A hacker alters IP addresses attached to domains in a DNS server with a fake DNS entry.

A user attempts to navigate to a specific domain, and the DNS server sends them to the IP address associated with that domain.

That’s how DNS poisoning or spoofing works:

A hacker alters IP addresses attached to domains in a DNS server with a fake DNS entry.

A user attempts to navigate to a specific domain, and the DNS server sends them to the IP address associated with that domain.

The hacker has altered the IP address in the DNS server, so the user is unknowingly sent to an incorrect IP address.

The IP address returns a domain that looks like the users intended site.

The user interacts with the copycat site and attempts to login, unknowingly sharing their password and username with the hacker.