Learn a lesson from Nissan - own your brand’s website domain, or else…

Graham Cluley

September 07, 2017

Learn a lesson from Nissan - own your brand’s website domain, or else…

Wednesday was a big day for car manufacturer Nissan as it launched a new version of its best-selling Leaf electrical car, which claims to be able to travel 50% further on a single battery charge than it predecessor, and incorporates an innovative one-pedal driving system.

Millions must have been spent on the development of the vehicle and its promotion.

So the very last thing you want to happen is for potential customers to be told anything off-message.

But don’t worry, Nissan’s social media team are hard at work promoting the new vehicle:


Does everything about that tweet look right to you?  Yes, that really is the verified Twitter account of Nissan’s UK division, and yes that is genuine link to the nissan.com website.

The problem is this… Nissan, the car company, doesn’t own the nissan.com domain.

Nissan.com is owned by a man called Uzi Nissan, who owns a company called Nissan Computer.  Mr Nissan bought the nissan.com domain name way back in 1994, when his car-making namesakes were still called Datsun.

For years, Nissan the car manufacturer has been in a legal battle with Nissan the little-known computer company… and you know what?  For once, the bigger guys haven’t won.

Which means that Nissan (the car firm, this is getting exhausting…) must be very careful to link to nissan-global.com or nissan.co.uk, and not nissan.com.

After all, if you visit nissan.com as the tweet encourages you, you might find something rather different than the electrical cars you may be expecting.


If Nissan’s own employees can’t link to the right website, one can only wonder just how many members of the public make the same mistake on a regular basis, and indeed how many emails must be incorrectly sent to a @nissan.com address rather than their intended destination.

In retrospect, it might have been sensible for Nissan Motor to have thought about this before they decided to change their name from Datsun.

I guess the only good news is that Uzi Nissan doesn’t appear to be the kind of fellow who is attempting to maliciously exploit the situation.  If a desirable domain name like this had fallen into the wrong sort of hands it is easy to imagine how it might have been used to spread malware or attempt to scam the unwary.

What can we learn about the long-lasting tussle over control of nissan.com?  Well, your business simply must own the domains for your brand – rather than allow someone else to snap them up.

And if the domains have been taken before you create your own brand, well maybe reconsider whether you have chosen the right brand name at all – rather than assume your corporate weight will allow you to wrestle it from a small firm or individual.

Once the horse is bolted it’s a lot lot harder to get it into the stable, and under your control.  That’s a problem that Instagram is recognising right now following the creation of a searchable website called Doxagram.

Doxagram allows anyone to find the contact phone numbers and email addresses of up to six million users, stolen by hackers through a bug in the Instagram API.  Exposed users are believed to include the likes of Taylor Swift, Katy Perry, Adele, Snoop Dogg, Britney Spears, and David Beckham.

Instagram has been trying to shut down the Doxagram site as it pops up at different domain names (doxagram.com, doxagram.ws, etc) but there’s nothing to stop criminals from creating new versions of the site at different domains.

And that’s why, although understandable, Instagram’s purchase of hundreds of Doxagram-related domains is doomed to ultimate failure.

It’s important to recognise that you will never be able to own every possible permutation of a particular domain name online – but at the very least make sure that you own and tightly control those which belong to your key brands.



Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

View all posts

You might also like