Protecting schools from domain hijacking and impersonation attacks

by | Nov 20, 2025 | Blog, Protect, Safety & Security

School domains case study blog graphic

As part of N4L’s ongoing security monitoring, our Security Services team detected cases of  sophisticated impersonation attacks targeting some schools. The attackers in a couple of cases had registered an expired, unused domain name formerly associated with a  school and cloned the school’s website. They then:

  • Set up Google Workspace under the impersonated domain.
  • Began reaching out to education software suppliers posing as the school.
  • Attempted to purchase bulk software licenses under the school’s name.

This activity was discovered when suppliers flagged the suspicious request – a critical early intervention that prevented financial and reputational damage.

Our response

N4L’s Security Services team acted swiftly:

  • Confirmed domain hijacking and advised the impacted school of the breach.
  • Worked with the supplier to block the transaction and trace the fraudulent request.
  • Notified the Ministry of Education to raise broader awareness across the sector.

In another case, the impersonator attempted to order a number of licenses for a school that has a lower number of students. Again, quick action by the supplier and our team helped prevent loss.

Key insights

This incident underscores a growing threat:

  • Domain hijacking and impersonation are becoming more sophisticated and targeted.
  • Schools sometimes allow unused domains to expire or remain unmanaged, creating vulnerabilities.
  • One way to ensure that your domain won’t expire is to transfer to the SchoolDNS service by Liverton Sescurity, which provides automatic annual renewals.

Outcomes

  • Impersonation attempts were detected and stopped before damage occurred.
  • The Ministry of Education and school ICT providers were informed and are now on heightened alert.
  • Schools are being encouraged to review DNS holdings, especially lapsed or unused domains.

A reminder for IT staff: the control of domains is managed by the Domain Name Commission where you can find publicly available information on specific domains – they can be looked up here.

These events highlight the need for DNS governance across schools and kura and the important role our Security Services play.

Want more tips and updates from N4L? Subscribe to our blog and stay connected.