5 May, 2026

Protecting Job Seekers: WIPO Transfers ziprecuiter.store to ZipRecruiter

UDRP Cases

ZipRecruiter, Inc. successfully recovered ziprecuiter.store, a typosquatted domain targeting its global recruitment platform. The domain utilized active MX records and industry-related PPC links, posing a direct threat to the trust of 157 million job seekers. The WIPO panel ordered a full transfer, finding the registration was made in bad faith to exploit the Complainant’s trademark.

Case Snapshot

Case Number D2025-4910
Complainant ZipRecruiter, Inc.
Respondent Mehedi Hasan, Gap TEE
Disputed Domain
ziprecuiter.store
Threat Tactic Typo Domains
Decision Date 2026-01-13
Panelist Harini Narayanswamy
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4910

Escalated Phishing and Data Privacy Risks in the Recruitment Sector

The registration of ziprecuiter.store—a clear instance of typosquatting through the omission of the letter ‘r’—directly targets a user base of approximately 157 million global job seekers and 4.3 million employers. By resolving to a parked page featuring pay-per-click (PPC) links specifically related to recruitment services, the Respondent capitalized on common user input errors to divert traffic for commercial gain. This tactic exploits the goodwill associated with the ZIPRECRUITER mark, misleading job seekers who expect a secure professional environment and instead encounter third-party advertisements. The failure of the Respondent to respond to two cease-and-desist notices sent in October 2025 further highlights the persistent nature of this commercial exploitation and the necessity of formal UDRP intervention.

Beyond traffic diversion, the technical configuration of the disputed domain introduces severe security risks through active mail exchanger (MX) records. For a company managing over 40 million job alert email subscribers, a typosquatted domain with email capabilities represents a high-probability vector for sophisticated phishing or fraudulent job offers. Such infrastructure allows unauthorized parties to mimic official correspondence to harvest sensitive personal data, resumes, and contact information from unsuspecting candidates. While the source evidence does not prove that specific phishing campaigns were initiated, the technical readiness of the domain to send and receive email remains a substantial threat to the integrity of the Complainant’s primary communication channels and user safety.

The broader business implication of this typosquatting involves brand dilution and the potential for long-term erosion of customer trust. In the recruitment industry, where the secure exchange of personal identifiable information is a core business requirement, any encounter with a misleading or fraudulent platform can damage a brand’s reputation for security. Misdirected users who inadvertently share data with unauthorized parties expose themselves to identity theft risks, which in turn creates a liability and support burden for the legitimate brand owner. This case demonstrates how the combination of typosquatted registration, PPC monetization, and active MX records creates a multi-layered risk profile that threatens both commercial revenue and consumer confidence.

Strategic Evidence: Typosquatting and Technical Indicators of Bad Faith

ZipRecruiter’s successful recovery of the disputed domain relied on demonstrating how the omission of a single letter—the ‘r’ in the ZIPRECRUITER mark—constituted a deliberate attempt to capture misdirected traffic. The strategy was reinforced by evidence that the Respondent resolved the domain to a parked page featuring pay-per-click (PPC) links specifically related to recruitment services. This technical use proved that the Respondent was leveraging the Complainant’s established reputation, which serves 157 million job seekers globally, to generate commercial gain through consumer confusion and traffic diversion.

The inclusion of technical data regarding active mail exchanger (MX) records provided a persuasive argument for the domain’s potential for fraud. Given that ZipRecruiter maintains over 40 million job alert email subscribers, the existence of active MX records on a typosquatted domain presented a quantifiable risk of phishing or deceptive communications. Furthermore, the Complainant’s documentation of two unanswered cease-and-desist notices sent in October 2025 supported the panel’s finding of bad faith. This lack of response, combined with the absence of any rights or legitimate interests, solidified the case for a full transfer under the UDRP.

Practical Recommendations

  • Prioritize enforcement actions against typosquatted domains that possess active Mail Exchanger (MX) records, as these indicate an immediate risk of phishing campaigns or fraudulent job offers targeting your user base.
  • Document and present specific evidence of pay-per-click (PPC) links on parked pages that resolve to competitors’ services to demonstrate that the respondent is trading on your brand’s goodwill for commercial gain.
  • Brief customer support and social media teams on specific typo variations, such as character omissions like ‘ziprecuiter,’ to help them identify and mitigate reports of ‘ghost’ job listings or resume harvesting early.
  • Integrate DNS monitoring for common gTLDs like .store or .online into your brand protection strategy, as these are frequently used for low-cost, high-impact impersonation of established service platforms.
  • Utilize a lack of response to formal cease-and-desist notices as supplementary evidence in UDRP filings to help establish the respondent’s lack of rights or legitimate interests in the disputed domain.

Frequently Asked Questions (FAQ)

How did the respondent attempt to deceive job seekers using the ziprecuiter.store domain?

The respondent engaged in typosquatting by omitting a single ‘r’ from the ZIPRECRUITER mark. By utilizing a parked page with pay-per-click (PPC) links related to recruitment services, the respondent attempted to divert traffic and capitalize on the goodwill of the ZipRecruiter brand.

Why did the presence of active MX records raise significant business concerns?

Active mail exchanger (MX) records allow for the configuration of email services. In the context of a typosquatted domain, this poses a high risk of sophisticated phishing or fraudulent job offers, potentially deceiving job seekers into sharing sensitive personal data or resumes with unauthorized parties.

On what grounds did the WIPO panel rule in favor of the transfer?

The panel found that the domain was confusingly similar to the Complainant’s trademark, the Respondent lacked any legitimate rights or interests, and the domain was registered and used in bad faith. The Respondent’s failure to respond to multiple cease-and-desist notices further supported the finding of bad faith.

Is a look-alike domain threatening your users?

Typo-domains often host active MX records designed to intercept your corporate communications and deceive your customers. Learn how to secure your brand against deceptive registration patterns and proactively recover high-risk assets.

Start domain recovery

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.