India: Brand-Jacking

Last Updated: 18 May 2016
Article by Martand Nemana

Most Read Contributor in India, September 2016


As the "Age of Social Media" grows exponentially, so does the variety and complexity of threats facing corporations. One of the newest and most damaging threats is that of "Brandjacking," essentially the hijacking of brand's online presence, typically on a social network. Coined by combination of two words "brand" & "jacking" – "Brandjacking" usually refers to an activity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person's or business's brand equity. The people involved in carrying out these kinds of activities are known as "brand assassins", who blatantly infiltrate upon the hard-earned and well established intellectual property of the brand / product over a prolonged period of time. Though the involved intermediaries have limited roles to play, serving just as a platform of utilization & hosting of the process for facilitation; there exists a huge legal divide which hinders their capacities.

Intellectual property (IP) rights are the legally recognized exclusive rights to creations of the mind. The owners are granted certain exclusive rights to a variety of intangible assets, such as musical, literary, and artistic works; discoveries and inventions; and words, phrases, symbols, and designs. Common types of intellectual property rights include copyright, trademarks, patents, industrial design rights, trade dress, and in some jurisdictions trade secrets. Misuse of social media related IP rights are on the rise; Brandjacking and its occurrences are growing more sophisticated and better funded. Social media marketing has made the company the target though in different forms but the recoil of the instances has been wide spread.


1. TAKEOVER: A complete and neat takeover of a social account is generally accomplished via hacking, phishing or other method. This results in an enormous & immediate damage since the message is coming from the actual social account of the brand and is being broadcast out to its followers.

2. MALICIOUS IMPERSONATION: A complete set up of a new account, impersonating the brand is carried out, typically slower to develop given the need to generate followers, but the damage can spread quickly as the impersonating messages are rebroadcast across the open social universe.

Firstly, the common average consumer always tries to identify the product based upon the distinct & unique features of identification which makes the product stand alone, distinct and be different from all other rivals in the market. To sustain the competition, the product always has to be consistent & has to safeguard the standards of quality, which make it distinct and well-known. Trying to bank upon the good will of a highly reputed and established by a well known product, not only helps to the gain quicker and faster access to the public viewpoint but also serves a head start on a platter which is completely against the said law.

Secondly, cybersquatting is the practice of registering an Internet domain name that is likely to be wanted by another person, business, or organization in the hope that it can be sold to them for a profit. It involves the registration of trademarks and trade names as domain names by third parties, who do not possess rights in such names. Cybersquatters (or bad-faith imposters) register trade-marks, trade names, business names and so on, belonging to third parties with the common motive of trading on the reputation and goodwill of such third parties by either confusing customers or potential customers, and at times, to even sell the domain name to the rightful owner at a profit.

Thirdly, "Phishing," as it is commonly known, typically involves a person (the "phisher") who sends bulk e-mails seeking to persuade the recipients to visit a fraudulent website that solicits personal, confidential, and financial information.

Because the aforesaid attacks rely on deception, an educated consumer is less likely to fall victim. It therefore is prudent for companies to routinely send their customers warnings about the perils of phishing and other online scams and also remind their customers that most of the legitimate businesses do not solicit confidential and personal information via unsolicited e-mails. Customers should be invited to report suspicious e-mails, websites, and similar activities as they're harmful because, on a personal level, a defrauded consumer may lose trust in the company whose brand was used in the phishing scam. On a larger scale, phishing tarnishes all online communications and diminishes the overall confidence consumers have in e-commerce transactions.


Brandjacking on Facebook usually happens through a fake profile commenting on the real brand's page answering customer questions tricking users into believing that it is the actual page responding. Anyone on Facebook can set up a page with almost any type of name and if a page or a profile is created by using a brand's trademark protected material in the profile picture and/or having a similar page name it may be hard to identify that it is not the real brand. On Twitter, a fake account may tweet on behalf of a brand and use hashtags related to the brand. Further, viral hashtags can be initiated by brand assassins that are then misinterpreted by the general public as being generated by the organization under fire. As social media feeds move fast and people rarely have time to look into things in more detail, consumers may have a hard time differentiating between real and fake accounts and may perceive messages from a fake account to be official.

One of the most intriguing recent right-of-publicity cases, Fraley v. Facebook, Inc.,1 is a class action lawsuit against Facebook over its "Sponsored Stories" advertising services (now settled). This lawsuit arose after certain Facebook users found out that their names and user profile photographs were arranged by Facebook in the perimeter of newsfeeds viewed by their friends based on their "likes" of various branded products. Facebook's own admissions that such advertising has approximately doubled the value of an advertisement without an accompanying "testimonial" allowed the case to survive a motion to dismiss. Given that the plaintiffs were able to show a "direct, linear relationship between the value of their endorsements of third-party products, companies, and brands to their Facebook friends, and the alleged commercial profit gained by Facebook," the plaintiffs were allowed to continue their right-of-publicity case.

Identifying when the brand is being impersonated on social networks includes the activities outlined above in the context of phishing. Furthermore, a company can use search engines that can mine social networking sites to report upon all references to the company's name, products, executive names or other elements of the brand. Free social media search tools in this category include: SocialMention, Google Alerts, Twitter Search, Twazzup, CrowdEye, etc. Commercial tools include the various marketing campaign tracking tools, such as PostRank, and specialized products such as Social Sentry can help identify the problem at hand and help tracking down its source.

Once the company identifies the occurrence of brand impersonation, it can contact the corresponding social networking company, requesting that the account be shut down and, perhaps, transferred to the legitimate brand. The brand needs to clearly state why it believes the user of the social network who is impersonating the brand is violating that site's terms of services or, perhaps, breaking the law. The request needs to include sufficient evidence to establish that the request comes from the legitimate brand and showing proof (e.g., screen shots) that the specified account impersonated the brand.

The trademark registration of any aspect of a celebrity's personality is indicative of the fact that the celebrity is open to the authorized assignment or licensing of his or her personality for merchandising purposes in the class of goods and services for which registration has been sought. Secondly, the celebrity obtains a means of defending those aspects of their personality against unauthorized use. Unlike action under the tort of passing off or the Trade Practices Act, 1974, trademark registration is unique in providing a prospective form of protection for celebrity personality Social media has made Brandjacking easier than ever. Massive social campaigns have overridden the determined and strategic individuals or groups to convey the complete opposite message that was intended by the organization launching the campaign.

In India, celebrities and commercial partners can obtain some protection from trademark law but such protection may be limited in scope. Section 2(1) of the Indian Trade Marks Act, 2000, allows registration of any "sign capable of distinguishing goods and services of one person from another, any word (including personal names), design, numeral and shape of goods or their packaging as trademark. Courts in India have accorded protection to film titles, characters and names under the trademark law. The first case that was dealt with character merchandizing in India was Star India Private Limited v Leo Burnet India (Pvt.) Ltd2, but jurisprudence is still emerging and character merchandising is an area yet to develop in India.

Globally, the concept of publicity rights has been evolving gradually in different jurisdictions. There are a number of international conventions or treaties relevant to the protection of performer's right. The International Convention for the Protection of Performer, Producers of Phonograms and Broadcasting Organization, 1961 (Rome Convention), TRIPS and the WIPO Performances and Phonograms Treaty, 1996 (WPPT), are some of the landmark conventions in this regard.


Though the guiding principles3 for intermediary liability policy in India are derived from the European Union E-Commerce Directive (2000/31/EC) 4 , such principles have been incompletely5 , yet along with their loopholes6, incorporated into the Rules without adapting them to the requirements of India in the current context. Under the Rules, limitation of intermediary liability has been made contingent to a privately administered takedown mechanism7 presumably in order to provide a faster alternative to the redressal mechanisms offered by the judiciary and the executive.

Once the knowledge requirement8 is satisfied, the takedown mechanism requires intermediaries to deliberate on the legality of the allegedly unlawful expressions and accordingly disable/remove such expressions in order to claim exemption from liability. As a result, intermediaries have donned the hat of a censor and other stakeholders such as the consumers and creators of information are expected to actively police the Internet and takedown notices to the intermediaries to ensure that free expression on the Internet does not encroach on its opposing rights and duties.

The first case that came up before the Indian Courts was Yahoo! Inc. v. Akash Arora and Anothers9, in which an attempt was made to use the domain name <> for Internet related services as against domain name i.e. for Internet related services as against domain name i.e. <>. The Court observed that usually the degree of the similarity of the marks is vitally important and significant in an action for passing off for in such a case there is every possibility and likelihood of confusion and deception being caused. When both the domain names are considered, it is crystal clear that the two names being almost identical or similar in nature, there is every possibility of an Internet user being confused and deceived in believing that both the domain names belong to one common source and connection, although the two belongs to two different concerns.

The Yahoo! Case10 (supra) was India's first domain name case where the defendant argued that there was a need of a legislative amendment to protect domain names or trademarks on the internet. The Indian courts disagreed and granted this protection despite the absence of specific legislation on the principles of infringing marks and passing off on the internet.

Thereafter, the courts recognized the torts of Meta tagging, hyper linking, framing, spamming and phishing in a large number of cases forming a mosaic of decisions to protect trademarks on the internet. Intermediaries are widely recognized as essential components in the process of exercising the right to freedom of expression on the Internet11 Most major jurisdictions around the world have introduced legislations for limiting intermediary liability in order to ensure that this wheel does not stop spinning. With the 2008 amendment of the Information Technology Act 2000, India joined the bandwagon and established a 'notice and takedown' regime for limiting intermediary liability. Most major jurisdictions around the world have introduced legislations for limiting intermediary liability in order to ensure that this wheel does not stop spinning.

If the liability of an intermediary is not limited then an intermediary would be required to pre-screen all content which would render its services impractical or technically infeasiblity. United States offers a vertical framework to limit intermediary liability. Separate liability regimes exist for:

i. copyright claims under Section 512 of the Digital Millennium Copyright Act;

ii. trademark claims under Section 32(2) of the Lanham Act; and

iii. non-intellectual property rights claims under Section 230 of the Communications Decency Act. The European Union E-Commerce Directive (2000/31/EC), in its minimum requirements, mandates a horizontal framework i.e. a single intermediary liability regime dealing with all types of claims.

Trademark, its use and protection are also given consideration and importance before taking into account the other relative angles which are deemed to have been used. Intermediary is usually a mere platform and all the necessary actions have to be taken once they're intimated of any illegal or potentially unlawful activity to ensure safety and protection of the said mark in question.


While eliminating brandjacking completely, either via takeover or impersonation, it is nearly impossible, given the sheer volume of social media, having the ability to immediately detect and respond to the threat can save brands major damage and embarrassment. Goodwill of a product is the soul by which the people judge the good and establish their faith and relation along with the product. It always has been of paramount interest of any company not only to protect its interest but also to grow exponentially and this is possible only with a sound and accurate legal and protected mindset which cares for the interest of the parties involved.

This sort of detection requires sophisticated streaming big data processing and complex concept modeling to identify the brandjacking attempts within the billions of daily discussions across the open social universe. This is a major reason why an increasing number of leading brands are engaging "social intelligence services" for advanced social intelligence, threat detection and risk tracking. These command centers serve as the social eyes and ears for the brand identifying threats in real time and immediately escalating those threats to risk stewards of the enterprise, which can include Corporate Communications, Legal, Finance, Risk, Compliance or a variety or other areas.

The educated masses and specifically the younger generation which have been the main target and driving cause of companies to shift on to this digital format also need to be aware and cautious of the decisions and acts done and they could fall prey to acts which are not legal per se. Brand jacking, as one such hindrance has not only projected threats to many of the leading companies both off and on the market, but also has been a whistle blower to what could be seen as incremental rate of trademark awareness and protection. Stringent laws yet are needed to be developed to cope up with such problems at hand but awareness could serve a long way in shortening the period of risk.


1. 830 F. Supp. 2d 785 (N.D. Cal. 2011)

2. 2003 (2) B C R 655

3. "This section is revised in lines with the EU Directives on E-Commerce 2000/31/EC issued on June 8th 2000". Refer to Report of the Expert Committee (August 2005), Proposed Amendments to Information Technology Act 2000.

4. Article 12-15, Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce'), Official Journal L 178 , 17/07/2000 P. 0001 – 0016.

5. The Rules do not clearly distinguish between different classes of intermediaries; whereas the European Union E-Commerce Directive (2000/31/EC) prescribes class specific qualifications and due diligence requirements (for mere conduits, system caching and hosting).

6. Both, the Rules and the European Union E-Commerce Directive (2000/31/EC), are silent about a counter notice and put-back procedure.

7. Rule 3 (4). "The intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2)."

8. Section 79(3)(b) creates a knowledge requirement standard of "receiving actual knowledge" for administering the takedowns. However, Rule 3(4) prescribes an alternate standard of "obtaining knowledge by itself"; or "brought to actual knowledge by an affected person".

9. 1999 II AD (Delhi)

10. 1999 II AD (Delhi)

11. Center for Democracy & Technology, Intermediary Liability: Protecting Internet Platforms for Expression and Innovation (2010).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.