DNS Hijacking

  • Published: Wednesday, April 1, 2020

DNS (Domain Name System) hijacking is a tactic used by cyber criminals to trick the users into thinking they are visiting a legitimate website. The user may enter in the name of a website they wish to visit but the crook has taken control and instead redirects them to a malicious site. These maneuvers can go without detection by the victim. 

How does that happen? 

An unfortunate side effect of remote workers is the dependency of the homeowners router. Attackers have been accessing Linksys routers and changing DNS settings. It is unclear how they are accessing the routers but could be that they are brute-forcing their way in or attacking otherwise vulnerable systems. 

DNS hijacking or redirection has two primary purposes. One is to redirect you to a site with pop ups and ads. This is known as pharming and is usually designed to generate revenue. 

The other is a form of phishing. The DNS redirection may include credential stealing screens asking for your login or other personal information. 

You can detect DNS hijacking by looking at some telltale signs such as slow loading of web pages and frequent popups. An effective way to discover if you are experiencing DNS hijacking is to open a command prompt. Ping a domain that does not exist. If it is not resolved you are not being hijacked. If the results confirm a resolution there is a good chance that you are a victim. 

F-Secure has a free tool for checking your router. Router checker can test for signs of DNS hijacking. 

In order to protect yourself against possible hijacks follow these security best practices:

  • Don’t click on webpages or links that appear suspicious
  • Look closely at the URL to determine it is authentic
  • Don’t use public Wi-Fi
  • Protect your router by changing default configurations and maintaining patches
  • Use a VPN (Virtual Private Network) service
  • Use anti-virus/anti-spam software


Hackers are messing with routers DNS settings as telework surges around the world

New attack on home routers sends users to spoofed sites that push malware