Elecnor S.A. successfully obtained the transfer of the typosquatted domain elecror.com from respondent Van will. The domain was being utilized for email-based phishing and corporate impersonation despite not hosting an active website. The WIPO panel ruled that the registration was made in bad faith to exploit the complainant’s established energy sector trademarks.
Case Snapshot
| Case Number | D2026-1306 |
|---|---|
| Complainant | Elecnor SA |
| Respondent | Van will |
| Disputed Domain | elecror.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-05-01 |
| Panelist | William Lobelson |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1306 |
Exploitation of Typosquatting for Corporate Email Impersonation
The registration of elecror.com represents a targeted typosquatting attack against Elecnor S.A., where the character ‘n’ was replaced with ‘r’ to exploit visual similarity. While the domain did not resolve to an active web server, its primary commercial threat was realized through the configuration of MX records for email-based fraud. By utilizing the domain to create email addresses that closely mirror official corporate communications, the Respondent engaged in active impersonation. This tactic demonstrates that the absence of a live website is not a safeguard for brand owners; rather, it often serves as a low-profile conduit for phishing campaigns directed at employees, clients, or supply chain partners who may overlook a single-letter substitution in a sender’s address.
From a business risk perspective, the use of a typosquatted domain for corporate impersonation poses severe financial and operational hazards. In the energy sector, where Elecnor S.A. operates, fraudulent emails can be used to facilitate unauthorized financial transactions, such as redirecting invoice payments to third-party accounts or soliciting sensitive technical data. The Respondent’s failure to reply to cease-and-desist letters sent in March 2026, followed by their default in the WIPO proceedings, confirms the lack of any legitimate commercial interest. This pattern of silence typically correlates with professionalized fraud operations that prioritize the rapid exploitation of a brand’s reputation before legal enforcement can intervene.
Beyond immediate financial loss, this tactic erodes the foundational trust between a brand and its stakeholders. When fraudulent communications appear to originate from a trusted entity with trademarks dating back to 2011, the resulting reputational damage can be enduring. The strategic selection of a domain that is visually confusing—exploiting the specific similarity between ‘n’ and ‘r’—is a deliberate attempt to bypass human and automated filters. For IP professionals, this case underscores the necessity of monitoring for typosquatted variants even when those domains appear dormant, as the most significant business damage often occurs in the private environment of an email inbox rather than on the public web.
Legal Reasoning: Typosquatting and Phishing as Evidence of Bad Faith
The Panel concluded that the disputed domain name, elecror.com, is confusingly similar to the Complainant’s ELECNOR trademark, which has been protected by registrations in the European Union, the United Kingdom, and Spain since 2011. This finding is based on a classic typosquatting pattern where the letter ‘n’ in the original mark is replaced by the visually similar letter ‘r’. Under UDRP standards, such a minor typographical variation is insufficient to distinguish the domain from the protected mark and instead reinforces the likelihood of confusion among consumers and business partners who may misread the character substitution.
Regarding rights or legitimate interests, the Respondent, identified as Van will, failed to provide any evidence of authorization or a license to use the ELECNOR mark. The evidence demonstrated that the domain was not used for a bona fide offering of goods or services but was instead utilized to create email accounts for impersonating the Complainant. The Panel determined that using a domain name to facilitate phishing and deceptive corporate communications precludes any claim to a legitimate interest or fair use, as such conduct is fundamentally designed to exploit a brand’s established reputation.
The determination of bad faith registration and use was established by the Respondent’s active deployment of the domain for fraudulent activities. Despite the absence of a live website, the configuration of the domain to facilitate phishing emails demonstrates a clear intent to capitalize on the Complainant’s energy sector reputation for deceptive purposes. The Panel emphasized that registering a typosquatted domain specifically to impersonate a brand owner in email communications constitutes a clear indicator of bad faith, as it seeks to mislead recipients into believing they are corresponding with the official entity.
Furthermore, the Respondent’s persistent silence throughout the dispute resolution process served as additional corroborating evidence of bad faith. Two separate cease-and-desist letters were served in March 2026—one through the registrar and one directly to the registrant—both of which remained unanswered. The subsequent failure to file a formal response to the WIPO complaint led the Panel to infer that the Respondent had no credible defense. This case reinforces that technical misuse of email infrastructure, even without a public web presence, is sufficient to satisfy the bad faith requirements of the Policy.
Strategic Evidentiary Focus on Typosquatting and Phishing Communications
The Complainant’s strategy was built on a clear demonstration that the disputed domain name, elecror.com, was a deliberate instance of typosquatting intended to exploit the ELECNOR trademark. By highlighting the substitution of the letter ‘n’ with ‘r’, the Complainant successfully argued that the domain was confusingly similar to its established rights. This argument was reinforced by a portfolio of international trademarks dating back to 2011 in the European Union, United Kingdom, and Spain. The tactical emphasis on character substitution allowed the panel to conclude that the minor variation was intended to mislead, satisfying the first element of the UDRP without requiring an active web presence.
Beyond visual similarity, the Complainant effectively neutralized the potential defense of passive holding by providing evidence of corporate impersonation via email. Although the domain did not resolve to an active website, the substantiation of its use for phishing purposes demonstrated active bad faith and a tangible business risk to the Complainant’s reputation and financial security. The Complainant further bolstered its position by documenting a failed attempt at pre-litigation resolution; the Respondent’s silence following two cease-and-desist letters in March 2026 served as a key indicator of a lack of legitimate interest. This procedural record, combined with the evidence of fraudulent email activity, provided a persuasive basis for the panel to order a transfer based on the totality of the Respondent’s conduct.
Practical Recommendations
- Monitor for ‘character substitution’ typosquatting specifically involving visually similar letters (such as ‘n’ vs ‘r’), which are frequently used to deceive employees and partners in email-based fraud.
- Implement automated alerts for MX record changes on brand-mimicking domains; the absence of a live website (passive holding) does not mitigate risk if the domain is configured to send or receive phishing emails.
- Document and submit all attempts at pre-litigation resolution, such as unanswered cease-and-desist letters, to help establish the Respondent’s lack of legitimate interest and bad faith during WIPO proceedings.
- Secure forensic evidence of corporate impersonation, including phishing email headers and sender information, to substantiate bad faith use when a domain is being used for fraud rather than public web traffic.
- Perform a vulnerability audit on core brand domains to identify high-risk typos (e.g., elecnor vs. elecror) and consider defensive registrations for the most likely variants to prevent attackers from establishing fraudulent mail servers.
Frequently Asked Questions (FAQ)
Why was the domain ‘elecror.com’ considered confusingly similar to the Elecnor S.A. trademark?
The WIPO panel found ‘elecror.com’ to be a clear example of typosquatting, as it substitutes the letter ‘n’ in the ‘ELECNOR’ trademark with the letter ‘r’, creating a visual and phonetic similarity likely to confuse consumers.
How did the complainant prove that the respondent lacked legitimate interests in the domain?
The panel concluded the respondent had no rights or legitimate interests because the respondent did not use the domain for a bona fide purpose, failed to respond to cease-and-desist letters, and defaulted in the formal UDRP proceeding.
What evidence established the respondent’s bad faith in registering and using ‘elecror.com’?
Bad faith was established by the respondent’s active use of the domain to facilitate email-based phishing and corporate impersonation, specifically by creating fraudulent email addresses to misrepresent themselves as representatives of Elecnor S.A.
What was the practical outcome for this WIPO case, given that the domain did not host an active website?
Despite the absence of a live website, the panel ordered the transfer of ‘elecror.com’ to Elecnor S.A., ruling that the domain’s use for malicious email impersonation constitutes actionable bad faith under the UDRP policy.
Need to recover a look-alike domain?
Protect your brand from character-substitution attacks like ‘elecror.com’ used for phishing and impersonation. Our team provides UDRP eligibility assessments to help you reclaim infringing domains and neutralize threats to your corporate identity.
This case note is for informational purposes only and is not legal advice.



