5 May, 2026

HR Impersonation and Payroll Fraud via sazonfoods.com Domain

UDRP Cases

Goya Foods and Sazon, Inc. successfully recovered sazonfoods.com after a Respondent utilized the domain to impersonate the company’s human resources department. The scheme involved sending fraudulent direct deposit forms to divert funds, leading the Complainants to involve law enforcement and file a UDRP complaint.

Case Snapshot

Case Number D2025-4423
Complainant Goya Foods, Inc.Sazon, Inc.
Respondent Zaddy of Work
Disputed Domain
sazonfoods.com
Threat Tactic Corporate Impersonation
Decision Date 2025-12-19
Panelist Harrie R. Samaras
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4423

Corporate Identity Theft and Payroll Diversion Risks

The registration of sazonfoods.com facilitated a high-fidelity impersonation of Sazon, Inc.’s internal operations, specifically targeting the human resources department. By affixing a stylized logo similar to the SAZON GOYA mark and citing the company’s actual physical headquarters in Doral, Florida, the respondent created a deceptive environment capable of misleading employees. This misuse of specific corporate identifiers—including the physical address—transforms a standard trademark dispute into a serious security breach. Such tactics are designed to bypass internal skepticism by rooting fraudulent communications in verifiable corporate data, thereby compromising the integrity of official administrative channels.

Beyond simple brand dilution, this case illustrates an immediate financial threat via payroll diversion. The respondent utilized the disputed domain to distribute unauthorized direct deposit authorization forms, seeking to reroute employee compensation into external accounts. This intersection of domain squatting and active financial fraud necessitated the filing of a formal report with the Doral Police Department, highlighting the escalation from digital infringement to criminal activity. For global brands like Goya Foods, which generates annual sales exceeding USD 1 billion, the potential for widespread internal disruption via such targeted phishing campaigns represents a critical vulnerability in managing human capital and financial systems.

The inclusion of the descriptive term “foods” within the domain name served to enhance the perceived legitimacy of the phishing infrastructure. By combining the core SAZON brand with a term directly related to the complainants’ seasoning and bouillon industry, the respondent created an address that appeared more authoritative to recipients than a blatant typo. This strategic selection of a descriptive suffix demonstrates a calculated attempt to exploit a brand reputation established since 1936 to facilitate identity theft. The resulting threat encompasses not only the potential loss of funds but also the erosion of trust between the employer and its workforce, making rapid UDRP recovery essential to containing the operational fallout.

Strategic Evidence of Criminal Misconduct and Fraudulent Intent

The Complainants’ strategy was highly effective because it moved beyond general trademark infringement to document specific criminal mechanics associated with the domain. By presenting evidence that the Respondent used sazonfoods.com to masquerade as Sazon’s human resources department, the Complainants demonstrated an undeniable intent to defraud. The inclusion of fraudulent direct deposit authorization forms—which featured a logo similar to the SAZON GOYA mark and cited Sazon’s actual corporate headquarters address in Doral, Florida—provided the Panel with concrete proof of bad faith. This level of factual detail regarding identity theft and attempted payroll redirection effectively precluded any defense of legitimate interest, as illegal activities are categorically barred from conferring rights under UDRP precedents.

Furthermore, the decision to file and submit a formal police report with the Doral Police Department added a critical layer of institutional credibility to the case. This action transitioned the dispute from a typical domain name conflict into a documented law enforcement matter, making the Respondent’s bad faith registration and use difficult to contest. Legally, the Complainants successfully argued that the addition of the descriptive suffix ‘foods’ to the SAZON mark served to enhance confusion by accurately describing the Complainants’ core business. This case underscores for IP professionals that documenting the specific misuse of corporate identifiers—such as physical addresses and payroll documents—is vital for securing a transfer when a domain is used for complex corporate impersonation.

Practical Recommendations

  • Immediately file and include a formal police report in the UDRP filing when fraud is detected; this provides objective third-party evidence of illegal activity that panels often use to preclude any possibility of a respondent’s ‘rights or legitimate interests.’
  • Monitor for ‘Brand + Industry’ domain registrations (e.g., [Brand]foods.com) that mimic corporate infrastructure, as these are frequently used to impersonate internal departments like HR or Payroll rather than to host public-facing websites.
  • Capture and preserve forensic evidence of the ‘passing off’ scheme, including fraudulent email headers and direct deposit forms that misuse corporate logos and physical addresses to demonstrate the Respondent’s deliberate targeting in bad faith.
  • Develop an internal rapid-response protocol between Legal, HR, and IT to flag employee-targeted phishing attempts for immediate domain enforcement, preventing financial loss through redirected payroll or wire transfers.
  • Argue that the addition of descriptive industry terms (like ‘foods’) to a trademark in a domain name enhances consumer confusion by creating an ‘aura of legitimacy’ for fraudulent communications, rather than serving a bona fide descriptive purpose.

Frequently Asked Questions (FAQ)

Why was the domain sazonfoods.com considered confusingly similar to the Goya trademarks?

The panel found that the domain name was confusingly similar because it incorporates the ‘SAZON’ portion of the complainants’ established marks. The addition of the descriptive term ‘foods’ did not distinguish the domain but rather increased confusion by appearing to be an official extension of the brand’s business activities.

What evidence proved that the respondent lacked legitimate rights or interests in the domain?

The respondent provided no evidence of legitimate use. Under UDRP precedent, the use of a domain for illegal activities—specifically impersonating the human resources department to facilitate payroll fraud—categorically precludes any finding of legitimate rights or interests.

How did the panel establish bad faith in this case?

Bad faith was evidenced by the respondent’s deliberate attempt to trade on the complainant’s reputation. The respondent used the domain to send fraudulent direct deposit authorization forms, incorporating stolen company logos and the complainant’s actual corporate address in Doral, Florida, to deceive recipients.

What practical outcome resulted from the complainants’ strategy in this matter?

Beyond successfully obtaining an order for the transfer of the domain name through the WIPO panel, the complainants mitigated further risk by filing a formal police report with the Doral Police Department, creating an official record of the criminal activity and the misuse of their corporate identity.

Facing corporate impersonation through a domain?

Protect your organization from HR phishing and payroll fraud. If your brand is being used to target employees or stakeholders, we can help assess your eligibility for a UDRP transfer.

Assess impersonation threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.