Over a million domain names, including those from Fortune 100 companies, are vulnerable to cybercriminal takeover due to authentication flaws at major web hosting and registrar firms. These “Sitting Duck” domains can be exploited easily, as attackers can claim control without direct access to the original owner's account. Research indicates that at least 30,000 such domains have been hijacked since 2019, allowing criminals to use them for phishing and spam attacks. Key vulnerabilities stem from misconfigured DNS records and weak verification processes by DNS providers. Security experts urge better practices and coordination among stakeholders to mitigate these risks.
Don’t Let Your Domain Name Become a “sitting Duck”
