5 May, 2026

Typosquatted Domain eurovra.com Used in Supplier Invoice Diversion Scheme Against VINCI CONSTRUCTION

UDRP Cases

VINCI CONSTRUCTION successfully secured the transfer of the typosquatted domain eurovra.com following a WIPO UDRP proceeding. The domain was registered on November 5, 2025, and actively used to impersonate an accountant from the Complainant’s subsidiary to fraudulently modify supplier bank details. Panelist Michael D. Cover ordered the transfer of the domain on January 19, 2026, finding clear bad faith registration and use.

Case Snapshot

Case Number D2025-5042
Complainant VINCI CONSTRUCTION
Respondent Brent Fitzmorris
Disputed Domain
eurovra.com
Threat Tactic Phishing and Email Fraud
Decision Date 2026-01-19
Panelist Michael D. Cover
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5042

Financial and Reputational Threats of Typo-Targeted Supply Chain Fraud

The registration of the typosquatted domain eurovra.com highlights a sophisticated tactical vulnerability for corporate brands, where minor character substitutions are used to orchestrate Business Email Compromise (BEC). By replacing the letter ‘i’ in the Complainant’s long-established EUROVIA mark with the letter ‘r’, the actor created a deceptive lookalike domain designed to bypass casual visual inspection. This domain was subsequently used by a third party posing as an accountant for LRBS, a subsidiary of VINCI CONSTRUCTION, in an attempt to trick the Complainant’s suppliers into changing bank routing details. While the record does not establish that any supplier fell victim to the scam or transferred funds, the calculated alignment of typosquatting with active phishing demonstrates how bad actors exploit corporate structural complexity for illicit commercial gain.

This type of impersonation threat imposes severe administrative and reputational costs on corporate enterprises. When fraudulent emails originate from highly confusing domains like eurovra.com, they directly threaten the integrity of a company’s supply chain communications. Enterprises must expend significant internal security resources to investigate the breach, notify affected vendors, and deploy defensive counter-measures. This not only causes severe operational disruption but also erodes the trust that external partners and suppliers place in the security of the company’s automated billing and procurement channels, creating long-term friction in vendor relations.

From a brand protection standpoint, the incident underscores the necessity of proactive domain enforcement to disrupt cybercriminal infrastructure before financial losses materialize. Because the disputed domain was registered using a privacy proxy service through Wild West Domains, LLC, identifying the true orchestrator of the scheme presents an ongoing challenge. Administrative enforcement through the WIPO UDRP process allows trademark owners to rapidly reclaim control of deceptive assets. Securing an order of transfer for eurovra.com represents a critical mitigation step, neutralizing the operational threat vector and preventing the domain from being used for further deceptive email campaigns.

Strategic Alignment of Trademark Rights and Active Threat Evidence

The Complainant’s strategy succeeded because it coupled undisputed evidence of its long-standing trademark rights in the EUROVIA mark, which date back to its registration on May 13, 1988, with immediate, concrete proof of active cyber fraud. Rather than relying solely on the visual confusing similarity of the typosquatted domain eurovra.com, which substituted the letter ‘i’ with ‘r’, the Complainant presented evidence of an active phishing campaign. Specifically, the Complainant demonstrated that a third party used an email address ending in @eurovra.com to impersonate the accountant of LRBS, a subsidiary of the Complainant, in order to target suppliers and fraudulently alter bank details. This direct link between the typosquatted registration and active corporate impersonation left no doubt regarding bad faith registration and use.

Administratively, the Complainant maintained momentum by swiftly filing an amended complaint on December 8, 2025, just days after the initial filing, following the registrar’s disclosure of the true registrant, Brent Fitzmorris. This proactive handling of privacy-shielded registrations is a critical tactic for brand protection teams seeking to block active business email compromise campaigns before they cause actual financial diversion. Although there was no evidence confirming whether the registered respondent directly drafted the emails or if a separate third party was responsible, demonstrating that the domain was actively used to solicit fraudulent payment transfers was legally sufficient for Panelist Michael D. Cover to find a lack of rights or legitimate interests and order the transfer of the domain.

Practical Recommendations

  • Implement proactive domain monitoring configured to flag look-alike character substitutions (such as replacing ‘i’ with ‘r’ to target ‘eurovia.com’) to detect typosquatting registrations before they are deployed for fraud.
  • Formulate a rapid-response protocol to capture and secure raw email headers, communication logs, and fraudulent invoices immediately when a subsidiary or supplier reports suspicious communication from a look-alike domain.
  • Establish mandatory, out-of-band verification procedures with external supply chain partners for any requests involving the modification of banking details, protecting the network during active business email compromise (BEC) campaigns.
  • Utilize swift UDRP filings as an administrative enforcement tool immediately upon discovering active MX record utilization on a confusingly similar domain, securing the rapid transfer of the asset to permanently neutralize the phishing threat.

Frequently Asked Questions (FAQ)

Why was the domain eurovra.com considered confusingly similar to VINCI CONSTRUCTION’s trademarks?

The WIPO panel determined that eurovra.com constitutes a classic case of typosquatting. By replacing the letter ‘i’ with ‘r’ in the official EUROVIA trademark, the registrant created a deceptive similarity intended to capitalize on the confusion of users and suppliers familiar with the complainant’s brand.

How did the complainant prove that the respondent lacked rights or legitimate interests in the disputed domain?

The panel found that the respondent, Brent Fitzmorris, had no authorization, license, or business relationship with VINCI CONSTRUCTION. As there was no evidence of legitimate use of the ‘eurovra’ designation, the panel concluded the respondent held no rights to the domain.

What evidence established that the domain was registered and used in bad faith?

Bad faith was proven by the active use of the domain to facilitate email fraud. The registrant utilized an email address ending in @eurovra.com to impersonate an accountant from an LRBS subsidiary, attempting to deceive the complainant’s suppliers into redirecting payments to fraudulent bank accounts.

What is the primary business takeaway regarding the tactic used in this UDRP case?

The case highlights that typosquatted domains are often directly weaponized for Business Email Compromise (BEC) and invoice diversion schemes. Prompt administrative intervention through the UDRP process is a critical tactical response to mitigate financial risks and restore communication integrity with supply chain partners.

Are your suppliers targeted by invoice fraud?

This case demonstrates how typosquatted domains facilitate sophisticated business email compromise (BEC). Protect your supply chain and prevent financial diversion by identifying and neutralizing infringing domain assets before they are used to impersonate your team.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.