Highjacking: Meaning, Criticisms & Real-World Uses

What Is Highjacking?

Highjacking, in a financial context, refers to the unauthorized and often illegal appropriation or gaining of control over a company, its assets, or digital systems for illicit gain. This broad term falls under the umbrella of Financial Crime and can manifest in various forms, from corporate identity theft to sophisticated cyberattacks. Unlike legitimate business transactions, financial highjacking involves deception, force, or exploitation of vulnerabilities to seize control without consent, leading to significant financial losses and reputational damage for the victims. The objective of such highjacking attempts is typically to extract value, manipulate markets, or facilitate other fraudulent activities.

History and Origin

While the term "highjacking" historically referred to the seizing of goods in transit or vehicles¹⁰¹, ¹⁰², ¹⁰³, ¹⁰⁴, its application to financial and corporate spheres has evolved with the complexity of modern financial systems. The concept of illicitly gaining control over a company's operations or assets is as old as commerce itself, often rooted in schemes involving Fraud and misrepresentation. However, the methods have become increasingly sophisticated.

In the realm of corporate structures, schemes involving "corporate hijacking," also known as corporate identity theft, have been observed for decades, often targeting dormant or publicly traded shell companies. Fraudsters exploit publicly available information to seize control by filing false documents with state authorities, such as fraudulently reinstating a lapsed corporate status or changing director details⁹⁷, ⁹⁸, ⁹⁹, ¹⁰⁰. These hijacked entities can then be used in illicit Reverse Merger transactions or Pump and Dump Schemes⁹⁴, ⁹⁵, ⁹⁶.

The digital age has introduced a new dimension to financial highjacking, with the rise of Cybersecurity threats. Major cyber incidents targeting financial institutions have become a significant concern for global financial stability. For example, the International Monetary Fund (IMF) has highlighted the growing threat posed by cyberattacks, noting that nearly one-fifth of reported cyber incidents in the past two decades have affected the global financial sector, resulting in billions of dollars in direct losses⁹², ⁹³. A notable incident was the 2016 Bangladesh Bank heist, where hackers exploited vulnerabilities in the SWIFT global financial messaging system to attempt to steal a billion dollars, with $101 million ultimately disappearing⁹⁰, ⁹¹. Such events underscore the critical importance of robust defenses against various forms of financial highjacking.

Key Takeaways

Financial highjacking involves unauthorized control over a company, its assets, or digital systems, often for illicit financial gain.
It encompasses various methods, including corporate identity theft and sophisticated cyberattacks.
The primary motives for highjacking include stealing money, facilitating Identity Theft, or enabling other forms of financial crime.
Regulatory bodies like the Securities and Exchange Commission (SEC) actively pursue enforcement actions against those involved in corporate fraud and highjacking activities⁸⁷, ⁸⁸, ⁸⁹.
Effective prevention relies on strong Internal Controls, vigilance, and advanced cybersecurity measures.

Interpreting Highjacking

Financial highjacking is interpreted as a severe breach of financial security and Corporate Governance that undermines trust and stability in markets. When a company experiences highjacking, it indicates a failure in security protocols, legal protections, or oversight mechanisms. The implications extend beyond immediate financial loss, potentially impacting investor confidence, market integrity, and the overall operational resilience of Financial Institutions ⁸⁶.

Understanding the methods employed in highjacking—such as fraudulent filings, Malware deployment, or Phishing campaigns—is crucial for developing effective countermeasures. Interpretation also involves assessing the scope of the attack, the vulnerabilities exploited, and the potential for broader systemic risk, especially in interconnected financial networks.

Hypothetical Example

Consider "Tech Innovations Inc.," a small publicly traded company with a dormant status, meaning it is still legally registered but not actively operating. A group of fraudsters identifies Tech Innovations Inc. through publicly available corporate records, noting its inactive status and outdated board information.

Step 1: Information Gathering
The highjackers research state corporate registries and find that Tech Innovations Inc. has neglected its annual filings, making it vulnerable.

Step 2: Falsification of Records
They prepare fraudulent documents, such as a forged board resolution and new director appointments, listing themselves as the new management. They submit these falsified documents to the relevant state Secretary of State office, often paying nominal fees to "reinstate" or "update" the company's status with the new, illegitimate control.

Step 3: Gaining Control
Once the state records are updated, the highjackers gain de facto legal control. They might then attempt to issue new shares, engage in a fraudulent merger with a private company, or use the company's stock symbol in a Pump and Dump Schemes, inflating its stock price before selling their shares at a profit. The legitimate Shareholders and former management may be unaware until the fraudulent activities cause public scrutiny or regulatory action.

Practical Applications

Highjacking appears in various real-world financial contexts, primarily within corporate fraud, Cybersecurity incidents, and regulatory enforcement.

Corporate Identity Fraud: In this scenario, criminals illegally take control of a company's registration details at official registries by filing false information. This can involve changing the registered office address or replacing legitimate directors with fraudsters. Once control is gained, the hijacked company can be used to open bank accounts, obtain credit, or issue fraudulent invoices, leveraging the company’s goodwill to deceive suppliers or customers. Such⁸³, ⁸⁴, ⁸⁵ schemes often precede other forms of financial crime, like "short firm fraud" where the hijacked entity is used to obtain goods on credit with no intention of payment.
⁸² Cyberattacks on Financial Systems: The financial sector is a frequent target for cybercriminals due to the vast amounts of sensitive data and money involved. Cyber highjacking in this context includes various tactics like "session hijacking," where an attacker takes control of a legitimate user's session to access financial accounts, or "DNS hijacking," which redirects website traffic to fraudulent sites. Fina⁸⁰, ⁸¹ncial institutions must constantly enhance their defenses against these evolving threats. As Federal Reserve Governor Michael S. Barr noted in a 2025 speech, the financial system faces escalating threats from generative AI-facilitated cybercrime, emphasizing the need for robust cybersecurity measures and regulatory vigilance.
⁷⁹ Regulatory Scrutiny: Regulatory bodies, such as the SEC, actively investigate and prosecute highjacking and related corporate fraud. The SEC prioritizes combating corporate fraud and emphasizes the importance of strong Internal Controls to prevent misconduct that could lead to financial highjacking. Thei⁷⁷, ⁷⁸r enforcement actions aim to deter illegal activities and protect investors from fraudulent schemes.

In July 2025, Allianz Life Insurance Company of North America reportedly suffered a cyber-attack where personal information of a majority of its 1.4 million US customers was stolen through a "social engineering" technique targeting a third-party cloud system. This⁷⁶ incident highlights the ongoing vulnerability of financial data to advanced highjacking methods and the critical need for vigilance among Financial Institutions.

Limitations and Criticisms

While measures exist to combat highjacking, several limitations and criticisms highlight the ongoing challenges. One major limitation is the reactive nature of many defense mechanisms. Regulators and law enforcement often act after a highjacking has occurred, making recovery of assets or control a costly and time-consuming process for victims.

The⁷⁴, ⁷⁵ ease with which publicly available information can be exploited for corporate highjacking is a significant criticism. Fraudsters can leverage corporate registry details to facilitate illegitimate changes, underscoring a need for more stringent verification processes at the administrative level. Furt⁷¹, ⁷², ⁷³hermore, the increasing sophistication of cyberattacks, including the use of artificial intelligence, presents a constant challenge for Cybersecurity defenses, as criminals continually adapt their tactics.

Ano⁶⁹, ⁷⁰ther criticism involves the potential for internal actors to facilitate highjacking. While external threats are prevalent, insider threats can also undermine Internal Controls and aid highjackers. The SEC has emphasized the dangers when internal audit functions or compliance personnel raise red flags about control weaknesses, and these warnings are ignored. The ⁶⁸complexity of global financial networks also makes tracing and recovering stolen funds or assets challenging, as illicit gains can quickly be moved across borders.

Highjacking vs. Hostile Takeover

The terms "highjacking" and "Hostile Takeover" both describe one entity gaining control over another against the wishes of the incumbent management, but they differ fundamentally in their legality and methods.

| Feature | Highjacking ¹ ², ³ ⁴, ⁵, ⁶ ⁷ ⁸, ⁹ ¹⁰, ¹¹, ¹², ¹³ ¹⁴, ¹⁵ ¹⁶, ¹⁷, ¹⁸ ¹⁹, ²⁰, ²¹, ²² ²³, ²⁴, ²⁵ ²⁶, ²⁷, ²⁸ ²⁹, ³⁰ ³¹, ³² ³³, ³⁴, ³⁵ ³⁶, ³⁷ ³⁸ ³⁹, ⁴⁰ ⁴¹ ⁴², ⁴³ ⁴⁴ ⁴⁵, ⁴⁶, ⁴⁷ ⁴⁸, ⁴⁹, ⁵⁰ ⁵¹, ⁵² ⁵³, ⁵⁴ ⁵⁵ ⁵⁶, ⁵⁷, ⁵⁸ ⁵⁹, ⁶⁰, ⁶¹ ⁶², ⁶³ ⁶⁴, ⁶⁵, ⁶⁶, ⁶⁷