Domain hijacking is exactly what it sounds like. A hacker hijacks a domain by fraudulently transferring ownership of the domain over to him or herself. For this to work a hijacker needs to know a few key pieces of information: the domain registrar name for the victim domain, and the administrative email address and log in credentials associated with the domain.
There are a number of ways attackers could obtain the necessary information. Below are three common methods hackers use.
Spear phishing is a relatively cheap and ideal method for hackers to steal log in credentials. All an attacker needs do is write a convincing email with a link to a phishing site. This type of attack has become very popular. In fact, the Anti-Phishing Working Group reported an increase in phishing emails from 31,064 in January 2015 to more than 88,000 in August 2015.
A hijacker could also look at vulnerabilities in the target organization’s web server. A recent study, showed that 37% of vulnerabilities in hosting web servers could have been prevented by applying security patches as soon as possible. Unpatched flaws can give a hijacker the necessary in his or she needs to obtain log in credentials.
A hacker could also look for vulnerabilities in the domain registrar’s system. For example, if the domain registrar allows someone an unlimited number of password attempts, a hijacker could brute-force the password.
Domain hijacking has large implications for businesses on the financial level and can majorly damage brand reputation.
Companies can lose money through loss of sales or services when a domain is hijacked. For example, Michael Lee bought the domain name MLA.com for his graphic design company in 1997 for $47. When Lee’s domain was hijacked, customers were unable to contact him through his website and, customers took their business elsewhere, costing Lee $200,000 in sales.
Enterprises stand to lose a domain name when it is hijacked. Some domains can sell for millions of dollars. Hotels.com, for example, sold for $11 million in 2001. Once the domain is sold, it makes it more difficult for the original domain owner to get it back.
A hijacker may choose to keep the domain to set up a phishing site to steal customer info or to serve malware. Users who may be unaware of any change in the domain owner could visit a site serving malware and leave that experience with an infected computer and a negative view of the previously trusted website. Any negative experience with a hijacked domain will damage brand reputation.
Domain hijacking can negatively affect businesses on the financial level and cause irreparable damage to brand reputation. Website admins should patch vulnerabilities in a timely matter, choose a domain registrar with stringent authentication standards, and teach employees about the dangers of phishing emails.