The attack that’s turning your trusted websites against you

You type in your bank’s website, hit enter, and the familiar login page pops up. You enter your credentials, maybe even a two-factor code. Everything looks normal - except it’s not. Without realizing it, you just gave all your info to a hacker.

What happened?

DNS spoofing.

It’s not flashy like ransomware. It doesn’t lock your files or flash skulls on your screen. It’s quiet, sneaky, and most people don’t even know it exists. But it can redirect you to a fake website that looks exactly like the real one, and you’ll have no idea anything’s wrong.

Wait, What Is DNS Again?

Before we get into how the attack works, let’s rewind a bit.

DNS (Domain Name System) is basically the Internet’s phone book. It takes the domain names you type (like medium.com) and translates them into IP addresses (like 162.159.153.4) so your browser knows where to go.

When you type a website into your browser, here’s (roughly) what happens:

1. Your device checks if it already knows the IP address (via local cache).
2. If not, it asks your DNS resolver…