Tarsus Pharmaceuticals successfully recovered two ‘rx’ themed domains used in an active corporate impersonation and phishing scheme. The Respondent utilized linked email accounts to solicit fraudulent transactions, leading the WIPO panel to order an immediate transfer of the assets.
Case Snapshot
| Case Number | D2025-5152 |
|---|---|
| Complainant | Tarsus Pharmaceuticals, Inc. |
| Respondent | Justin Gear |
| Disputed Domain | rxtarsus.com |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2026-01-20 |
| Panelist | Jeffrey M. Samuels |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5152 |
Corporate Impersonation and Phishing Risks in the Pharmaceutical Sector
The registration of rxtarsus.com and tarsusrx.com represents a calculated threat to the pharmaceutical supply chain by leveraging industry-specific identifiers. By appending the ‘rx’ keyword—a standard shorthand for prescription pharmaceuticals—to the TARSUS mark, the Respondent created a false sense of technical credibility. This naming convention is specifically designed to exploit the expectations of industry partners and clinicians who may mistake such domains for legitimate prescription portals or specialized administrative branches of Tarsus Pharmaceuticals. For brand owners, this tactic increases the likelihood of successful phishing attacks, as the ‘rx’ suffix provides a layer of perceived authenticity that typical typosquatting lacks, making it a potent tool for bypassing the skepticism of professional stakeholders.
The primary business threat in this case was the active use of the domains to facilitate fraudulent transactions and harvest sensitive private information. Rather than maintaining a passive website, the Respondent utilized linked email accounts to send communications that purported to originate from the Complainant. This transition from domain squatting to active corporate impersonation transforms a trademark dispute into a significant security and fraud event. When a threat actor uses a brand’s identity to solicit funds or data, the resulting damage includes not only direct financial losses for the targeted third parties but also a systemic erosion of trust in the brand’s digital communications infrastructure. The evidence established that these domains were used for illegitimate commercial purposes rather than any bona fide offering of goods, directly targeting the Complainant’s corporate integrity.
The use of privacy services further complicates the risk profile by delaying the identification of the threat actor and allowing the fraudulent activity to persist during the initial stages of the dispute. The Respondent’s true identity was only revealed following a registrar verification request on December 11, 2025, which pierced the ‘Domains By Proxy’ shield. This procedural gap between the detection of fraudulent emails and the identification of the registrant highlights the necessity for rapid enforcement in the biopharmaceutical sector. By securing a transfer of the assets, the Complainant stopped a scheme that leveraged a United States registered trademark to deceive third parties, effectively mitigating a scenario where sensitive corporate or personal data could have been further compromised through deceptive email-based solicitation.
Panel Reasoning: Deceptive Impersonation and Trademark Exploitation
The Panel’s analysis of confusing similarity centered on the Complainant’s ownership of a United States trademark registration for a TARSUS design mark, issued well before the domain registrations. Although the registration included a disclaimer for the exclusive use of the term TARSUS apart from the mark as shown, the Panel determined that the word remains the most distinguishing feature of the disputed domains. By appending the industry-specific ‘rx’ keyword to the mark in rxtarsus.com and tarsusrx.com, the Respondent created a direct visual and conceptual link to the Complainant’s biopharmaceutical operations, satisfying the threshold for confusing similarity under the Policy.
Regarding rights or legitimate interests, the Panel found no evidence that the Respondent was authorized to use the TARSUS mark or was commonly known by the disputed names. The record demonstrated that the domains were not utilized for a bona fide offering of goods or services but were instead employed to facilitate corporate impersonation. The Panel specifically noted that the Respondent utilized linked email accounts to deceive third parties into surrendering private information and engaging in fraudulent transactions. Such illegitimate commercial use, aimed at harvesting sensitive data and soliciting fraud, is fundamentally inconsistent with the requirements for legitimate interests.
The finding of bad faith was supported by the timing of the registrations relative to the Complainant’s established market presence and the deceptive nature of the Respondent’s active use. Because the TARSUS mark had been in continuous use since 2016—nearly a decade prior to the July 2025 registration date—the Panel inferred that the Respondent registered the domains with full knowledge of the Complainant’s rights. The subsequent deployment of the domains for phishing and email fraud, combined with the initial use of a privacy shield to mask the registrant’s identity until the registrar verification process, provided clear evidence of an intent to exploit the Complainant’s corporate identity for illicit financial gain.
Strategy Breakdown: Proving Active Impersonation
Tarsus Pharmaceuticals successfully established bad faith by documenting the active use of domain-linked email accounts for deceptive communications. By presenting evidence that the Respondent sent emails purporting to be from the Complainant to solicit fraudulent transactions and harvest private data, the Complainant moved the case beyond mere typo-squatting into the realm of criminal impersonation. This specific documentation of outbound phishing activities provided the Panel with a clear basis to find that the domains were never intended for a bona fide offering of goods or services, but were instead instruments of fraud designed to exploit the Complainant’s established reputation in the biopharmaceutical sector since its founding in 2016. This evidence of active harm outweighed any defense regarding the disclaimed nature of the term TARSUS in certain trademark registrations.
The Complainant’s focus on the industry-specific ‘rx’ keyword highlighted a calculated attempt by the Respondent to gain credibility within the pharmaceutical supply chain. By combining the TARSUS mark with a term synonymous with prescription medicine, the Respondent created a high risk of confusion among professional partners and clients. Furthermore, the Complainant demonstrated procedural agility when the initial privacy-shielded registrant was revealed to be Justin Gear during the December 2025 verification process. Promptly amending the Complaint to name the actual individual ensured that the enforcement action was directed at the correct party, effectively neutralizing the anonymity typically afforded by proxy services and allowing the Panel to link the fraudulent emails directly to the named Respondent.
Practical Recommendations
- Monitor for ‘brand-plus-keyword’ domain registrations that incorporate industry-specific terms like ‘rx’ to proactively identify potential phishing vectors targeting the pharmaceutical supply chain.
- Implement a protocol to capture and preserve full email headers and message content from unauthorized domains, as active use of linked email accounts to solicit transactions is definitive evidence of bad faith.
- Verify the presence of MX records on newly registered domains containing your brand name; an active MX record without a corresponding website often signals an intent for corporate impersonation via email.
- Anticipate a two-stage filing process when privacy services are used; ensure legal teams are prepared to submit an ‘Amended Complaint’ immediately after the registrar reveals the true registrant’s identity to avoid procedural delays.
- Emphasize the trademark’s role as the ‘distinguishing feature’ in UDRP filings to successfully establish confusing similarity, even in cases where certain components of the registered mark have been disclaimed.
Frequently Asked Questions (FAQ)
Why were the domains rxtarsus.com and tarsusrx.com considered confusingly similar to the TARSUS mark?
The WIPO Panel determined that the term ‘TARSUS’ is the most distinguishing feature of the disputed domains. Despite the addition of the ‘rx’ keyword, the domains remained confusingly similar to the Complainant’s registered TARSUS mark, which the Complainant has used continuously since 2016.
How did the respondent attempt to establish credibility, and why was this deemed an illegitimate interest?
The Respondent used the ‘rx’ keyword to mimic a pharmaceutical supply chain presence, attempting to gain industry-specific credibility. The Panel found this use illegitimate because the domain was not used for bona fide offerings, but rather as a vehicle for active corporate impersonation.
What evidence was decisive in proving the Respondent acted in bad faith?
Bad faith was established by the Respondent’s active use of the domains to send fraudulent emails impersonating Tarsus Pharmaceuticals. These communications were specifically designed to deceive third parties into conducting unauthorized transactions and harvesting sensitive private information.
How did the procedural discovery process affect the outcome of this case?
The Complainant initially filed against a privacy service. During the UDRP procedural timeline, a registrar verification request revealed the true identity of the registrant, Justin Gear, allowing the Complainant to amend the filing and successfully secure the transfer of both domains.
Is your brand being impersonated?
Corporate impersonation through deceptive domains and email fraud can lead to significant financial loss and reputational damage. If you have identified unauthorized domains or fraudulent communications targeting your company, a UDRP strategy may help you regain control and protect your stakeholders.
This case note is for informational purposes only and is not legal advice.



