Here's an entirely new way to hijack a bank

The most devious part of hijacking the bank’s Domain Name System is that the switch to the imposter URLs was undetectable by users. As the article describes, “those sites even had valid HTTPS certificates issued in the name of the bank, so that visitors’ browsers would show a green lock and the bank’s name, just as they would with the real sites.”