What is page hijacking?
Page hijacking is a very common technique using which cyberattackers compromise a legitimate website or create a duplicate of a popular website. And then, they take advantage of that to redirect traffic to a malicious website for malicious purposes.
How is page hijacking done?
If a website duplicates the contents of a popular website, web crawlers will detect the duplicate while indexing the web pages. If two pages have the same content, only one will be shown, and the other will be kept in “Show Similar Pages.” In some cases, the duplicate web page gets a decreased search engine ranking. Cyberattackers take advantage of this behavior in page hijacking.
In page hijacking, attackers make a website by duplicating the contents of a popular website. Then, they use some malicious black hat SEO techniques to ensure that after a few weeks, their duplicate website gets shown and the legitimate one is kept in “Show Similar Pages,” or the search engine rank of the original website decreases.
For example, suppose there is a popular website, www.ecommerce.com, and it sells online clothes.
To do page hijacking, attackers first make a website, www.ecommerce.net, and duplicate the web pages. After a few weeks, the search engine rank of the original website decreases, or the search result starts to show something like this :
Ecommerce.net – Buy Clothes Online
Offering clothes online
www.ecommerce.net
– Show Similar Pages –
As a result, visitors searching for “online clothes” will end up visiting the malicious website www.ecommerce.net instead of the authentic website ecommerce.com.
Now, the attackers are free to redirect innocent visitors to an unrelated malicious website that may spread malware through drive-by download (What is a drive-by download?) or by some other means. The attackers may even plan to perpetrate more cyberattacks.
In another type of page hijacking, the attackers compromise a legitimate and popular website and redirect users who visit the webpage to their malicious website. Attackers often do this to spread malware or for the purpose of phishing. And, sometimes page hijacking is used along with the watering hole attack (What is the watering hole attack and how to prevent it?) to target a particular organization or group.
Why is page hijacking done?
Attackers may do page hijacking for several reasons :
- Attackers may duplicate a popular website or redirect traffic from a hijacked popular website to get lots of traffic to their malicious website and then exploit that to spread malware. They may use malicious techniques like drive-by download (What is a drive-by download?) to install malware on the computer of a user who visits the webpage.
- Attackers may duplicate a popular website and use that for phishing. Sometimes, they make the duplicate webpage almost identical to the actual website and exploit that to convince users to give sensitive data on their malicious website.
- Attackers may even hijack a popular website and flag its existing pages as temporary so that the rank of the popular website becomes lower, and they can take advantage of that to boost their own traffic for malicious purposes.
- And, sometimes, page hijacking is used for the purpose of a watering hole attack (What is the watering hole attack?) to target a particular group or organization.
0 Comments