WhiteHat Security founder Jeremiah Grossman has published details that could help victims of domain hijacking.
The penetration tester writes how he helped an unnamed video production house to fight a scammer who had opened a mimic website to defraud customers.
Staff names and photos were altered along with contact information such that customers would contact the criminal instead of the film company.
Grossman grabbed WHOIS data, and used the dig command and the American Registry for Internet Numbers to find the IP address and connected hosting provider, GoDaddy, which directed the hacker to report the fraud to ICANN.
The scammer cottoned on and changed his code to kill the redirect, and was soon defeated after GoDaddy took the fraudulent site down.
The largest and most vigilant brands pre-register copycat domains, and typosquatting domains where a common mistyped key would lead to another website.