishes.
Frequently Asked Questions (FAQ)
Why were the domain names buildabeare.com and buildabearr.com considered confusingly similar to the Build-A-Bear trademark?
The WIPO panel determined that these domains are purposeful misspellings—or typosquats—of the registered ‘BUILD-A-BEAR’ trademark. Because they incorporate the primary brand name with only minor variations, they create a strong likelihood of confusion for internet users.
What evidence proved the respondent lacked rights or legitimate interests in the disputed domains?
The panel found that the respondent had no authorization to use the Build-A-Bear trademark. Furthermore, the respondent was not commonly known by these names, and the sites were explicitly designed to impersonate the official brand to deceive customers, which disqualifies any claim to a legitimate interest.
How was bad faith established in this specific UDRP case?
Bad faith was proven by the fact that the respondent operated visual replicas of the official Build-A-Bear website, complete with the official logo and brand imagery, clearly aiming to attract users for illicit commercial gain by creating a false association with the complainant.
What does the successful transfer of these domains signify for future enforcement efforts?
The case highlights the effectiveness of proactive monitoring and rapid enforcement. Even when a respondent fails to respond, the UDRP process provides a reliable legal mechanism to recover hijacked domains used for fake storefronts, effectively neutralizing the immediate threat to brand reputation and customer trust.
Detecting and Disarming Look-Alike Domains
As seen in the Build-A-Bear case, typosquatted domains are often the first step in sophisticated impersonation attacks. We can help you identify high-risk domain registrations and monitor your digital perimeter to stop brand abuse before it scales.
This case note is for informational purposes only and is not legal advice.



