Carrefour SA secured the transfer of eight disputed domain names targeting its ‘CARREFOUR PASS’ financial services brand. A WIPO panel consolidated the cases after finding the domains were registered in bad faith under common control and held passively. The ruling successfully neutralizes potential corporate impersonation risks utilizing Spanish-language customer portal terms.
Case Snapshot
| Case Number | D2025-0245 |
|---|---|
| Complainant | Carrefour SA |
| Respondent | packet emblazerbacklash alooCharles E PettyEmiliano Santiagokarl maxsian su |
| Disputed Domain | aviso-carrefourpass.infoavisos-carrefourpass.infocarrefourpassavisos.infocarrefourpass-cliente.comcarrefourpass-login.comcarrefourpass-soporte.comcarrefourpass-usuario.comes-carrefour-pass.com |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2025-03-18 |
| Panelist | Tobias Malte Müller |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-0245 |
Latent Phishing and Impersonation Risks in Targeted Payment Brand Portfolios
The coordinated registration of eight domain names combining the famous ‘CARREFOUR PASS’ trademark with Spanish-language administrative and operational terms represents a calculated corporate impersonation risk. By pairing the financial services brand with highly specific terms like ‘login’, ‘cliente’, ‘soporte’, ‘usuario’, and ‘aviso’, the undisclosed registrants constructed deceptive digital coordinates. Although the disputed domain names resolved to error pages or ‘under construction’ landing pages, their naming structures strongly imply official administrative or customer support functions. For a global retailer operating more than 14,000 stores, the existence of such unauthorized portals creates a latent threat of future phishing or credential-harvesting campaigns targeting Spanish-speaking clients.
The business threat of passive domain holding is magnified when the registrations directly target transactional or customer support interfaces. While Carrefour SA did not face active phishing sites on these specific domains, the risk of sudden deployment remains a continuous vulnerability. Coordinated multi-domain portfolios under common control can be easily activated to launch targeted attacks, which would directly impact customer trust. Consequently, brand owners must treat the registration of trademark-plus-keyword domains as active business threats requiring immediate legal intervention through the UDRP, rather than waiting for active commercial abuse to manifest.
Panelist Analysis of Confusing Similarity, Legitimate Interests, and Bad Faith
In analyzing the first element of the UDRP, Panelist Tobias Malte Müller determined that the eight disputed domain names are confusingly similar to the Complainant’s registered CARREFOUR and CARREFOUR PASS trademarks. The panelist ruled that the addition of Spanish administrative and customer service terms—such as ‘aviso’, ‘cliente’, ‘soporte’, ‘login’, and ‘usuario’—does not diminish the likelihood of confusion. Furthermore, the presence of one or more hyphens within the domain names is of negligible significance when assessing confusing similarity, as the dominant trademark remains highly recognizable and central within each disputed string.
Regarding the second element, the panelist concluded that the respondents have no rights or legitimate interests in the disputed domain names. None of the legal circumstances enabling a respondent to prove legitimate interests under the Policy were present in this case. Specifically, the respondents have acquired no trademark rights in the term ‘CARREFOUR’ that could grant them legitimate authority, nor is there any evidence that they have been commonly known by these names as individuals, businesses, or other organizations. Additionally, the Complainant, whose global trademark registrations long predate the early 2025 registrations, never authorized or licensed the respondents to use its intellectual property.
For the third element, the panelist found both bad faith registration and bad faith use, noting that the combination of all elements unequivocally showed the respondents acted in bad faith. Because the CARREFOUR trademarks are so widely well-known globally, the panel determined it was inconceivable that the respondents could have registered these domains without knowledge of the Complainant’s earlier rights. Although the disputed domain names resolved only to error pages or ‘under construction’ landing pages, this passive holding satisfies the bad faith criteria under established WIPO jurisprudence given the fame of the marks and the high risk of implied affiliation.
From a procedural and strategic perspective, this decision highlights the utility of consolidation arguments when dealing with distributed domain portfolios. Although registrar verification requests in January 2025 revealed multiple distinct respondent names, the Complainant successfully established that the registrations were under common control due to similarities in registration timing, naming composition, and targeted administrative terms. Securing a single consolidated transfer order allows brand owners to efficiently dismantle coordinated multi-domain threats targeting their customer-facing portals without the cost of filing separate UDRP complaints.
Consolidation of Coordinated Registrants and the Jurisprudence of Passive Holding
Carrefour SA’s legal strategy succeeded by consolidating eight disputed domain names registered under multiple distinct respondent names into a single corporate complaint. In January 2025, registrar verification requests revealed different registrant names, yet the Complainant successfully argued that these respondents were operating under common control. By highlighting key structural connections—specifically the highly coordinated timing of the registrations in early 2025, the identical targeting of the CARREFOUR PASS mark, the shared Spanish administrative suffixes, and the choice of registrars—the Complainant overcame procedural hurdles. This consolidation prevented the need for multiple separate filings and established a unified pattern of bad faith registration.
The Complainant’s case was further strengthened by proving that the passive holding of these domains satisfied the bad faith criteria under established UDRP jurisprudence. Although the disputed domains only resolved to error or under construction pages, the Complainant demonstrated that its CARREFOUR and CARREFOUR PASS trademarks are so widely known globally that the respondents could not have registered the names without prior knowledge of the brand. Pairing these famous financial services trademarks with Spanish-language administrative and transactional terms like ‘soporte’, ‘cliente’, and ‘login’ created a continuous latent risk of future customer confusion. This combination allowed the panelist to conclude that the registrations carried an implied affiliation, justifying the transfer before active phishing or credential harvesting could occur.
Practical Recommendations
- Consolidate multiple domain disputes into a single WIPO UDRP complaint when encountering coordinated registrations. Establish ‘common control’ by documenting shared registrants, matching creation dates (e.g., early 2025), identical registrars, and highly consistent naming patterns.
- Target localized administrative and customer-facing terms (such as ‘soporte’, ‘cliente’, ‘aviso’, and ‘login’) in continuous domain monitoring programs, particularly for high-risk sub-brands or payment portals like ‘Carrefour Pass’.
- Initiate UDRP complaints against passively held domains resolving to error or ‘under construction’ pages without waiting for active phishing or abuse to materialize. Under WIPO jurisprudence, the passive holding of a well-known trademark with critical administrative terms strongly indicates bad faith.
- Establish a prompt verification process with registrars upon detecting domain registration spikes to quickly unmask hidden registrant details and verify common actors behind private or proxy registration services.
Frequently Asked Questions (FAQ)
Why were the domain names considered confusingly similar to the Carrefour trademarks?
The panel ruled that incorporating the trademark ‘CARREFOUR’ alongside terms like ‘login’, ‘soporte’, or ‘cliente’ did not mitigate confusion. It found that the addition of hyphens or descriptive words is of negligible significance and likely suggests an affiliation or sponsorship by Carrefour SA.
How did the complainant prove that the respondents lacked rights or legitimate interests?
The complainant established that the respondents had no trademark rights in the ‘CARREFOUR’ name, were not commonly known by the disputed domains as individuals or businesses, and were never authorized or licensed by Carrefour SA to use the trademarks.
What evidence supported the panel’s finding of bad faith registration?
The panel determined bad faith because the ‘CARREFOUR’ and ‘CARREFOUR PASS’ trademarks are globally well-known. It was deemed inconceivable that the respondents—who registered eight coordinated domains using Spanish-language service terms—were unaware of the complainant’s earlier rights.
What was the legal significance of the ‘passive holding’ tactic used by the respondents?
Despite the domains resolving only to error or ‘under construction’ pages, the panel found the registration and continued passive holding to be in bad faith. By consolidating multiple domains under common control, the panel concluded the tactic served to create latent risks of future corporate impersonation and phishing.
Found a brand-plus-keyword impersonation domain?
Coordinated registrations combining your brand with service-related terms like ‘login’ or ‘soporte’ create significant latent risks. Learn how to identify and neutralize these threats before they escalate into active impersonation.
This case note is for informational purposes only and is not legal advice.



