F. Hoffmann-La Roche AG successfully secured the transfer of the disputed domain <roche-com.com> after a respondent used it for corporate impersonation. Respondent Clement CAZAUTETS utilized the domain to run an active phishing scheme targeting third parties by posing as the company’s accounting department. Panelist Delia-Mihaela Belciu ordered the domain transferred due to clear evidence of bad faith registration and lack of legitimate rights.
Case Snapshot
| Case Number | D2025-4676 |
|---|---|
| Complainant | F. Hoffmann-La Roche AG |
| Respondent | Clement CAZAUTETS |
| Disputed Domain | roche-com.com |
| Threat Tactic | Phishing and Email Fraud |
| Decision Date | 2026-01-02 |
| Panelist | Delia-Mihaela Belciu |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4676 |
Deceptive Accounting Impersonation and the Vulnerability of Hyphenated Portfolio Gaps
The registration of roche-com.com by Clement CAZAUTETS on September 22, 2025, highlights a highly targeted form of corporate impersonation designed to bypass typical web-based detection. Rather than using the domain to host an active website, the respondent kept the webpage inactive while actively utilizing the domain to execute a phishing and email scam pretending to be the internal Accounting Department of F. Hoffmann-La Roche AG. This selective use of MX records for mail-only operations allows fraudulent actors to communicate directly with corporate partners and vendors under the guise of official accounting representatives, creating immediate risks of unauthorized business email compromise (BEC), redirection of payments, and theft of sensitive financial records.
From a brand protection standpoint, this dispute exposes the critical vulnerabilities left by gaps in defensive domain portfolios. While F. Hoffmann-La Roche AG maintains primary assets like roche.com, the omission of simple hyphenated combinations such as roche-com.com provides malicious entities with an easy vector for registration. These lookalike domains carry high semantic credibility with recipient systems and users because they closely mimic legitimate corporate syntax. Corporate IP managers must evaluate their defensive registration matrices to proactively secure logical combinations of their core trademarks combined with generic terms and structural punctuation, thereby preventing hostile actors from acquiring highly convincing sender channels.
Additionally, the administrative obstacles encountered in identifying the respondent demonstrate how bad-faith actors leverage registration privacy to prolong their campaigns. By initially hiding behind the privacy service ‘Registration Private, DomainsbyProxy.com’, the respondent delayed immediate identification and enforcement. For security teams and trademark counsel, this delay emphasizes that relying solely on public WHOIS records is insufficient; swift deployment of the WIPO UDRP verification process is essential to uncover true identities, disable active deceptive domains, and neutralize phishing operations before they result in unrecoverable financial losses.
Panel Evaluation of Confusing Similarity, Legitimate Interests, and Bad Faith
In analyzing the first element of the Policy, Panelist Delia-Mihaela Belciu concluded that the disputed domain name, roche-com.com, is confusingly similar to the Complainant’s registered ROCHE trademark. F. Hoffmann-La Roche AG established rights in the mark through multiple international registrations dating back to 1967 and 1968. The addition of a hyphen and the term ‘com’ to the well-known mark does not prevent a finding of confusing similarity. This highlights how corporate trademark portfolios remain vulnerable to simple typographic or syntax variations that exploit the primary brand name in lookalike formats.
Regarding the second element, the Panel determined that the Respondent, Clement CAZAUTETS, possessed no rights or legitimate interests in the disputed domain name. Although the domain resolved to an inactive webpage, evidence in the case file demonstrated that it was actively utilized in an email scam and phishing scheme. This fraudulent activity specifically impersonated the Complainant’s Accounting Department. The Panel confirmed that using a lookalike domain name to deceive third parties by posing as a corporate administrative department can never confer legitimate rights or bona fide commercial use.
The bad faith analysis under the third element focused on both the registration and active use of the domain. Because the ROCHE mark enjoys extensive global notoriety and was registered decades prior to the September 22, 2025 registration of roche-com.com, the Respondent knew or should have known of the Complainant’s rights. The Panel found that the Respondent’s primary motive was to capitalize on and take advantage of the Complainant’s trademark by creating a confusing lookalike domain. This bad faith registration was compounded by the active execution of the accounting-themed phishing scam and the initial concealment of the registrant’s identity behind the privacy service ‘Registration Private, DomainsbyProxy.com’.
From a business and IP management perspective, this ruling underscores the critical risk of passive-looking domains that harbor active threat vectors. While the public website remained inactive, the underlying email functionality was actively deployed to execute highly targeted corporate impersonation. Brand protection professionals must recognize that defensive registration strategies require continuous monitoring of variations targeting administrative functions, as malicious actors increasingly bypass web-based detection to launch email-based phishing campaigns.
Strategic Brand Protection: Countering Portfolio Gaps and Accounting Impersonation
F. Hoffmann-La Roche AG secured the transfer of the disputed domain roche-com.com by exposing how the respondent exploited a critical defensive domain portfolio gap to execute corporate impersonation. Although the complainant holds long-standing international registrations for the ROCHE trademark dating back to 1967 and 1968, the registration of the lookalike domain on September 22, 2025, highlights how malicious actors target predictable brand variations. By combining the famous mark with a hyphen and the term ‘com’, the respondent bypassed basic exact-match protective registrations. Furthermore, because the disputed domain resolved to an inactive webpage, standard visual web-monitoring systems would fail to detect the active threat, allowing the respondent to launch deceptive operations under the radar of traditional brand protection controls.
The success of the complainant’s strategy rested on presenting evidence that the inactive domain was being used as an active vector for a targeted email scam. Specifically, the respondent utilized the domain to run a phishing scheme pretending to be the Complainant’s Accounting Department. While the respondent initially hid behind the privacy service ‘Registration Private, DomainsbyProxy.com’, the registrar verification process unmasked the true registrant as Clement CAZAUTETS. The complainant promptly filed an amendment to the complaint following the WIPO Center’s disclosure on November 17, 2025. This procedural agility, combined with proof of targeted departmental impersonation, convinced Panelist Delia-Mihaela Belciu to order a complete transfer, proving that passive web hosting does not shield respondents when active email abuse is documented.
Practical Recommendations
- Conduct a comprehensive audit of the defensive domain portfolio to identify and close critical structural gaps, specifically securing common hyphenated variations like ‘[brand]-com.com’ that mimic legitimate corporate domains.
- Implement advanced domain monitoring services that track new domain registrations with active MX (Mail Exchange) records, allowing security teams to detect email-only corporate impersonation schemes even if the associated webpage remains inactive.
- Establish strict out-of-band verification protocols within corporate accounting and finance departments to counter phishing scams that impersonate internal business units using subtle lookalike domains.
- Leverage rapid-response UDRP filings immediately upon detecting brand-impersonating phishing activity to force registrars to freeze the domain and disclose the real registrant behind privacy protection services.
Frequently Asked Questions (FAQ)
Why was the domain ‘roche-com.com’ considered confusingly similar to F. Hoffmann-La Roche AG’s trademarks?
The panel found that ‘roche-com.com’ incorporates the well-known ROCHE trademark in its entirety, creating a high likelihood of confusion for internet users by deceptively mimicking the brand’s primary identity.
What evidence proved the respondent acted in bad faith?
The respondent, Clement CAZAUTETS, registered the domain to impersonate Roche’s Accounting Department for a phishing scheme. This fraudulent activity, combined with the domain’s lack of legitimate use and the respondent’s reliance on privacy services, established clear bad faith.
How did the respondent attempt to hide their identity during the dispute?
Initially, the respondent utilized the ‘DomainsbyProxy’ privacy service to mask their identity. However, registrar verification procedures disclosed their true identity, confirming the respondent’s effort to shield themselves from detection while operating the deceptive scheme.
What business risk does this case highlight regarding domain management?
The case demonstrates that relying exclusively on exact-match defensive registrations leaves gaps for attackers to exploit using simple hyphenated variations, specifically for email-based impersonation attacks that can bypass standard website monitoring.
Concerned about fake email or invoice fraud?
Lookalike domains are frequently exploited to impersonate corporate departments and execute business email compromise. Don’t wait for a breach; audit your domain portfolio for hidden vulnerabilities and gaps today.
This case note is for informational purposes only and is not legal advice.



