5 May, 2026

Employee Impersonation Fraud Targeted Neurocrine Biosciences via Deceptive Domain

UDRP Cases

Neurocrine Biosciences, Inc. successfully recovered the domain neurocrine-inc.com after it was utilized in a procurement fraud scheme. An unauthorized third party used the domain to impersonate an employee and send fraudulent emails to order goods in the company’s name. The WIPO panelist found this use constituted clear bad faith and ordered the domain transferred to the Complainant.

Case Snapshot

Case Number D2025-5234
Complainant Neurocrine Biosciences, Inc.
Respondent Deji Mexiscana, THE HERSHEY COMPANY
Disputed Domain
neurocrine-inc.com
Threat Tactic Corporate Impersonation
Decision Date 2026-01-30
Panelist Jeffrey M. Samuels
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5234

Procurement Fraud and Supply Chain Deception via Employee Impersonation

The use of neurocrine-inc.com represents a direct threat to corporate procurement integrity and vendor trust. By incorporating the ‘inc’ corporate identifier, the Respondent created a highly credible email platform used to impersonate a specific employee of Neurocrine Biosciences. This tactic was leveraged to issue fraudulent orders for goods, attempting to bind the Complainant to unauthorized financial liabilities. For pharmaceutical entities, such schemes do more than create immediate fiscal risk; they compromise the specialized vendor relationships and supply chain trust necessary for maintaining operations in a highly regulated industry where naming conventions are often relied upon for verification.

Beyond external fraud, the case reveals a significant risk regarding identity theft and the manipulation of registrar data. The Respondent registered the domain using the organization name of ‘The Hershey Company,’ a well-known third party, which the WIPO panel identified as a likely case of identity theft used to mask the registrant’s true identity. This multi-layered impersonation—targeting both an internal employee of the Complainant and a separate, unrelated corporate entity—demonstrates a calculated effort to subvert standard security and due diligence protocols. For brand owners, this underscores the necessity of monitoring for domains that utilize generic corporate suffixes to facilitate business email compromise (BEC) rather than traditional public-facing web content.

The procedural timeline highlights the business priority of rapid intervention when fraudulent activity is detected. The Complainant attempted to secure a registrar-level suspension on November 14, 2025, roughly one month before the formal UDRP filing, in an effort to immediately halt the impersonation scheme. This proactive approach illustrates the business need for quick technical mitigation; however, the eventual necessity of a WIPO decision confirms that formal legal recovery is often required to permanently neutralize domains that exploit specific employee identities and corporate aliases for procurement fraud.

Strategic Breakdown: Leveraging Impersonation Evidence to Establish Bad Faith

The success of the Complainant’s strategy rested on the transition from identifying a confusingly similar domain to proving an active, fraudulent scheme. By documenting that the domain neurocrine-inc.com was used to impersonate a specific employee for the purpose of placing unauthorized orders, the Complainant provided concrete evidence of bad faith registration and use. This shifted the focus from a standard trademark dispute to a matter of procurement fraud. The WIPO panelist found this evidence persuasive, noting that it was inconceivable the Respondent was unaware of the pharmaceutical company’s trademark, which has been in use since 1992. The active use of the domain for fraudulent emails, despite the lack of an associated website, allowed the panel to draw clear conclusions regarding the Respondent’s intent for financial gain.

Furthermore, the Complainant effectively highlighted the Respondent’s multi-layered deceptive tactics, including the use of the generic corporate identifier ‘-inc’ and the fraudulent use of ‘The Hershey Company’ as a registrant organization alias. This evidence of identity theft and supply chain targeting underscored the lack of any rights or legitimate interests. The Complainant’s proactive approach—initially attempting a registrar suspension in November 2025 before escalating to a UDRP filing in December—demonstrated a measured response to the immediate business risks of financial liability and vendor relation damage. By presenting the Respondent’s default as a further indication of a lack of legitimate defense, the Complainant secured a transfer that protects both its corporate identity and its external procurement channels.

Practical Recommendations

  • Proactively monitor for ‘Brand + Corporate Suffix’ registrations (e.g., -inc, -corp, -group), as these specific variations are highly effective in deceiving supply chain partners who rely on standard naming conventions.
  • Implement a vendor verification protocol that requires secondary confirmation for any procurement requests originating from email domains that incorporate corporate identifiers not explicitly used by your primary mail servers.
  • Document and submit evidence of pre-UDRP mitigation efforts, such as registrar suspension requests or reports of identity theft, to substantiate the urgency of the matter and the Respondent’s bad faith intent.
  • Train procurement and high-profile employees to recognize that the absence of a live website (passive holding) on a brand-related domain often signals that the domain is being used exclusively for MX-record-based email impersonation.
  • Examine and challenge WHOIS data that uses third-party corporate aliases; highlighting the fraudulent use of a known company’s name (like ‘The Hershey Company’ in this case) strengthens the argument for bad faith registration.

Frequently Asked Questions (FAQ)

Why was the domain ‘neurocrine-inc.com’ considered confusingly similar to the company’s trademark?

The WIPO panel found the domain confusingly similar because it incorporated the ‘NEUROCRINE’ trademark in its entirety, merely appending the generic corporate identifier ‘-inc’ and the ‘.com’ gTLD, which directly mimics official business naming conventions.

How did the respondent demonstrate a lack of rights or legitimate interests in the domain?

The respondent had no affiliation or authorization to use the Neurocrine Biosciences trademark. The panel noted that the domain was used exclusively for illicit purposes rather than a legitimate business, and the respondent’s failure to reply to the complaint led to an adverse inference regarding their lack of rights.

What evidence proved the respondent acted in bad faith?

Bad faith was established by the respondent’s specific use of the domain to impersonate a Neurocrine Biosciences employee for the purpose of placing fraudulent procurement orders, combined with the use of a third-party organization’s name as an alias during the registration process.

What practical outcome and security lesson does this case highlight for the business?

The domain was ordered to be transferred to the complainant. This case highlights the critical risk of ‘domain-based impersonation,’ where attackers use look-alike domains to deceive supply chain partners and internal vendors, necessitating proactive registrar monitoring and employee verification protocols.

Is your organization facing corporate impersonation?

Employee impersonation and procurement fraud can severely damage your vendor relationships and brand reputation. Learn how UDRP proceedings can help you reclaim domains used to deceive your business partners.

Assess impersonation threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.