Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant.
This can be financially devastating to the original domain name holder, who may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts. Additionally, the hijacker can use the domain name to facilitate illegal activity such as phishing, where a website is replaced by an identical website that records private information such as log-in passwords.
Domain hijacking can be done in several ways, generally by exploiting a vulnerability in the domain name registration system or through social engineering.
The most common tactic used by a domain hijacker is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar to modify the registration information and/or transfer the domain to another registrar, a form of identity theft. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.