A webjacking is often accomplished by the webjacker sending a counterfeit email message to the registrar controlling a domain name registration. The counterfeit message appears to have been sent from someone with authority over the domain name, and the message instructs . . .
A webjacking is often accomplished by the webjacker sending a counterfeit email message to the registrar controlling a domain name registration. The counterfeit message appears to have been sent from someone with authority over the domain name, and the message instructs the registrar to "connect" the domain name with a new Internet Protocol (IP) address. Once this connection is set up by the duped registrar, any Internet user who types the domain name in his or her Web browser is taken to whatever Web site the webjacker has installed at the new IP address. Sometimes the webjacker's Web site is a fraudulent copy of the original Web site, causing Internet users not to notice the webjacker's scam.

Webjacking is a surprisingly easy way to take control of a Web site. While Web site owners fortify their systems with firewalls and other security measures, some have lost control of their sites as a result of a webjacker simply emailing the registrar. Unless the door that allows webjacking to occur is closed and locked, no amount of front-facing security will protect Web sites from such a rear attack.

The link for this article located at Lexis-Nexis is no longer available.