Domain hijacking transfers domain registration to an attacker's control — enabling them to redirect all traffic for that domain, including email and website.
Prevention: registrar lock, strong authentication on registrar accounts, MFA for domain registrar login, registry lock for critical domains. Domain hijacking is often via social engineering the registrar.