Credential Theft and Domain Name Hijacking through Phishing Sites

In July 2023 JPCERT/CC reported a domain hijacking case where attackers tricked a domain administrator into entering registrar credentials on a phishing site, then used those credentials to change contact information, disable transfer locks, and transfer the domain to another registrar; the report explains the attack flow and recommends mitigations such as accessing registrars via trusted bookmarks or official apps, enabling two-factor authentication, avoiding password reuse, and contacting registrars or ICANN dispute processes if a transfer is unauthorized.