WIPO ordered the transfer of vinci–constructlon.com from respondent Jeffery Nsily to Vinci Construction. The panel concluded the domain was a clear instance of typosquatting, aggravated by active email server configurations that facilitated potential phishing activities.
Case Snapshot
| Case Number | D2025-5021 |
|---|---|
| Complainant | VinciVinci Construction |
| Respondent | Jeffery Nsily |
| Disputed Domain | vinci–constructlon.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-01-27 |
| Panelist | Marilena Comanescu |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5021 |
Strategic Risks of Infrastructure-Ready Typosquatting
The registration of vinci–constructlon.com presents a specific operational threat due to the activation of Mail Exchange (MX) records. By configuring email servers for a domain that utilizes a subtle character substitution—replacing the lowercase ‘i’ with an ‘l’—the Respondent established the technical infrastructure necessary to execute Business Email Compromise (BEC) and phishing campaigns. For a global entity like Vinci Construction, which manages approximately 280,000 employees and maintains operations across more than 100 countries, such a look-alike domain is highly effective for impersonating corporate communications. The presence of active mail servers indicates that the domain was not merely being held passively but was equipped to facilitate deceptive outreach to vendors, clients, or internal staff who might overlook the minor typographical variation.
The scale of the Complainant’s commercial operations, evidenced by a 2023 turnover of EUR 71.6 billion, elevates the financial stakes associated with this typosquatted asset. When a third party utilizes privacy services to mask their identity while registering a domain that mirrors a well-known multi-billion-euro brand, the risk to customer trust is substantial. Even without documented evidence of specific sent communications, the UDRP panel inferred bad faith based on the high likelihood of the domain being used for fraudulent purposes. For IP professionals, this case highlights how the combination of brand fame and technical readiness for use via MX records serves as a critical indicator of an imminent threat to corporate security and brand integrity.
From a brand protection perspective, this dispute reveals the persistent vulnerability created by character substitution in complex domain strings. Despite holding trademarks for VINCI CONSTRUCTION since 2004, the Complainant faced a risk profile where a single-character typo could be leveraged to bypass standard visual filters. The use of a double hyphen and the ‘i’ to ‘l’ swap is a specific social engineering tactic designed to exploit the visual similarity identified by the panel. This case underscores the necessity for large-scale enterprises to conduct proactive audits of high-risk typographical variations, as the window between registration and potential exploitation can be narrow, necessitating rapid enforcement through the UDRP to mitigate systemic fraud risks.
Legal Reasoning: Typosquatting and Email Readiness
The Panel determined that the disputed domain name vinci–constructlon.com is confusingly similar to the VINCI CONSTRUCTION trademark, identifying it as a clear instance of typosquatting. Specifically, the Respondent utilized character substitution by replacing the letter ‘i’ in ‘construction’ with the letter ‘l’. The Panelist observed that these characters are visually highly similar, particularly when rendered in lowercase, which significantly increases the likelihood of consumer confusion. Since the Complainant established ownership of trademark registrations in the European Union and France dating back to 2004 and 2005, the first element of the UDRP was satisfied based on the clear recognizability of the mark within the domain structure.
Regarding rights or legitimate interests, the Respondent failed to provide any evidence of a bona fide offering of goods or services or any legitimate noncommercial or fair use. The Complainant’s extensive global footprint, spanning over 100 countries and generating EUR 71.6 billion in 2023 turnover, created a strong prima facie case that the Respondent could not have independently chosen the name for a legitimate purpose. The Panel noted that the Respondent was not commonly known by the disputed name and held no authorization from the Complainant to utilize its intellectual property. Furthermore, the Respondent’s failure to reply to the Complainant’s contentions led the Panel to conclude that no such rights existed.
The finding of bad faith was anchored in the worldwide reputation of the VINCI mark and the specific technical configuration of the domain. The Panelist concluded that the registration of a domain containing such a well-known trademark by an unrelated party constitutes bad faith per se, given the mark’s use for over two decades. Critically for IP professionals, the Panel inferred bad faith use from the configuration of MX records. This technical setup enabled the domain to send and receive emails, which the Panel found could facilitate phishing or spamming activities targeting the firm’s 280,000 employees. Even without evidence of specific fraudulent messages, the readiness of the domain for email fraud, combined with the deceptive typosquatting, was sufficient to establish bad faith.
Leveraging Global Trademark Fame and Technical Evidence of Phishing Readiness
The Complainant’s strategy succeeded by emphasizing the visual mimicry inherent in the character substitution of ‘l’ for ‘i’ within the word ‘construction’. By presenting evidence of the VINCI CONSTRUCTION trademark’s extensive global use—spanning nearly 40 years as a company name and 20 years as a registered mark—the firm established that the disputed domain was a clear instance of typosquatting. The Panel found this visual similarity particularly persuasive, noting that the lowercase ‘l’ and ‘i’ are nearly indistinguishable in many digital contexts. This established a strong foundation for confusing similarity, leaving the Respondent with no credible defense for the unauthorized registration of a domain so closely mirroring a distinctive corporate identity that generates EUR 71.6 billion in annual turnover.
Beyond visual similarity, the Complainant leveraged technical evidence of active MX records to demonstrate bad faith use. The configuration of email servers indicated that the domain was not merely being held passively but was prepared for fraudulent communications, such as phishing or Business Email Compromise (BEC). This technical readiness posed a direct threat to the Complainant’s 280,000 employees and its operations across more than 120 countries. By combining the global fame of the VINCI mark with evidence of the Respondent’s use of a privacy service and deceptive web elements—such as an inactive live chat feature—the Complainant successfully argued that the domain was registered with the intent to exploit the brand’s reputation for illicit purposes.
Practical Recommendations
- Implement automated domain monitoring that specifically targets ‘homoglyph’ and character substitutions (such as replacing ‘i’ with ‘l’) along with double-hyphen variations to detect typosquatting targeting core brand assets.
- Include MX record (mail server) verification in domain risk assessments; prioritize legal enforcement or UDRP filings for domains with active mail servers, as these indicate an imminent threat of phishing or Business Email Compromise (BEC).
- Conduct a defensive registration audit of core trademarks (e.g., ‘VINCI CONSTRUCTION’) to secure high-probability typo variations and hyphenated combinations in the .com gTLD, reducing the attack surface for global brands.
- Preserve evidence of a domain’s technical infrastructure—including DNS settings and privacy service usage—at the point of discovery to establish ‘bad faith’ registration and use, even if the domain does not yet host a public website.
- Establish a rapid-response communication loop between the IP legal team and the IT security department to blacklist look-alike domains in corporate email filters immediately upon detection, preventing fraudulent communications from reaching employees.
Frequently Asked Questions (FAQ)
Why was the domain vinci–constructlon.com considered confusingly similar to the Vinci Construction trademark?
The panel determined that the domain used a classic typosquatting tactic by replacing the letter ‘i’ with the letter ‘l’ in the word ‘construction’. Given the visual similarity between these characters in lowercase, the domain was found to be highly deceptive and confusingly similar to the Complainant’s registered VINCI CONSTRUCTION mark.
What evidence established that the Respondent lacked legitimate rights to the disputed domain?
The Respondent failed to provide any evidence of rights or legitimate interests in the domain name. Furthermore, the Complainant demonstrated extensive, long-term global use of the VINCI CONSTRUCTION trademark, confirming their exclusive rights and undermining any potential claim of fair or non-commercial use by the Respondent.
How did the panel conclude that the domain was registered and used in bad faith?
Bad faith was established because the VINCI mark is well-known across more than 100 countries. Crucially, the panel found bad faith in the domain’s ‘use’ because the Respondent configured active email (MX) records, which created a clear pathway for potential phishing, spamming, or Business Email Compromise (BEC) attacks against the Complainant’s partners and employees.
What is the primary business takeaway regarding the Respondent’s tactics?
The case highlights a high risk of corporate impersonation through email fraud. By using a privacy service to mask their identity and setting up mail servers on a look-alike domain, the Respondent demonstrated an intent to facilitate phishing. The outcome serves as a reminder for firms to monitor for typosquatted variants and proactively audit their defensive domain registrations.
Proactively identify and recover look-alike domains
Don’t wait for a domain to facilitate a breach. Our proactive monitoring identifies typosquatted assets and suspicious MX configurations before they are weaponized against your employees or brand.
This case note is for informational purposes only and is not legal advice.



