5 May, 2026

Moderna Defeats Impersonation Scheme Using ats-moderna.com Domain

UDRP Cases

Modernatx, Inc. successfully secured the transfer of ats-moderna.com after a WIPO panel found the domain was being used to send fraudulent recruitment emails. The Respondent combined the MODERNA trademark with the ‘ats-‘ prefix—a common acronym for Applicant Tracking Systems—to impersonate the Complainant’s HR department.

Case Snapshot

Case Number D2025-4589
Complainant Modernatx, Inc.
Respondent Anupam Kachhap
Disputed Domain
ats-moderna.com
Threat Tactic Phishing and Email Fraud
Decision Date 2025-12-27
Panelist Knud Wallberg
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4589

Corporate Identity Weaponization through HR-Targeted Phishing

The registration of ats-moderna.com represents a calculated effort to exploit specific corporate infrastructure terminology to facilitate fraud. By pairing the MODERNA mark with the ‘ats-‘ prefix—a standard industry acronym for Applicant Tracking Systems—the respondent targeted the recruitment lifecycle, a high-trust environment where sensitive personal and professional data are routinely exchanged. This tactic poses a direct threat to Modernatx, Inc.’s employer brand and the integrity of its human resources operations. Job seekers, especially those attracted by the complainant’s global profile following its 2021 COVID-19 vaccine development, are uniquely vulnerable to deceptive communications that appear to originate from an official HR platform. Such impersonation can lead to a severe erosion of trust among potential talent and may cause lasting damage to the complainant’s professional reputation.

This dispute underscores the commercial risks associated with active email-based fraud even in the absence of a functional website. Although the domain was not used to host an active web presence, it was utilized as a technical backend for fraudulent recruitment campaigns. This ‘passive web, active email’ strategy is particularly hazardous for pharmaceutical and biotechnology firms, as it allows bad actors to bypass traditional web-crawling brand protection tools while directly engaging with victims via email. The respondent’s use of the domain to capitalize on the fame of the MODERNA mark, established through registrations dating back to 2014, demonstrates a clear bad-faith intent to impersonate the complainant for illicit purposes. For brand owners, this case illustrates that a domain’s threat level is not solely determined by its web content, but by its capacity to serve as a credible vector for corporate identity theft in private communications.

Strategic Evidence of Targeted Impersonation and Functional Phishing

Modernatx succeeded by demonstrating that the Respondent’s choice of the ‘ats-‘ prefix was a deliberate attempt to exploit the pharmaceutical company’s recruitment infrastructure. Because ‘ATS’ is a widely recognized acronym for Applicant Tracking Systems, the Panel found that the domain was specifically designed to deceive potential employees into believing they were communicating with the Complainant’s Human Resources department. This evidence of industry-specific targeting was instrumental in establishing that the Respondent had no rights or legitimate interests, as the domain was not used for a bona fide offering but rather to facilitate fraudulent communications. By incorporating the MODERNA mark in its entirety, the Respondent maximized the likelihood of confusion among job seekers who would reasonably expect an official recruitment portal to use such terminology.

The Complainant’s strategy also hinged on proving bad faith through active email-based fraud despite the absence of a functional website. While the disputed domain was held passively in terms of web content, Modernatx provided evidence that it was being used to send fraudulent recruitment emails. This distinction is critical for IP professionals, as it demonstrates that UDRP panels will find bad faith registration and use even when a domain is not ‘live’ in the traditional sense, provided there is proof of deceptive outbound activity. The Panel determined that the Respondent registered the domain to capitalize on the global fame Modernatx achieved through its 2021 COVID-19 vaccine. This opportunistic registration, occurring years after the Complainant’s 2014 trademark registrations, indicated a clear motive to impersonate a high-profile corporate identity for fraudulent purposes.

Practical Recommendations

  • Proactively monitor for registrations combining core trademarks with functional industry acronyms (e.g., ‘ats-‘, ‘hr-‘, ‘invoice-‘) to identify impersonation vectors before fraud escalates.
  • Document and preserve full email headers and copies of fraudulent communications; this evidence is critical for establishing bad faith in UDRP cases where the disputed domain lacks an active website.
  • Monitor MX (Mail Exchange) records for suspicious brand-related domains; the presence of mail servers on a parked domain is a high-risk indicator of active phishing or recruitment fraud.
  • Integrate HR and Recruitment teams into the brand protection workflow to ensure that reports of ‘fake job offers’ or suspicious applicant portals are immediately channeled to the IP dispute team.
  • When filing UDRP complaints for domains using industry-specific prefixes, explicitly define the deceptive context (e.g., ‘ats’ as Applicant Tracking System) to demonstrate the respondent’s targeted bad faith.

Frequently Asked Questions (FAQ)

Why did the WIPO panel rule that ‘ats-moderna.com’ was confusingly similar to the MODERNA trademark?

The panel found the domain confusingly similar because it incorporates the MODERNA trademark in its entirety. The inclusion of the ‘ats-‘ prefix, a common acronym for ‘Applicant Tracking System,’ failed to distinguish the domain and instead heightened the risk of confusion by mimicking corporate HR infrastructure.

What evidence established that the Respondent lacked rights or legitimate interests in the disputed domain?

The panel concluded that the Respondent had no license or authorization to use the MODERNA mark. Furthermore, because the domain was used exclusively to facilitate fraudulent recruitment emails rather than a bona fide offering of goods or services, the Respondent could not claim any legitimate interests.

How was the Respondent’s bad faith proven in this case?

Bad faith was established by the Respondent’s intentional use of the domain to impersonate Modernatx, Inc. in recruitment communications. The panel determined that the Respondent targeted a well-known brand to deceive potential employees, demonstrating an opportunistic intent to capitalize on the Complainant’s reputation.

What was the tactical purpose behind the registration and use of ‘ats-moderna.com’?

The Respondent used the ‘ats-‘ prefix to lend a veneer of professional legitimacy to phishing emails. By masquerading as the Complainant’s HR department, the Respondent aimed to exploit job seekers’ trust in the MODERNA brand, highlighting a clear pattern of corporate impersonation.

Concerned about fake email or invoice fraud?

Malicious actors are increasingly leveraging domain-based impersonation to target recruitment processes and compromise corporate communications. If you have identified suspicious domains mimicking your brand, a UDRP assessment can provide a clear pathway to securing your digital perimeter and protecting your reputation from fraudulent activity.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.