5 May, 2026

Substituted Characters and Defensive Gaps: The vinci–constructlon.com Domain Dispute

UDRP Cases

WIPO ordered the transfer of vinci–constructlon.com from respondent Jeffery Nsily to Vinci Construction. The panel concluded the domain was a clear instance of typosquatting, aggravated by active email server configurations that facilitated potential phishing activities.

Case Snapshot

Case Number D2025-5021
Complainant VinciVinci Construction
Respondent Jeffery Nsily
Disputed Domain
vinci–constructlon.com
Threat Tactic Typo Domains
Decision Date 2026-01-27
Panelist Marilena Comanescu
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5021

Strategic Risks of Infrastructure-Ready Typosquatting

The registration of vinci–constructlon.com presents a specific operational threat due to the activation of Mail Exchange (MX) records. By configuring email servers for a domain that utilizes a subtle character substitution—replacing the lowercase ‘i’ with an ‘l’—the Respondent established the technical infrastructure necessary to execute Business Email Compromise (BEC) and phishing campaigns. For a global entity like Vinci Construction, which manages approximately 280,000 employees and maintains operations across more than 100 countries, such a look-alike domain is highly effective for impersonating corporate communications. The presence of active mail servers indicates that the domain was not merely being held passively but was equipped to facilitate deceptive outreach to vendors, clients, or internal staff who might overlook the minor typographical variation.

The scale of the Complainant’s commercial operations, evidenced by a 2023 turnover of EUR 71.6 billion, elevates the financial stakes associated with this typosquatted asset. When a third party utilizes privacy services to mask their identity while registering a domain that mirrors a well-known multi-billion-euro brand, the risk to customer trust is substantial. Even without documented evidence of specific sent communications, the UDRP panel inferred bad faith based on the high likelihood of the domain being used for fraudulent purposes. For IP professionals, this case highlights how the combination of brand fame and technical readiness for use via MX records serves as a critical indicator of an imminent threat to corporate security and brand integrity.

From a brand protection perspective, this dispute reveals the persistent vulnerability created by character substitution in complex domain strings. Despite holding trademarks for VINCI CONSTRUCTION since 2004, the Complainant faced a risk profile where a single-character typo could be leveraged to bypass standard visual filters. The use of a double hyphen and the ‘i’ to ‘l’ swap is a specific social engineering tactic designed to exploit the visual similarity identified by the panel. This case underscores the necessity for large-scale enterprises to conduct proactive audits of high-risk typographical variations, as the window between registration and potential exploitation can be narrow, necessitating rapid enforcement through the UDRP to mitigate systemic fraud risks.

Leveraging Global Trademark Fame and Technical Evidence of Phishing Readiness

The Complainant’s strategy succeeded by emphasizing the visual mimicry inherent in the character substitution of ‘l’ for ‘i’ within the word ‘construction’. By presenting evidence of the VINCI CONSTRUCTION trademark’s extensive global use—spanning nearly 40 years as a company name and 20 years as a registered mark—the firm established that the disputed domain was a clear instance of typosquatting. The Panel found this visual similarity particularly persuasive, noting that the lowercase ‘l’ and ‘i’ are nearly indistinguishable in many digital contexts. This established a strong foundation for confusing similarity, leaving the Respondent with no credible defense for the unauthorized registration of a domain so closely mirroring a distinctive corporate identity that generates EUR 71.6 billion in annual turnover.

Beyond visual similarity, the Complainant leveraged technical evidence of active MX records to demonstrate bad faith use. The configuration of email servers indicated that the domain was not merely being held passively but was prepared for fraudulent communications, such as phishing or Business Email Compromise (BEC). This technical readiness posed a direct threat to the Complainant’s 280,000 employees and its operations across more than 120 countries. By combining the global fame of the VINCI mark with evidence of the Respondent’s use of a privacy service and deceptive web elements—such as an inactive live chat feature—the Complainant successfully argued that the domain was registered with the intent to exploit the brand’s reputation for illicit purposes.

Practical Recommendations

  • Implement automated domain monitoring that specifically targets ‘homoglyph’ and character substitutions (such as replacing ‘i’ with ‘l’) along with double-hyphen variations to detect typosquatting targeting core brand assets.
  • Include MX record (mail server) verification in domain risk assessments; prioritize legal enforcement or UDRP filings for domains with active mail servers, as these indicate an imminent threat of phishing or Business Email Compromise (BEC).
  • Conduct a defensive registration audit of core trademarks (e.g., ‘VINCI CONSTRUCTION’) to secure high-probability typo variations and hyphenated combinations in the .com gTLD, reducing the attack surface for global brands.
  • Preserve evidence of a domain’s technical infrastructure—including DNS settings and privacy service usage—at the point of discovery to establish ‘bad faith’ registration and use, even if the domain does not yet host a public website.
  • Establish a rapid-response communication loop between the IP legal team and the IT security department to blacklist look-alike domains in corporate email filters immediately upon detection, preventing fraudulent communications from reaching employees.

Frequently Asked Questions (FAQ)

Why was the domain vinci–constructlon.com considered confusingly similar to the Vinci Construction trademark?

The panel determined that the domain used a classic typosquatting tactic by replacing the letter ‘i’ with the letter ‘l’ in the word ‘construction’. Given the visual similarity between these characters in lowercase, the domain was found to be highly deceptive and confusingly similar to the Complainant’s registered VINCI CONSTRUCTION mark.

What evidence established that the Respondent lacked legitimate rights to the disputed domain?

The Respondent failed to provide any evidence of rights or legitimate interests in the domain name. Furthermore, the Complainant demonstrated extensive, long-term global use of the VINCI CONSTRUCTION trademark, confirming their exclusive rights and undermining any potential claim of fair or non-commercial use by the Respondent.

How did the panel conclude that the domain was registered and used in bad faith?

Bad faith was established because the VINCI mark is well-known across more than 100 countries. Crucially, the panel found bad faith in the domain’s ‘use’ because the Respondent configured active email (MX) records, which created a clear pathway for potential phishing, spamming, or Business Email Compromise (BEC) attacks against the Complainant’s partners and employees.

What is the primary business takeaway regarding the Respondent’s tactics?

The case highlights a high risk of corporate impersonation through email fraud. By using a privacy service to mask their identity and setting up mail servers on a look-alike domain, the Respondent demonstrated an intent to facilitate phishing. The outcome serves as a reminder for firms to monitor for typosquatted variants and proactively audit their defensive domain registrations.

Proactively identify and recover look-alike domains

Don’t wait for a domain to facilitate a breach. Our proactive monitoring identifies typosquatted assets and suspicious MX configurations before they are weaponized against your employees or brand.

Start domain recovery

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.