Hijacking is the illegal seizure or unauthorized takeover of a vehicle, vessel, aircraft, or digital asset while it is in transit or operation. In marketing and SEO contexts, the term applies to brandjacking, domain hijacking, clickjacking, and similar tactics where attackers capture traffic, impersonate brands, or manipulate user sessions. These threats directly impact search rankings, brand reputation, and conversion integrity.
What is Hijacking?
The term originated in the United States in the 1920s, initially describing the theft of truckloads of illegally manufactured liquor or the seizure of rumrunners at sea (Merriam-Webster). By the mid-1950s, usage expanded to include the hijacking of trucks carrying legitimate cargo and legal ships.
Aviation hijacking, or skyjacking, emerged as the dominant form in the late 20th century. The first reported aerial hijacking occurred in Peru in 1931, while the first such incident in Asia occurred in 1948 on a flight from Macau to Hong Kong, resulting in 25 deaths when the aircraft crashed into the Pacific Ocean (Britannica). Between 1968 and 1970 alone, there were nearly 200 hijackings globally, many involving politically motivated groups demanding ransom or prisoner releases (Britannica).
In digital contexts, hijacking refers to the unauthorized takeover of computing resources, online identities, or traffic streams. This includes brandjacking (the unauthorized use of a company's brand), domain hijacking, DNS hijacking, session hijacking, clickjacking (including likejacking and cursorjacking), browser hijacking, and BGP hijacking.
Why Hijacking matters
- Brand integrity erosion. Brandjacking allows malicious actors or competitors to impersonate your company, creating customer confusion and diluting brand equity.
- Traffic diversion. Domain hijacking and DNS hijacking redirect your organic traffic to competitor sites or phishing pages, directly stealing revenue and damaging SEO performance.
- Data compromise. Session hijacking enables attackers to take over authenticated user sessions, potentially accessing customer accounts, admin panels, or sensitive databases.
- Analytics corruption. Clickjacking generates false interactions or forced redirects, skewing engagement metrics and conversion tracking.
- Reputational damage. Browser hijacking installs unwanted software or modifies search settings, associating your brand with malware and poor user experience.
- Financial liability. Credit card hijacking and similar schemes expose customer payment data, triggering compliance penalties and chargebacks.
Types of Hijacking
| Type | Definition | Marketing Impact |
|---|---|---|
| Brandjacking | Unauthorized use of a company's brand | Customer confusion, reputation damage, loss of trust signals |
| Domain hijacking | Unauthorized transfer or acquisition of domain names | Complete traffic loss, email interception, brand impersonation |
| DNS hijacking | Altering DNS records to redirect traffic | Phishing attacks, traffic theft to competitor sites |
| Clickjacking | Hijacking user clicks in a website context via hidden elements | Affiliate fraud, unintended user actions, skewed analytics |
| Session hijacking | Taking control of established user sessions | Account takeovers, data breaches, unauthorized transactions |
| Browser hijacking | Modifying browser settings without consent | Forced redirects, unwanted ads, malware associations |
Examples
Example scenario: Brandjacking via social media A competitor registers social media handles identical to your brand name and begins posting misleading discount codes. Customers attempting to reach your official support channels instead expose their credentials to phishing sites, damaging your brand's trust metrics and increasing your customer acquisition costs.
Example scenario: Domain hijacking during registrar vulnerability An attacker exploits weak authentication at your domain registrar to transfer ownership of your primary domain to an offshore account. Your website becomes inaccessible, your email servers fail, and visitors see placeholder ads or competitor content until you recover control through legal intervention.
Example scenario: Clickjacking on checkout pages A malicious third-party script overlays invisible iframes on your "Add to Cart" buttons. When users attempt to purchase, they unintentionally click hidden links that redirect them to a competitor's site, causing you to lose attribution for the conversion while inflating your bounce rate.
FAQ
What is the difference between brandjacking and cybersquatting? The corpus does not define cybersquatting. Brandjacking specifically refers to the unauthorized use of a company's brand, which can include fake social media accounts, misleading ads, or impersonation emails, whereas domain-focused abuses fall under domain hijacking or DNS hijacking.
How does hijacking affect SEO performance? Hijacking diverts organic traffic, creates duplicate content issues when attackers scrape and republish your material, and generates negative user signals (high bounce rates, short dwell times) when users encounter malicious redirects. Search engines may penalize your site if associated with malware or phishing.
What is clickjacking? Clickjacking is a technique where attackers hijack user clicks in a website context by overlaying invisible elements on legitimate buttons or links. This tricks users into performing unintended actions, such as liking social media pages they never visited or initiating unwanted downloads.
Can hijacking occur without technical hacking skills? Yes. Brandjacking often requires no technical exploitation, merely the registration of similar domain names or creation of fake social profiles. However, session hijacking and DNS hijacking typically require technical knowledge to intercept data or exploit protocol vulnerabilities.
How did hijacking evolve from physical to digital crimes? The concept remained consistent: seizing control of assets during transit or operation. As commerce moved online, attackers shifted from commandeering physical vehicles to capturing domain registrations, browser sessions, and brand identities, applying the same principle of interception to digital traffic.
What was the deadliest hijacking incident? The deadliest act of air piracy occurred on September 11, 2001, when terrorists simultaneously hijacked four airliners in the United States, flying them into the World Trade Center, the Pentagon, and a field in Pennsylvania, killing more than 3,000 people (Britannica).
