5 May, 2026

WIPO Panel Transferred us-roche.com Following Fraudulent HR Email Scheme

UDRP Cases

F. Hoffmann-La Roche AG successfully recovered the domain us-roche.com after it was used to impersonate the company’s HR department in a phishing scheme. The respondent utilized the domain to solicit personal information from unsuspecting recipients. The panelist ordered a full transfer, finding the domain was registered and used in bad faith to facilitate fraud.

Case Snapshot

Case Number D2026-1133
Complainant F. Hoffmann-La Roche AG
Respondent linda puckette, linda puckette
Disputed Domain
us-roche.com
Threat Tactic Phishing and Email Fraud
Decision Date 2026-04-27
Panelist Mireille Buydens
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1133

Fraudulent HR Impersonation and Geographic Mimicry Risks

The use of us-roche.com to impersonate the human resources department of F. Hoffmann-La Roche AG creates an immediate risk to the company’s recruitment and administrative integrity. By utilizing a domain that incorporates a geographic prefix alongside the established ROCHE trademark, the respondent created a credible infrastructure for phishing emails designed to deceive recipients into believing they are interacting with an authorized employment branch. Such targeted corporate impersonation is particularly damaging because it leverages the trust associated with a mark that has been registered internationally since 1967. The primary vehicle for harm in this case was not a public-facing website—which redirected to no content—but the use of the domain as a root for outbound fraudulent messaging to harvest sensitive data.

The collection of personal information through a phishing scheme introduces substantial data privacy and liability risks for the trademark owner. Any information harvested under the guise of an official HR interaction can lead to severe reputational damage, as victims may associate the data breach with the legitimate brand owner rather than a third-party fraudster. This threat was compounded by the respondent’s use of geographic mimicry, which localizes the scam to make communications appear more relevant to targets within the United States. The respondent’s refusal to respond to the cease and desist letter sent on March 5, 2026, underscores the deliberate nature of this bad faith exploit, which utilized a well-known healthcare house-mark for illegitimate commercial gain.

Brand erosion occurs rapidly when a house-mark is utilized to facilitate deceptive communications. By framing the domain as a regional division of a company operating in over 100 countries, the respondent effectively exploited the global scale of F. Hoffmann-La Roche AG. Although the domain resolved to an error page at the time of the decision, its documented history as an active phishing tool represents a clear breach of customer trust. For IP professionals, this case highlights the necessity of monitoring for brand-plus-geographic combinations that may be used primarily for email-based fraud rather than web-based content, as these tactics are specifically engineered to bypass standard trademark monitoring that focuses solely on active web traffic.

Strategic Documentation of Geographic Mimicry and HR Impersonation

F. Hoffmann-La Roche AG secured the transfer of the disputed domain by successfully demonstrating that the addition of the geographic prefix "us" and a hyphen did not diminish the confusing similarity with its 1967 ROCHE word mark. The complainant’s strategy relied on establishing that the term "us" merely refers to the United States, a territory where the company maintains substantial operations. For brand owners, this case confirms that geographic mimicry is a transparent attempt to bypass trademark protections, as panelists frequently find that localized prefixes do not provide enough distinctiveness to avoid consumer confusion, especially when the house-mark is incorporated in its entirety.

The most persuasive element of the complainant’s evidence was the documentation of the domain’s use as a technical root for a phishing scheme. By proving the respondent used the domain to impersonate the human resources department, the complainant effectively dismantled any possibility of the respondent claiming a bona fide offering of goods or services. The panelist found that using a well-known pharmaceutical brand to fraudulently induce the disclosure of personal data constitutes definitive bad faith. This outcome illustrates the business necessity of monitoring brand-plus-keyword domains, as unauthorized HR-related communications pose a direct liability risk regarding data privacy and corporate integrity.

Practical Recommendations

  • Implement proactive monitoring for domain registrations that combine your core trademark with geographic prefixes (e.g., ‘us-‘, ‘eu-‘) to identify and mitigate geo-mimicry tactics used for regional corporate impersonation.
  • Perform regular audits of MX (Mail Exchange) records for ‘brand + keyword’ domains that lack active web content; domains with no website but active mail servers are high-probability indicators of phishing and email fraud.
  • Instruct HR and recruitment teams to report any external inquiries regarding suspicious job offers or data requests, as these often originate from fraudulent ‘root’ domains designed to look like official corporate subdivisions.
  • Capture and preserve full headers of phishing emails when a disputed domain resolves to an error page or lacks content, as this evidence is critical to proving bad faith use in UDRP proceedings where traditional web-based evidence is absent.
  • Formalize the use of Cease and Desist letters through registrars even if a response is not expected; the lack of a reply serves as valuable secondary evidence in demonstrating a respondent’s lack of rights or legitimate interests.

Frequently Asked Questions (FAQ)

Why did the WIPO panel determine that ‘us-roche.com’ was confusingly similar to the ROCHE trademark?

The panel ruled that the disputed domain name contains the ROCHE mark in its entirety. The addition of the geographic prefix ‘us’ and a hyphen does not eliminate the confusing similarity or the likelihood of public confusion.

How did the respondent attempt to deceive users through the domain?

The respondent used the domain as a platform for a phishing scheme, specifically impersonating the human resources department of F. Hoffmann-La Roche AG to solicit sensitive personal information from unsuspecting individuals.

What evidence established the respondent’s bad faith in this matter?

Bad faith was demonstrated by the respondent’s intentional use of a well-known global trademark to facilitate fraudulent communications for commercial gain, coupled with the lack of any legitimate rights or interests in the domain name.

What is the practical outcome of this case for F. Hoffmann-La Roche AG?

The WIPO panel ordered the transfer of ‘us-roche.com’ to the complainant, effectively neutralizing the fraudulent HR impersonation tactic and preventing further unauthorized data collection under the guise of the Roche brand.

Concerned about fake email or HR impersonation fraud?

Impersonation attacks utilizing your brand to solicit personal data can cause severe reputational and privacy harm. Learn how to identify and initiate UDRP action against domains weaponized for phishing and corporate fraud.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.