DNS Hijacking: What it is, red flags to spot, and how to fix it fast

DNS Hijacking

What it is

DNS hijacking is when someone tampers with the internet’s phone book (DNS) so your browser goes to the wrong site—often a fake login page or a malware download—even though you typed the right address. Get the full rundown in our DNS hijacking explainer.

How it works 

  • Attackers poison DNS answers on your device, router, or a DNS server in the path.

  • Your request for a legit site returns a malicious IP instead.

  • You land on a look-alike page that steals logins or pushes malware.

What you might notice

  • A familiar site looks off (new domain, odd padlock details, typos).

  • Browser warnings about certificates, or login pages asking for extra info.

  • Your router’s DNS settings changed, or devices all misresolve the same sites.

If you suspect it 

  1. Stop and verify the domain and certificate before logging in.

  2. Flush DNS cache (device) and reboot the router.

  3. Set DNS to a trusted resolver (on device and router).

  4. Scan for malware; change passwords from a clean device.

  5. Check the router: update firmware, change the admin password, disable remote admin.

Prevent it

  • Keep OS, browsers, and router firmware updated.

  • Use MFA so a fake page can’t steal your account.

  • Lock down the router: strong admin password, no default creds, no exposed management.

  • Force all network DNS to a chosen resolver; block outbound DNS to others.

  • Prefer HTTPS everywhere and read the address bar before you log in.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Phishing

        What it is Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick ...

      • DNS Firewall

        Why it matters Most attacks start with a click or a background connection. Stopping bad domains at the DNS layer cuts off malware downloads, phishing pages, and command-and-control beacons without slowing users or changing their workflow. How it ...

      • DNS Blocking

        What it is DNS blocking is a simple filter for where devices are allowed to go on the internet. When a user tries to visit a domain on the block list, the DNS resolver refuses or sends them nowhere - so risky or unwanted sites never load. How it ...

      • DNS Filtering

        Why it matters Most threats start with a click. Stopping connections at the DNS layer cuts off malware downloads, command-and-control beacons, and fake login pages -without slowing users or breaking trusted sites. How it works Your device asks DNS ...

      • NDR (Network Detection And Response)

        What it is Network Detection and Response (NDR) watches live network traffic to spot and investigate suspicious behavior in real time. Instead of relying on signatures, it analyzes patterns and anomalies to catch threats moving across your ...