Goya Foods and Sazon, Inc. successfully recovered sazonfoods.com after a Respondent utilized the domain to impersonate the company’s human resources department. The scheme involved sending fraudulent direct deposit forms to divert funds, leading the Complainants to involve law enforcement and file a UDRP complaint.
Case Snapshot
| Case Number | D2025-4423 |
|---|---|
| Complainant | Goya Foods, Inc.Sazon, Inc. |
| Respondent | Zaddy of Work |
| Disputed Domain | sazonfoods.com |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2025-12-19 |
| Panelist | Harrie R. Samaras |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4423 |
Corporate Identity Theft and Payroll Diversion Risks
The registration of sazonfoods.com facilitated a high-fidelity impersonation of Sazon, Inc.’s internal operations, specifically targeting the human resources department. By affixing a stylized logo similar to the SAZON GOYA mark and citing the company’s actual physical headquarters in Doral, Florida, the respondent created a deceptive environment capable of misleading employees. This misuse of specific corporate identifiers—including the physical address—transforms a standard trademark dispute into a serious security breach. Such tactics are designed to bypass internal skepticism by rooting fraudulent communications in verifiable corporate data, thereby compromising the integrity of official administrative channels.
Beyond simple brand dilution, this case illustrates an immediate financial threat via payroll diversion. The respondent utilized the disputed domain to distribute unauthorized direct deposit authorization forms, seeking to reroute employee compensation into external accounts. This intersection of domain squatting and active financial fraud necessitated the filing of a formal report with the Doral Police Department, highlighting the escalation from digital infringement to criminal activity. For global brands like Goya Foods, which generates annual sales exceeding USD 1 billion, the potential for widespread internal disruption via such targeted phishing campaigns represents a critical vulnerability in managing human capital and financial systems.
The inclusion of the descriptive term “foods” within the domain name served to enhance the perceived legitimacy of the phishing infrastructure. By combining the core SAZON brand with a term directly related to the complainants’ seasoning and bouillon industry, the respondent created an address that appeared more authoritative to recipients than a blatant typo. This strategic selection of a descriptive suffix demonstrates a calculated attempt to exploit a brand reputation established since 1936 to facilitate identity theft. The resulting threat encompasses not only the potential loss of funds but also the erosion of trust between the employer and its workforce, making rapid UDRP recovery essential to containing the operational fallout.
Panel Evaluation of Impersonation and Fraudulent Intent
The Panel concluded that the domain sazonfoods.com is confusingly similar to the SAZON GOYA and SAZON IT! marks, as the addition of the descriptive term "foods" directly references the Complainants’ primary business activities. Rather than distinguishing the domain, the suffix enhanced the likelihood of confusion by aligning the registration with the market presence of Goya Foods and Sazon, Inc. Given that Goya Foods generates annual sales exceeding USD 1 billion and has utilized its marks for decades, the Panel noted that the Respondent’s choice of the domain name was unlikely to be coincidental and was instead aimed at trading on the Complainants’ established reputation.
In assessing rights or legitimate interests, the Panel affirmed that using a domain for illegal activities, such as corporate impersonation and passing off, can never confer legitimate rights on a respondent. The evidence showed that the Respondent used the domain to send phishing emails that purported to be from Sazon’s human resources department. These fraudulent communications included direct deposit authorization forms that misappropriated Sazon’s actual physical address in Doral, Florida, and featured a logo substantially similar to the registered SAZON GOYA mark. This level of deception, designed to facilitate payroll fraud, is fundamentally inconsistent with a bona fide offering of services under the UDRP.
Bad faith registration and use were established by the Respondent’s specific targeting of the Complainants’ internal administrative processes. The registration of the domain on October 19, 2024—decades after the trademark registrations—indicated a clear intent to exploit the Complainants’ identity. By utilizing the domain to attempt the redirection of employee payroll funds via fraudulent forms, the Respondent engaged in a targeted scheme that necessitated the filing of a formal police report with the Doral Police Department. The Panel found that the Respondent’s failure to provide any evidence of legitimate use or rebuttal to the detailed allegations of criminal activity further corroborated the finding of bad faith.
Strategic Evidence of Criminal Misconduct and Fraudulent Intent
The Complainants’ strategy was highly effective because it moved beyond general trademark infringement to document specific criminal mechanics associated with the domain. By presenting evidence that the Respondent used sazonfoods.com to masquerade as Sazon’s human resources department, the Complainants demonstrated an undeniable intent to defraud. The inclusion of fraudulent direct deposit authorization forms—which featured a logo similar to the SAZON GOYA mark and cited Sazon’s actual corporate headquarters address in Doral, Florida—provided the Panel with concrete proof of bad faith. This level of factual detail regarding identity theft and attempted payroll redirection effectively precluded any defense of legitimate interest, as illegal activities are categorically barred from conferring rights under UDRP precedents.
Furthermore, the decision to file and submit a formal police report with the Doral Police Department added a critical layer of institutional credibility to the case. This action transitioned the dispute from a typical domain name conflict into a documented law enforcement matter, making the Respondent’s bad faith registration and use difficult to contest. Legally, the Complainants successfully argued that the addition of the descriptive suffix ‘foods’ to the SAZON mark served to enhance confusion by accurately describing the Complainants’ core business. This case underscores for IP professionals that documenting the specific misuse of corporate identifiers—such as physical addresses and payroll documents—is vital for securing a transfer when a domain is used for complex corporate impersonation.
Practical Recommendations
- Immediately file and include a formal police report in the UDRP filing when fraud is detected; this provides objective third-party evidence of illegal activity that panels often use to preclude any possibility of a respondent’s ‘rights or legitimate interests.’
- Monitor for ‘Brand + Industry’ domain registrations (e.g., [Brand]foods.com) that mimic corporate infrastructure, as these are frequently used to impersonate internal departments like HR or Payroll rather than to host public-facing websites.
- Capture and preserve forensic evidence of the ‘passing off’ scheme, including fraudulent email headers and direct deposit forms that misuse corporate logos and physical addresses to demonstrate the Respondent’s deliberate targeting in bad faith.
- Develop an internal rapid-response protocol between Legal, HR, and IT to flag employee-targeted phishing attempts for immediate domain enforcement, preventing financial loss through redirected payroll or wire transfers.
- Argue that the addition of descriptive industry terms (like ‘foods’) to a trademark in a domain name enhances consumer confusion by creating an ‘aura of legitimacy’ for fraudulent communications, rather than serving a bona fide descriptive purpose.
Frequently Asked Questions (FAQ)
Why was the domain sazonfoods.com considered confusingly similar to the Goya trademarks?
The panel found that the domain name was confusingly similar because it incorporates the ‘SAZON’ portion of the complainants’ established marks. The addition of the descriptive term ‘foods’ did not distinguish the domain but rather increased confusion by appearing to be an official extension of the brand’s business activities.
What evidence proved that the respondent lacked legitimate rights or interests in the domain?
The respondent provided no evidence of legitimate use. Under UDRP precedent, the use of a domain for illegal activities—specifically impersonating the human resources department to facilitate payroll fraud—categorically precludes any finding of legitimate rights or interests.
How did the panel establish bad faith in this case?
Bad faith was evidenced by the respondent’s deliberate attempt to trade on the complainant’s reputation. The respondent used the domain to send fraudulent direct deposit authorization forms, incorporating stolen company logos and the complainant’s actual corporate address in Doral, Florida, to deceive recipients.
What practical outcome resulted from the complainants’ strategy in this matter?
Beyond successfully obtaining an order for the transfer of the domain name through the WIPO panel, the complainants mitigated further risk by filing a formal police report with the Doral Police Department, creating an official record of the criminal activity and the misuse of their corporate identity.
Facing corporate impersonation through a domain?
Protect your organization from HR phishing and payroll fraud. If your brand is being used to target employees or stakeholders, we can help assess your eligibility for a UDRP transfer.
This case note is for informational purposes only and is not legal advice.



