Byoma Limited successfully secured the transfer of byomaofficial.shop after the respondent used the domain to host a fraudulent website impersonating the official brand. The site mimicked Byoma’s branding and collected user data, resulting in a unanimous decision for transfer due to bad faith use.
Case Snapshot
| Case Number | D2026-1504 |
|---|---|
| Complainant | Byoma Limited |
| Respondent | kellyw kellyw |
| Disputed Domain | byomaofficial.shop |
| Threat Tactic | Fake Stores |
| Decision Date | 2026-06-17 |
| Panelist | Dilek Zeybel |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1504 |
Business Risks of Impersonation and Data Harvesting via Fraudulent Storefronts
The registration of ‘byomaofficial.shop’ represents a significant threat to Byoma Limited’s brand equity and consumer security. By replicating the complainant’s official logo, visual content, and product offerings, the respondent created a deceptive storefront designed to confuse the public. The strategic use of the term ‘official’ within the domain name served to reinforce this false legitimacy, increasing the likelihood that unsuspecting customers would believe they were interacting with an authorized distribution channel. Such tactical impersonation directly facilitates traffic diversion, effectively intercepting consumers seeking authentic products and redirecting them to an illicit environment.
Beyond the immediate impact of trademark dilution, the inclusion of functional login, registration, and checkout components indicates a malicious intent to harvest sensitive consumer data. These mechanisms create a high-risk vector for fraud, potentially compromising customer personal information and payment details under the guise of legitimate commerce. While the disputed domain eventually ceased to resolve to an active site, the prior existence of these data-collection mechanisms highlights the critical danger posed by domain-based brand abuse. The respondent’s total failure to participate in the UDRP proceedings underscores a lack of legitimate interest and validates the necessity of proactive enforcement to protect consumer trust and company reputation from sophisticated digital impersonation tactics.
Panel Reasoning: Confusing Similarity, Lack of Legitimate Interests, and Bad Faith
The panel determined that the disputed domain name, byomaofficial.shop, is confusingly similar to the BYOMA trademark, noting that the inclusion of the term ‘official’ does not mitigate the risk of confusion. Instead, the panel found that such suffixing actually reinforces the false impression that the domain is officially affiliated with, endorsed by, or operated by Byoma Limited, thereby deceiving consumers into believing they are navigating the brand’s authorized digital storefront.
Regarding the respondent’s rights or legitimate interests, the record established that the respondent was never authorized to use the BYOMA mark in any capacity. The panel concluded that the respondent’s use of the domain to host an unauthorized website—which meticulously reproduced the complainant’s logo, trademark, and visual identity—cannot constitute a legitimate noncommercial or fair use. This unauthorized impersonation serves as a per se indicator that the respondent possesses no demonstrable rights to the domain.
Finally, the panel found compelling evidence of bad faith registration and use. The respondent clearly possessed knowledge of the complainant’s distinctive trademark, as evidenced by the full-scale replication of official website content to create a fraudulent shopping experience complete with active checkout and data harvesting functionalities. By intentionally attempting to divert and attract internet users for commercial gain under the guise of an official entity, the respondent’s conduct fully satisfies the requirements for a transfer under the UDRP, even in the absence of a formal response from the respondent.
Strategic Analysis of Enforcement Against Domain Impersonation
The success of Byoma Limited’s UDRP strategy relied on a comprehensive evidentiary submission that highlighted both trademark infringement and the operational risks posed by the respondent’s domain. By demonstrating that the domain ‘byomaofficial.shop’ incorporated the BYOMA trademark in its entirety, the complainant established that the addition of the suffix ‘official’ served only to reinforce consumer deception rather than distinguish the site. This approach was critical because it positioned the domain as an active instrument of fraud, with the complainant providing concrete evidence that the site replicated official visual assets, logos, and product content to mimic a legitimate storefront.
Furthermore, the complainant’s focus on the site’s functional components—specifically the inclusion of unauthorized login, registration, and checkout pages—effectively demonstrated the respondent’s bad faith use under the Policy. By highlighting these specific mechanisms for data collection, the complainant articulated a tangible risk of consumer harm that underscored the urgency of the transfer request. The respondent’s failure to participate or offer any defense allowed the panel to rely heavily on the complainant’s documented evidence regarding the unauthorized use of its brand identity, leading to a streamlined conclusion that the domain was designed solely to divert traffic for illegitimate commercial gain.
Practical Recommendations
- Implement proactive domain monitoring for variations including the term ‘official’ and other common suffixes combined with the core brand name to identify look-alike storefronts early.
- Archive screenshots and harvest full-page content of fraudulent websites immediately upon discovery to provide robust, time-stamped evidence for UDRP filings.
- Utilize WIPO UDRP proceedings aggressively against fake shops even when the site is inactive at the time of the decision, as prior bad faith use is sufficient grounds for domain transfer.
- Integrate brand security alerts with customer service channels to identify and report potential data harvesting sites where users may have unwittingly submitted personal information.
- Engage with registrars or hosting providers using the UDRP panel’s findings of bad faith to facilitate the removal of associated malicious infrastructure beyond just the domain transfer.
Frequently Asked Questions (FAQ)
Why was the domain ‘byomaofficial.shop’ considered confusingly similar to the Byoma trademark?
The panel determined that the domain incorporated the ‘BYOMA’ trademark in its entirety. The addition of the suffix ‘official’ failed to mitigate confusion and instead served to falsely reinforce the impression that the site was affiliated with or endorsed by Byoma Limited.
What evidence proved the respondent lacked rights or legitimate interests in the domain?
The respondent was never authorized or affiliated with Byoma Limited. Furthermore, the use of the domain to host a site that impersonated the brand by reproducing its logo, trademarks, and content to deceptively mimic an official store does not constitute a legitimate interest.
How did the panel establish that the respondent acted in bad faith?
The respondent intentionally used the domain to lure users for commercial gain by mimicking the official Byoma store. The presence of functional login and checkout forms, designed to harvest sensitive user information, confirmed a clear intent to capitalize on consumer confusion regarding the brand’s identity.
What was the practical outcome of this case for Byoma Limited?
Following the respondent’s failure to respond to the complaint, the panel ordered the transfer of the disputed domain ‘byomaofficial.shop’ to Byoma Limited, successfully neutralizing the threat posed by the fraudulent storefront.
Found a fake shop using your brand?
Protect your customers and brand reputation from unauthorized storefronts mimicking your official site. Learn how to secure domain transfers and mitigate data harvesting risks.
This case note is for informational purposes only and is not legal advice.



