Subdomains that once served a purpose but later were forgotten by website administrators can be abused by hackers. Many companies have created subdomains to use with third-party services, such as remote helpdesk systems, code repositories and blogs. This is possible because online services often don’t verify the ownership of subdomines. An attacker could exploit such a situation by registering the expired domain and setting up a phishing page that mimics the company’s main website. The page would then be accessible through the subdomain and could be spammed to users.”]