5 May, 2026

Lookalike Domain roche-com.com Targeted Roche Accounting Department in Phishing Scheme

UDRP Cases

F. Hoffmann-La Roche AG successfully secured the transfer of the disputed domain <roche-com.com> after a respondent used it for corporate impersonation. Respondent Clement CAZAUTETS utilized the domain to run an active phishing scheme targeting third parties by posing as the company’s accounting department. Panelist Delia-Mihaela Belciu ordered the domain transferred due to clear evidence of bad faith registration and lack of legitimate rights.

Case Snapshot

Case Number D2025-4676
Complainant F. Hoffmann-La Roche AG
Respondent Clement CAZAUTETS
Disputed Domain
roche-com.com
Threat Tactic Phishing and Email Fraud
Decision Date 2026-01-02
Panelist Delia-Mihaela Belciu
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4676

Deceptive Accounting Impersonation and the Vulnerability of Hyphenated Portfolio Gaps

The registration of roche-com.com by Clement CAZAUTETS on September 22, 2025, highlights a highly targeted form of corporate impersonation designed to bypass typical web-based detection. Rather than using the domain to host an active website, the respondent kept the webpage inactive while actively utilizing the domain to execute a phishing and email scam pretending to be the internal Accounting Department of F. Hoffmann-La Roche AG. This selective use of MX records for mail-only operations allows fraudulent actors to communicate directly with corporate partners and vendors under the guise of official accounting representatives, creating immediate risks of unauthorized business email compromise (BEC), redirection of payments, and theft of sensitive financial records.

From a brand protection standpoint, this dispute exposes the critical vulnerabilities left by gaps in defensive domain portfolios. While F. Hoffmann-La Roche AG maintains primary assets like roche.com, the omission of simple hyphenated combinations such as roche-com.com provides malicious entities with an easy vector for registration. These lookalike domains carry high semantic credibility with recipient systems and users because they closely mimic legitimate corporate syntax. Corporate IP managers must evaluate their defensive registration matrices to proactively secure logical combinations of their core trademarks combined with generic terms and structural punctuation, thereby preventing hostile actors from acquiring highly convincing sender channels.

Additionally, the administrative obstacles encountered in identifying the respondent demonstrate how bad-faith actors leverage registration privacy to prolong their campaigns. By initially hiding behind the privacy service ‘Registration Private, DomainsbyProxy.com’, the respondent delayed immediate identification and enforcement. For security teams and trademark counsel, this delay emphasizes that relying solely on public WHOIS records is insufficient; swift deployment of the WIPO UDRP verification process is essential to uncover true identities, disable active deceptive domains, and neutralize phishing operations before they result in unrecoverable financial losses.

Strategic Brand Protection: Countering Portfolio Gaps and Accounting Impersonation

F. Hoffmann-La Roche AG secured the transfer of the disputed domain roche-com.com by exposing how the respondent exploited a critical defensive domain portfolio gap to execute corporate impersonation. Although the complainant holds long-standing international registrations for the ROCHE trademark dating back to 1967 and 1968, the registration of the lookalike domain on September 22, 2025, highlights how malicious actors target predictable brand variations. By combining the famous mark with a hyphen and the term ‘com’, the respondent bypassed basic exact-match protective registrations. Furthermore, because the disputed domain resolved to an inactive webpage, standard visual web-monitoring systems would fail to detect the active threat, allowing the respondent to launch deceptive operations under the radar of traditional brand protection controls.

The success of the complainant’s strategy rested on presenting evidence that the inactive domain was being used as an active vector for a targeted email scam. Specifically, the respondent utilized the domain to run a phishing scheme pretending to be the Complainant’s Accounting Department. While the respondent initially hid behind the privacy service ‘Registration Private, DomainsbyProxy.com’, the registrar verification process unmasked the true registrant as Clement CAZAUTETS. The complainant promptly filed an amendment to the complaint following the WIPO Center’s disclosure on November 17, 2025. This procedural agility, combined with proof of targeted departmental impersonation, convinced Panelist Delia-Mihaela Belciu to order a complete transfer, proving that passive web hosting does not shield respondents when active email abuse is documented.

Practical Recommendations

  • Conduct a comprehensive audit of the defensive domain portfolio to identify and close critical structural gaps, specifically securing common hyphenated variations like ‘[brand]-com.com’ that mimic legitimate corporate domains.
  • Implement advanced domain monitoring services that track new domain registrations with active MX (Mail Exchange) records, allowing security teams to detect email-only corporate impersonation schemes even if the associated webpage remains inactive.
  • Establish strict out-of-band verification protocols within corporate accounting and finance departments to counter phishing scams that impersonate internal business units using subtle lookalike domains.
  • Leverage rapid-response UDRP filings immediately upon detecting brand-impersonating phishing activity to force registrars to freeze the domain and disclose the real registrant behind privacy protection services.

Frequently Asked Questions (FAQ)

Why was the domain ‘roche-com.com’ considered confusingly similar to F. Hoffmann-La Roche AG’s trademarks?

The panel found that ‘roche-com.com’ incorporates the well-known ROCHE trademark in its entirety, creating a high likelihood of confusion for internet users by deceptively mimicking the brand’s primary identity.

What evidence proved the respondent acted in bad faith?

The respondent, Clement CAZAUTETS, registered the domain to impersonate Roche’s Accounting Department for a phishing scheme. This fraudulent activity, combined with the domain’s lack of legitimate use and the respondent’s reliance on privacy services, established clear bad faith.

How did the respondent attempt to hide their identity during the dispute?

Initially, the respondent utilized the ‘DomainsbyProxy’ privacy service to mask their identity. However, registrar verification procedures disclosed their true identity, confirming the respondent’s effort to shield themselves from detection while operating the deceptive scheme.

What business risk does this case highlight regarding domain management?

The case demonstrates that relying exclusively on exact-match defensive registrations leaves gaps for attackers to exploit using simple hyphenated variations, specifically for email-based impersonation attacks that can bypass standard website monitoring.

Concerned about fake email or invoice fraud?

Lookalike domains are frequently exploited to impersonate corporate departments and execute business email compromise. Don’t wait for a breach; audit your domain portfolio for hidden vulnerabilities and gaps today.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.