Subdomain Hijacking and Trust

subdomain hijacking

What if https://www.something.com was the most trusted website in the world. What would you think of…

heather.something.com
buymystuff.something.com

The heather.something and buymystuff.com are subdomains.

Large companies often have a lot of subdomains mapped to various IP addresses via DNS.

What does this mean? It means they may not have a good handle of all of the subdomains you use. Would you miss one if someone stole a subdomain out from under you?

Goooooood question.

https://hackernoon.com/how-hackers-attack-subdomains-and-how-to-protect-them-rc7j37f2

With some searching and discovery, people not in your organization can go looking for the subdomains you use.

Imagine now you get an email from someone and it appears fishy (phishy), but when you do due diligence, the links in the email go to a subdomain of a reputable company. Still, if someone has hijacked the subdomain for nefarious purposes…you have no way to know that.

When in doubt, Google the URL and see what you get. I’m a big proponent of never clicking on links you don’t expect, and the subdomain hijacking is yet another good reason why not to.

Scroll to Top