Companies race to slap down surge of copycat websites

In the recent months, leading brands such as JioHotstar, Louis Vuitton, Warner Bros., Domino's and Tata Solar have moved the IPR division of Delhi High Court seeking action against rogue websites. Data from Anand and Anand, a Delhi-based IPR law firm, showed that the Delhi HC, regarded as India's top IPR court, saw as many as 58 such cases in 2024, an increase of 75% from the previous year. Since 2020, the HC has seen 201 cases involving rogue websites.

“The shift to e-commerce during the pandemic, when physical stores took a backseat, created fertile ground for infringers. As India's economy becomes more reliant on e-commerce, the problem continues to grow," noted Swati Sharma, a partner at Cyril Amarchand Mangaldas, who heads the law firm's IP team.

In cases involving rogue websites, the Delhi High Court typically grants immediate interim relief through so-called John Doe orders (also called Ashok Kumar orders)--which are issued against parties whose identity is unknown. 

These orders help brands and rights holders take action against anonymous entities engaging in copyright infringement, counterfeiting, or other illegal activities. These orders are usually ex-parte, granted for a limited time, and require renewal and active enforcement by the plaintiff.

Also read | Celebrities' legal fight for intellectual property: A double-edged sword

Infringers often target established companies given their reputation and consumer trust, Sharma of Cyril Amarchand Mangaldas added. “Established brands are low-hanging fruit for counterfeiters; thus, they mimic well-known companies because consumers are more likely to buy from a familiar name rather than an unknown brand," she said.

The aggrieved companies have found success in many cases. In the JioStar case, the court blocked IPTV Smarter Pro and several rogue websites from illegally streaming Star India’s content, and ordered service providers to restrict access and share violators' details. In the Domino’s case, it barred Dominick Pizza from using a domain name that imitated the original. 

In the Louis Vuitton case, the court imposed a ₹5 lakh penalty on www.haute24.com for unauthorized use of photographs and barred further misuse. The court also blocked fraudulent domains copying Tata Power Solar’s trademarks to deceive customers. In another case involving insurer Niva Bupa, the HC barred unknown entities from leaking Niva Bupa Health Insurance’s confidential customer data and ordered the removal of NivaBupaLeaks.com after a ransomware threat.

Also read | NCLT Hearing Hack: A Wake-Up Call to Bolster Courts' Cybersecurity

Rogue websites undermine IP rights and expose users to risks of data breaches, financial fraud and malware attacks, JioStar said in response to a query, calling it a "growing threat" to companies and consumers. 

“We take a multi-pronged approach, leveraging advanced monitoring tools, working closely with law enforcement and cybersecurity agencies, and securing court-backed dynamic injunctions to take down infringing platforms in real time," a company spokesperson said.

The other companies did not respond to emailed queries.

According to cybersecurity estimates of Digital Risk Monitoring platform CloudSEK, India's cybercrime-related losses may total ₹20,000 crore by 2025, with ₹9,000 crore of this pertaining to brand abuse and fake domains.

“These illicit platforms leverage advanced deception techniques, including malware deployment, phishing tactics, and brand impersonation to exploit unsuspecting users," said Vaishali R. Mittal, a litigation partner at Anand and Anand.

“One of the foremost concerns associated with rogue websites is their ability to compromise consumer data privacy. These platforms frequently employ sophisticated social engineering tactics, such as clickbait links and fake login portals, to lure users into unknowingly surrendering sensitive information," she added.

Read this | Indian firms tighten AI defences as cybercrime gets more sophisticated

Accessing such websites may pose major cyber security threats, compromising personal data and causing financial losses.

“Businesses must adopt robust brand protection measures, including proactive domain monitoring and strict vigilance against bad-faith trademark filings," added Ankit Sahni, partner at law firm Ajay Sahni & Associates. “At the same time, consumers should remain cautious—always checking website URLs and ensuring they are HTTPS-secured before sharing personal information."

Digital Safety

Companies are proactively seeking guidance from consultants on digital risk management and taking initiatives to prevent threats, said Akshat Jain, chief technology officer at cyber security firm Cyware.

"Companies employ professionals, third-party agents and technical models to keep a constant check on domains similar to theirs to avoid issues of rogue websites. When they are identified, the company's representatives immediately reach out to the domain holders to pull the rogue website down, a process that takes 3-5 days in most cases," Jain said. 

A domain holder is an individual or organization that registers and owns a specific domain name, securing the exclusive right to use that address for their website or email services. For instance, if a company registers 'example.in', it becomes the domain holder of that address.

“The matters are taken to court in cases of resistance from domain holders. There has been a surge in companies' efforts and reliance on third-party cybersecurity services led by the emergence of such requirements, leading to a growth of this industry," Jain added.

Out of the 201 cases related to rogue websites filed before Delhi HC since 2020, 71, accounting for 35.32%, have been disposed. To be sure, in many of the 130 pending cases, interim relief has been provided by the court in the form of injunctions, while the hearings continue.

And read | How AI, GenAI malware is redefining cyber threats and strengthening the hands of criminals

Besides employing dedicated teams to scan these threats, companies are also preventing rogue websites by buying out all possible domains similar to theirs, so that imposters can’t get them. 

“To safeguard against rogue websites, many organizations, particularly e-commerce companies, allocate an estimated 1-3% of their annual revenue to purchase lookalike domains to ensure they are able to reduce potential cybercrime activities and in turn protect their brand," said Ranjeeth Bellary, a partner at consulting firm Ernst and Young India’s (EY) forensic and integrity services department, in charge of cyber forensics.

Rashmi Deshpande, founder of Fountainhead Legal, said the existing legal framework, strengthened by the upcoming Digital Personal Data Protection Act, offered a strong foundation to tackle rogue websites.  "A well-defined framework, developed with support from industry bodies and self-regulatory organizations, could further bolster enforcement efforts and streamline actions against fraudulent platforms," she added.