5 May, 2026

WIPO Orders Transfer of Typosquatted Domain Used in Elecnor Phishing Scheme

UDRP Cases

Elecnor S.A. successfully obtained the transfer of the typosquatted domain elecror.com from respondent Van will. The domain was being utilized for email-based phishing and corporate impersonation despite not hosting an active website. The WIPO panel ruled that the registration was made in bad faith to exploit the complainant’s established energy sector trademarks.

Case Snapshot

Case Number D2026-1306
Complainant Elecnor SA
Respondent Van will
Disputed Domain
elecror.com
Threat Tactic Typo Domains
Decision Date 2026-05-01
Panelist William Lobelson
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1306

Exploitation of Typosquatting for Corporate Email Impersonation

The registration of elecror.com represents a targeted typosquatting attack against Elecnor S.A., where the character ‘n’ was replaced with ‘r’ to exploit visual similarity. While the domain did not resolve to an active web server, its primary commercial threat was realized through the configuration of MX records for email-based fraud. By utilizing the domain to create email addresses that closely mirror official corporate communications, the Respondent engaged in active impersonation. This tactic demonstrates that the absence of a live website is not a safeguard for brand owners; rather, it often serves as a low-profile conduit for phishing campaigns directed at employees, clients, or supply chain partners who may overlook a single-letter substitution in a sender’s address.

From a business risk perspective, the use of a typosquatted domain for corporate impersonation poses severe financial and operational hazards. In the energy sector, where Elecnor S.A. operates, fraudulent emails can be used to facilitate unauthorized financial transactions, such as redirecting invoice payments to third-party accounts or soliciting sensitive technical data. The Respondent’s failure to reply to cease-and-desist letters sent in March 2026, followed by their default in the WIPO proceedings, confirms the lack of any legitimate commercial interest. This pattern of silence typically correlates with professionalized fraud operations that prioritize the rapid exploitation of a brand’s reputation before legal enforcement can intervene.

Beyond immediate financial loss, this tactic erodes the foundational trust between a brand and its stakeholders. When fraudulent communications appear to originate from a trusted entity with trademarks dating back to 2011, the resulting reputational damage can be enduring. The strategic selection of a domain that is visually confusing—exploiting the specific similarity between ‘n’ and ‘r’—is a deliberate attempt to bypass human and automated filters. For IP professionals, this case underscores the necessity of monitoring for typosquatted variants even when those domains appear dormant, as the most significant business damage often occurs in the private environment of an email inbox rather than on the public web.

Strategic Evidentiary Focus on Typosquatting and Phishing Communications

The Complainant’s strategy was built on a clear demonstration that the disputed domain name, elecror.com, was a deliberate instance of typosquatting intended to exploit the ELECNOR trademark. By highlighting the substitution of the letter ‘n’ with ‘r’, the Complainant successfully argued that the domain was confusingly similar to its established rights. This argument was reinforced by a portfolio of international trademarks dating back to 2011 in the European Union, United Kingdom, and Spain. The tactical emphasis on character substitution allowed the panel to conclude that the minor variation was intended to mislead, satisfying the first element of the UDRP without requiring an active web presence.

Beyond visual similarity, the Complainant effectively neutralized the potential defense of passive holding by providing evidence of corporate impersonation via email. Although the domain did not resolve to an active website, the substantiation of its use for phishing purposes demonstrated active bad faith and a tangible business risk to the Complainant’s reputation and financial security. The Complainant further bolstered its position by documenting a failed attempt at pre-litigation resolution; the Respondent’s silence following two cease-and-desist letters in March 2026 served as a key indicator of a lack of legitimate interest. This procedural record, combined with the evidence of fraudulent email activity, provided a persuasive basis for the panel to order a transfer based on the totality of the Respondent’s conduct.

Practical Recommendations

  • Monitor for ‘character substitution’ typosquatting specifically involving visually similar letters (such as ‘n’ vs ‘r’), which are frequently used to deceive employees and partners in email-based fraud.
  • Implement automated alerts for MX record changes on brand-mimicking domains; the absence of a live website (passive holding) does not mitigate risk if the domain is configured to send or receive phishing emails.
  • Document and submit all attempts at pre-litigation resolution, such as unanswered cease-and-desist letters, to help establish the Respondent’s lack of legitimate interest and bad faith during WIPO proceedings.
  • Secure forensic evidence of corporate impersonation, including phishing email headers and sender information, to substantiate bad faith use when a domain is being used for fraud rather than public web traffic.
  • Perform a vulnerability audit on core brand domains to identify high-risk typos (e.g., elecnor vs. elecror) and consider defensive registrations for the most likely variants to prevent attackers from establishing fraudulent mail servers.

Frequently Asked Questions (FAQ)

Why was the domain ‘elecror.com’ considered confusingly similar to the Elecnor S.A. trademark?

The WIPO panel found ‘elecror.com’ to be a clear example of typosquatting, as it substitutes the letter ‘n’ in the ‘ELECNOR’ trademark with the letter ‘r’, creating a visual and phonetic similarity likely to confuse consumers.

How did the complainant prove that the respondent lacked legitimate interests in the domain?

The panel concluded the respondent had no rights or legitimate interests because the respondent did not use the domain for a bona fide purpose, failed to respond to cease-and-desist letters, and defaulted in the formal UDRP proceeding.

What evidence established the respondent’s bad faith in registering and using ‘elecror.com’?

Bad faith was established by the respondent’s active use of the domain to facilitate email-based phishing and corporate impersonation, specifically by creating fraudulent email addresses to misrepresent themselves as representatives of Elecnor S.A.

What was the practical outcome for this WIPO case, given that the domain did not host an active website?

Despite the absence of a live website, the panel ordered the transfer of ‘elecror.com’ to Elecnor S.A., ruling that the domain’s use for malicious email impersonation constitutes actionable bad faith under the UDRP policy.

Need to recover a look-alike domain?

Protect your brand from character-substitution attacks like ‘elecror.com’ used for phishing and impersonation. Our team provides UDRP eligibility assessments to help you reclaim infringing domains and neutralize threats to your corporate identity.

Start domain recovery

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.