Security Encyclopedia

Domain Hijacking / Spoofing

Domain Hijacking or Domain Spoofing is an attack where an organization’s web address is stolen by another party. The other party changes the enrollment of another’s domain name without the consent of its legitimate owner. This denies true owner administrative access. Scammers then use the legitimate web address for any purpose they choose.

Domain loss to another person can occur under mundane circumstances, such as upon the expiration of a domain name when, at such time, another person quickly registers it. A true hijack of a domain happens when a domain’s legitimate owner unwittingly loses it. This occurs when they volunteer their Domain Name System (DNS) credentials as a result of a phishing or other social engineering scam. Other causes of a DNS hijacking stem from when a partnership between more than one person who has access to the DNS registration dissolves, and one party hurries to reset access credentials, locking out the other party.

Domain spoofing is a related but separate action. Here, the illegitimate party mimics the website at the true domain, doing whatever they like: destroying the reputation of the true business, collecting credentials and payment card data, conducting SPAM, and basically abusing all domain-related privileges (including email control).


"I responded to an urgent message about the expiration of our domain, but it wound up being a domain hijacking. Our website now shows really embarrassing content and I'm hearing of emails pretending to be me...saying inappropriate things."