The “Domain Lock”: Preventing Business Identity Theft via DNS Hijacking

Article summary: Domain hijacking is business identity theft that can redirect your website, disrupt email and undermine customer trust by manipulating your domain or DNS settings. A Domain Lock, strong registrar account security and a registry lock reduce the chance of unauthorized transfers and DNS changes. Protecting DNS also protects email credibility through SPF, DKIM and DMARC and helps your messages reach inboxes and makes your domain harder to spoof.

Your domain isn’t just a website address. It is your business identity online.

If an attacker gains control of your domain or the DNS settings behind it, they don’t just “break your site.” They can impersonate your business in ways that look legitimate right down to the URL.

That is what makes domain hijacking so damaging. It is business identity theft with a technical shortcut. Visitors can be silently redirected. Logins can be intercepted. Email trust can be undermined. 

This is where proactive security support pays off. Domain and DNS protections work best when they are reviewed, monitored and kept consistent over time rather than revisited only after something breaks.

What is Domain Hijacking?

Domain hijacking is what happens when someone other than you gains control of your domain or the settings that control where it points. 

That control can be used to redirect visitors to a fake site, intercept logins, disrupt email delivery or undermine customer trust.

This usually happens through changes at the registrar or DNS host level. 

The CISA guidance on DNS infrastructure tampering warns that attackers can manipulate DNS infrastructure so traffic is redirected or intercepted which is why DNS changes are such a high-impact target. 

ICANN’s security advisory on hijacking also treats this as a real and recurring threat category. Its SSAC SAC-007 paper focuses on “domain name hijacking” incidents and remediation because unauthorized domain transfers and record changes can effectively hand your business identity to someone else.

Domain hijacking doesn’t always require “hacking” in the dramatic sense. It can happen when registrar credentials are stolen, when access is shared too broadly or when support teams are socially engineered into approving changes. 

That is why KrebsOnSecurity’s registry lock explainer emphasizes stronger lock options that are designed specifically to resist unauthorized changes even when someone pressures support into “helping.” 

It is also why ICANN’s practical advice stresses basic controls like unique passwords, multi-step authentication and transfer locks to reduce the odds that a single compromised account turns into a full domain takeover.

The “Domain Lock” Explained 

A Domain Lock is a protective setting at your registrar that makes it harder for someone to transfer your domain or make certain high-impact changes without additional steps. 

When a domain is locked, it is often shown with statuses like “Registrar lock” or “Client Transfer Prohibited.” 

ICANN cautions that a transfer lock is “not a fail-safe” but it does raise the bar by adding friction to unauthorized moves. 

However, a Domain Lock only helps if the registrar account itself is protected. 

If attackers can log in as you, they may be able to unlock and change settings. That is why you should enforce basics like strong and unique passwords and multi-step authentication.

Domain Lock vs. Registry Lock

A Domain Lock (registrar lock) is good. A registry lock is stronger.

Registry lock is a higher-assurance control designed to resist unauthorized changes even if someone tries to social-engineer registrar support. It typically requires an out-of-band manual verification process before changes can be made at the registry level.

If you want a credibility gut-check on adoption, research shows that only 22% of domains tracked for large public companies had registry locks in place.

If you are trying to reduce the risk of domain hijacking, start with a Domain Lock and strong registrar account security. If your domain cannot afford downtime or cannot afford impersonation, registry lock is the next level up.

Why DNS Protection Is Also Email Protection

If you want to understand why domain hijacking is so damaging, look at email. Email is still how most businesses send invoices, proposals, password resets and customer updates. Whether messages are trusted often comes down to DNS.

Email authentication standards like SPF, DKIM and DMARC rely on DNS records to prove that mail claiming to come from your domain is legitimate. 

DMARC is designed to help prevent spoofing and phishing by validating messages and telling receiving mail systems what to do when authentication checks fail. 

In other words, your DNS records don’t just point browsers to your website. They help receivers decide whether your emails should land in the inbox, the spam folder or get rejected entirely.

If attackers can tamper with DNS, they can disrupt your authentication posture and create confusion around what is real. 

Even without a full takeover, small DNS changes can degrade deliverability, interrupt business communication and make it easier for customers to fall for convincing impostor messages.

SPF, DKIM and DMARC are practical controls that make your domain harder to spoof. 

That matters because one of the most common outcomes of domain-related attacks is brand impersonation which are emails that look like they came from you and are sent to your customers, vendors or staff.

So when you lock down DNS, you are not just protecting a website. You are protecting the credibility of every “from” address your business relies on.

Your Domain Is Too Important to Leave Unlocked

Domain hijacking isn’t a niche threat. It is business identity theft. If someone can change where your domain points or interfere with the DNS records behind it, they can disrupt your website, undermine email trust and impersonate your business in ways that look legitimate.

If you want to reduce domain hijacking risk, contact Sound Computers. We can make sure your email identity controls are working the way they should.

Article FAQs

What is domain hijacking?

Domain hijacking is when an attacker takes control of your domain or DNS settings and uses it to redirect traffic, disrupt email or impersonate your business. It is a form of business identity theft because customers can be sent to the wrong place even when they typed the correct domain.

Is domain hijacking illegal?

Yes. Taking control of a domain or changing DNS settings without authorization is unlawful in most jurisdictions. It is typically treated as unauthorized access, fraud or identity-related cybercrime depending on what the attacker does with it.

What are the signs of DNS hijacking?

Common signs include your website suddenly redirecting, certificate warnings, login pages that look “off,” emails bouncing or failing delivery and unexpected changes to DNS records or registrar settings. You may also see customers reporting strange site behavior even though your internal systems look normal.