5 May, 2026

Corporate Impersonation Scheme Defeated with WIPO Transfer of Hershey Lookalike Domain

UDRP Cases

In WIPO case D2025-4525, Hershey Chocolate & Confectionery LLC successfully secured the transfer of <hersheysales-co.com>. The Respondent, Michael Handell of NY BD Sports LLC, registered the domain to impersonate a Hershey employee via email and solicit fraudulent payments from third parties. Panelist Dennis A. Foster ruled that using the lookalike domain for email phishing constitutes bad faith and ordered an immediate transfer.

Case Snapshot

Case Number D2025-4525
Complainant Hershey Chocolate & Confectionery LLC
Respondent Michael Handell, NY BD Sports LLC
Disputed Domain
hersheysales-co.com
Threat Tactic Phishing and Email Fraud
Decision Date 2025-12-31
Panelist Dennis A. Foster
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4525

Exploitation of Brand Equity and the B2B Communication Threat

The registration of hersheysales-co.com by Michael Handell of NY BD Sports LLC illustrates how bad actors weaponize targeted, brand-plus-keyword domains exclusively for business email compromise (BEC). By choosing a domain that appends the corporate signifier "sales-co" to the highly famous HERSHEY trademark, the registrant crafted a highly plausible vehicle for corporate impersonation. Because the domain hosted no active website, it effectively operated under the radar of traditional, visual brand-monitoring systems. This passive web footprint masked a highly targeted, active communication scheme, wherein the registrant sent unauthorized emails impersonating the candy manufacturer and one of its legitimate employees to solicit fraudulent business transactions and payments.

For enterprise brand owners, this exact tactic introduces severe operational, financial, and reputational risks. The primary threat lies in the exploitation of established corporate trust; third-party suppliers and business partners, familiar with Hershey’s long-standing commercial presence dating back to 1906, are highly susceptible to lowering their defenses when approached by what appears to be a legitimate representative. When external partners fulfill unauthorized order solicitations or redirect payments to fraudulent accounts, it strains critical B2B relationships and exposes the victimized enterprise to complex liability disputes. Although this specific scheme did not compromise Hershey’s password-protected systems or internal networks, the outer boundary of its corporate communication ecosystem was breached, proving that brand equity itself is frequently leveraged to facilitate external financial fraud.

Strategic Application of Fame and Email-Based Bad Faith Evidence

The Complainant’s successful strategy relied heavily on establishing its long-standing trademark rights and international reputation to demonstrate that the Respondent acted with clear knowledge of the brand. By presenting trademark registrations dating back to July 19, 1906, including U.S. Reg. No. 54,041, Hershey Chocolate & Confectionery LLC established undisputed prior rights and massive global equity. This extensive historical record made the Respondent’s registration of the domain name <hersheysales-co.com> on May 30, 2025, highly suspect. By demonstrating that the HERSHEY mark is internationally famous, the Complainant effectively convinced the Panel that the Respondent, Michael Handell of NY BD Sports LLC, could not have registered the domain in good faith.

Crucially, the Complainant did not let the absence of an active website weaken its case, instead presenting direct evidence of how the domain was actively weaponized for email phishing and corporate impersonation. The Complainant documented that the Respondent used the domain name to send unauthorized email communications impersonating a legitimate Hershey employee and contacting third parties to solicit fraudulent business transactions and payments. By delivering concrete proof of this targeted outreach, the Complainant successfully argued that registration and use of a domain name to execute a fraudulent scheme constitutes bad faith under the UDRP. This evidentiary approach demonstrates to brand owners that robust proof of backend email abuse is highly persuasive to panels, even when a disputed domain lacks any live web content.

Practical Recommendations

  • Implement proactive domain monitoring programs targeting high-risk commercial and operational keyword combinations (such as ‘[brand]sales’, ‘[brand]-co’, or ‘[brand]invoice’) to identify lookalike registrations before they can be weaponized.
  • Configure threat intelligence feeds to actively monitor and alert on the creation of Mail Exchanger (MX) records on newly registered, brand-similar domains, as this is a primary indicator of preparation for email-based phishing and corporate impersonation.
  • Establish clear protocols for securing and preserving evidence of third-party phishing targets, such as full email headers and fraudulent solicitation messages, to decisively satisfy the ‘bad faith use’ requirement in UDRP filings even when no active website exists.
  • Educate supply chain partners and vendors on standard corporate domain structures and implement strict out-of-band verification processes for any transactional or payment requests originating from modified or lookalike domain variations.

Frequently Asked Questions (FAQ)

Why was the domain <hersheysales-co.com> considered confusingly similar to the HERSHEY brand?

The WIPO panel determined that the domain name incorporates the famous ‘HERSHEY’ trademark in its entirety, creating a high likelihood of confusion for third parties who might reasonably believe the site or associated emails were affiliated with or authorized by Hershey Chocolate & Confectionery LLC.

How did the respondent demonstrate a lack of rights or legitimate interests in the disputed domain?

The respondent failed to provide any evidence of rights or legitimate interests and did not reply to the complainant’s contentions. The lack of an active website at the domain, coupled with its use for unauthorized impersonation, further confirmed that no legitimate business purpose existed.

What evidence proved the respondent acted in bad faith?

Bad faith was established because the respondent utilized the <hersheysales-co.com> domain to send fraudulent email communications, impersonating Hershey employees to solicit payments from business partners. The panel noted that the international fame of the HERSHEY trademark made it impossible for the registration to be in good faith.

What was the strategic outcome of this UDRP case?

The panel ruled in favor of the complainant, ordering the immediate transfer of the domain name to Hershey Chocolate & Confectionery LLC. This action successfully neutralized a platform used for email-based business compromise (BEC) and corporate impersonation.

Are your domain assets being used to facilitate supply chain fraud?

Bad actors are increasingly weaponizing look-alike domains for Business Email Compromise (BEC) rather than active websites. Learn how to proactively detect and neutralize impersonation domains before they are used to solicit fraudulent payments from your partners.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.