How to Avoid the New DNS Hijacking Attacks (Step by Step Guide)

These out-of-sight-out-of-mind approaches to security are a significant reason why hackers and other malicious actors on the Internet have been forced to use more technically challenging methods that attack the very infrastructure of the internet. One of these methods – DNS hijacking – is actually a pretty well-known hack that cybersecurity experts hoped had been solved years ago. That hope ended in late 2018 when cyber security experts realized that internet domain registrars themselves had been infiltrated by DNS hackers.

Domain registrars are familiar websites and providers such as GoDaddy.com, Namecheap.com or Domain.com. These services allow you to host your own website for a monthly or annual fee, and they are regulated by national and international rules and laws. The DNS, or domain name system, changes the usual URL that you would type into your browser into a number-based IP address which is easier for computers to find. Today, this system is also decentralized among many DNS servers to make surfing the web easier and faster as opposed to having one giant server with all internet addresses on it. However, this also means that DNS hackers can slip into these side channels on the internet much easier.

The technically complicated nature of this part of the internet means that a DNS hack can happen without you initially noticing it. In some cases, hackers will break into a DNS server and insert an incorrect corresponding address for a website. When your computer tries to access that website, it will then be redirected to the incorrect address which is usually a fake or malicious website run by the hackers. Since this process happens automatically, you may not realize that you’ve been redirected to a bad website until you’ve possibly already entered in sensitive personal data – even if it’s just your username and password for a trusted online service.

Thankfully, there are several ways in which you can avoid the potentially disastrous effects of a DNS hack. Let’s review a few of these steps below.

1. Make sure your basic antivirus security and operating system are up to date

If you’re using Windows, make sure that Windows Defender is up-to-date and operational. Also make sure that you’ve updated Windows itself – along with all of the necessary security patches. This should happen automatically unless you’ve changed the settings yourself. Visit Microsoft’s website for more details on these updates. These basic security steps will ensure that the hackers cannot insert any malware or viruses on your computer which will hijack your local DNS settings on your computer. It’s also a good idea to keep your internet router’s firmware (the nuts-and-bolts program that tells your device how to run) updated and regularly change your router’s username and password, too – just like you should with your other usernames and passwords.

2. Avoid using public WiFi networks when sending or receiving personal data

Public WiFi networks are notorious for their less-than-optimal security. If you have to use a public WiFi network, avoid having to enter in information like user names, passwords, and other personal information you want to protect. If a public WiFi doesn’t have a Terms of Service that appears when you first connect, you should avoid using that WiFi connection for anything at all.

3. Don’t click on links in suspicious emails or social media posts

Accidentally clicking on such links is how trojan viruses and malware can be installed on your computer or device. If you think you’ve received an email from a trusted online service such as Facebook or Paypal, check the sender’s email address and the contents of the email itself for anything suspicious, such as obvious typos and poor grammar. These suspicious things should also be looked out for when visiting websites, which leads us to our next step.

4. Be very aware of the URLs you’re visiting

Since DNS hacks can redirect you to malicious websites automatically, you should always be acutely aware of the website addresses at which you arrive. These websites might also have unusually long loading times, or their visual layout will appear differently than normal. Check the entire web address and the website’s home page, and if something looks incorrect or suspicious, do not enter any information on the page – promptly close your browser and check your DNS service for leaks, which can be done by following the instructions in the next step.

5. Check your router and DNS settings for suspicious activity

There are two great free online tools which you can use check to see if your router or DNS settings have been hacked. F-Secure Corporation’s Router Checker is just what it sounds like – it checks your router’s connection to its DNS server to make sure the server is an authorized one. The second service, which is the website WhoIsMyDNS.com, allows you to see exactly which DNS server you’re connecting to. If the website shows you a DNS server that looks unfamiliar, it could be that your DNS settings have been hacked.

6. Use a VPN (virtual private network) when surfing the web

A VPN is a great way to protect yourself from many different threats when you’re online, including DNS leaks or hacks. VPNs create a virtual “tunnel” from your computer or mobile device to another secure server. Any data which is transferred through this virtual tunnel cannot be seen or stolen by outside parties. However, only certain VPN services offer effective protection against DNS hacks, and most of those require payment for their VPN service. Try to find a well-respected, highly-rated VPN service with an OpenVPN protocol (as opposed to a L2TP or IPSec service).

With just a little bit of extra attention to detail and an awareness of your computer’s or device’s security settings, you should be able to avoid the DNS hacking that has made cybersecurity headlines in the past year. Be safe out there!