As the polarized information environment and technological advancements, such as artificial intelligence, enable the creation and spread of malicious content online, strategic communication can be misused in unpredictable ways. This paper addresses an emerging, urgent challenge to organizational legitimacy by analyzing the phenomenon of communication hijacking as a technique of dark strategic communication and providing three illustrative examples of severe communication hijacking in Finland.
Through a thematic review of the literature on communication hijacking and related concepts, we show which conditions must be met for it to occur. The theoretical findings are tested through expert interviews and three illustrative examples.
We propose that there are three necessary conditions for communication hijacking to occur: the takeover is involuntary on the part of the organization, it co-opts an existing communicative element, and it changes this element to contradict its original purpose. The more serious each of these factors, the stronger the hijacking. We summarize these factors in the communication hijacking triad model.
As the study constructs a new concept, the keywords utilized could have left out some important related theories. Second, illustrative examples represent only one cultural context of Finland.
The communication hijacking triad serves as a starting point for identifying influence attempts and attacks that organizations face. Understanding the severity of communication hijacking will help lay the foundation for management and response strategies, and the paper introduces a few suggested countermeasures to communication hijacking. Further, it describes a unique framework for identifying what went wrong and how to categorize the loss of control over a message or a communication arena.
Introducing a new societal phenomenon of communication hijacking will help make sense of the dis- and misinformation-related influence attempts.
As one of the first attempts to clarify the emerging phenomenon in the field of communication management, the communication hijacking triad contributes a unique framework through which both academics and organizational leaders can detect the strength and type of increasingly common hostile communication takeovers.
Introduction
Strategic communication has become increasingly important for organizations in the volatile digital society, where both true and false claims circulate about organizations threatening their legitimacy (Falkheimer and Heide, 2022). In fact, false information has proven to spread faster (Vosoughi et al., 2018), and once put out there, corrections seldom have the same impact (Ecker et al., 2022). Many recent examples from practice have emerged where corporations have suddenly lost their legitimacy and even digital existence online. Among these are the 2021 Xinjiang cotton controversy in China that lead to erasing each Swedish H&M store from the digital maps and shopping platforms and ceasing all influencer recommendations in China (Soo and McDonald, 2021), to more recent 2025 Trump administration Executive Order on DEI programmes leading to cessation of diversity related initiatives and even many NGOs (Wong and Ma, 2025). Despite its critical importance, managing strategic communication in such cases remains a challenge, and the forms of dark strategic communication continue to evolve. In fact, the lines between strategic communication, persuasion strategies, and propaganda remain unclear (Falkheimer and Heide, 2022; Macnamara, 2022), and debate continues how strategic communication can be used for unethical and even malicious purposes.
When strategic communication is considered “dark”, it is often breaking ethical principles (Macnamara, 2022), most often the principle related to honesty and authenticity. Such unethical forms of strategic communication are used to purposefully deceive and mislead (Dulek and Campbell, 2015) and, thus, are harmful for society through their impact on polarizing citizen opinions, erosion of democratic participation and increasing citizen distrust (Ahmed et al., 2022). In fact, the World Economic Forum has for two consecutive years named disinformation and misinformation as the biggest short term threats to society and business (World Economic Forum, 2025). Additionally, dark strategic communication has been acknowledged in the context of information warfare (Taddeo, 2012).
Technological developments, such as artificial intelligence, have intensified the use of malign influence activities as more targeted messages and increasingly authentic-appearing fake content allow the misuse of strategic communication for dark purposes. In fact, some have suggested we have reached a new security threat level due to the development of synthetic media and their ability to persuade (Venema, 2023). Wardle (2019) writes of “an ecosystem of polluted information” that harms society, beyond the individuals and organizations targeted. Whereas fake identities and disinformation campaigns are nothing new in the field of public relations and strategic communication, what has changed is the ease with which such dark uses of strategic communication can be perpetrated (Toivanen et al., 2024).
Building on frameworks such as DISARM and DIDI, we propose that there is a new phenomenon emerging that is enabled by the ease of turning strategic communication in a dark direction. We call this new phenomenon communication hijacking (Hautala et al., 2025). Communication hijacking is seen as an extreme form of de-organization-centric stakeholder engagement, and it remains underdeveloped and even partly misunderstood. Often placed under the umbrella of crisis communication, the nuances of what exactly happens when communication is hijacked remain unexplored, despite this occurring with increasing frequency. Theoretically, it is rooted in issue arena theory (Vos et al., 2014), in which stakeholders lead communication about their own arenas and interests. Hijacked communication occurs when organizations lose control of either the arena or the message (Badham et al., 2024).
In the related field of marketing communication, hijacking has previously been addressed through brands and studied in the form of brandjacking. Brand hijacking, or brandjacking, is a non-collaborative form of co-creation (Siano et al., 2022b) that can occur via the illicit use of a brand name or identity elements (Siano et al., 2022a) or the abuse and misuse of trademarks and reputations (Wunder, 2009). Such a takeover of a brand can be either positive or negative (O’Sullivan, 2016), but it always includes co-opting by force or taking ownership of something not originally owned by the hijacker: “Brandjacking is typically associated with the disruption of a brand’s narrative and the appropriation of corporate identity by third parties” (Samoilenko and Langley, 2023, p. 222). This tactic represents an extreme form of negative engagement with brands (Lievonen et al., 2023) and may hinder intangible assets, such as brand trust (Chan-Olmsted and Qin, 2021) and even organizational legitimacy.
Though some forms of digital hijacking are well known in cybersecurity (e.g. ransomware), many novel forms of communication hijacking (e.g. deepfakes) remain misunderstood by strategic communication scholars and practitioners. Thus, they are generally grouped under vague concepts such as disinformation. Communication hijacking causes obvious consequences, such as reputational crisis, for organizations (Badham and Luoma-aho, 2023), and due to their speed, credibility, and scale, they may even destabilize society at large (Pamment et al., 2018). Johansson et al. write of hostile hijacking, in which through fake evidence or disinformation, situations of vulnerability, such as organizational crises, are used to maximize the damage dealt to an organization and society (Johansson et al., 2023).
This article places communication hijacking in the context of dark strategic communication. We are interested in examining communication hijacking as a phenomenon, as well as the organizational vulnerabilities contributing to it.
The research questions are the following:
What kind of phenomenon is communication hijacking?
Which conditions must be met for communication hijacking to occur?
This paper is organized as follows: first, we consider dark digital strategic communication. Second, we review previous categorization systems for influence attempts. Third, building on a review of the relevant literature, we propose a novel communication hijacking triad that explains the relationship between involuntariness, co-option, and use for a different purpose. This triad is verified through in-depth interviews with disinformation and digital strategic communication experts from Europe and North America, representing the latest knowledge about strategic communication, disinformation, hostile information environments, and information warfare. To test the triad in practice, we draw on three recent communication hijacking cases from Finland. To conclude, we summarize the implications of the communication hijacking triad for both theory about and the practice of dark strategic communication.
Dark strategic communication
At a general level, strategic communication can be defined as long-term, comprehensive and value-based communication, which supports the organization in formulating and achieving its objectives (Hallahan et al., 2007; Zerfass et al., 2018). This understanding of strategic communication also can be applied when defining or evaluating malicious uses of communication. In the formula of strategic communication, scholars Falkheimer and Heide argue that strategic communication consists of actors and influence, which together cause some effects. According to them, actors can be, e.g. authorities, politicians or even trolls, and influence is the means by which strategic communication is implemented, such as through information, attitude, or propaganda. The effects can vary from increased sales or trust to chaos and disorder, for example (Falkheimer and Heide, 2022, p. 6).
According to the formula created by Falkheimer and Heide, we argue that strategic communication is increasingly being used for dark purposes. As in strategic communication in general, the goal-oriented use of communication is central. In dark digital strategic communication, the goal is somehow malicious or harmful to the target, and various digital tools are used to achieve those goals. Additionally, and also based on the definition of digital corporate communication (Badham and Luoma-aho, 2023, p. 9), we define dark digital strategic communication as the “management of digital technologies, infrastructures and processes to harm communication with internal and external stakeholders and more broadly within society for the destruction of organizational tangible and intangible assets.” Dark strategic communication manages to damage not only the brand or organization targeted but also society at large by polluting the information environment and diminishing generalized trust throughout society (Toivanen et al., 2024; Wanless, 2025).
Given a changing digital media landscape (Badham et al., 2024), it is clear that there are several uncontrolled forms of communication. Memes and other humor-filled forms of recycled communication are often dark in nature, but the weaker the control over the arena and the message, the stronger the potential for hostile takeovers. The Digital Media Arenas (Badham et al., 2024) list communication hijacking as the most extreme form of communication, in which another party reuses organizational content, for better or worse, against the will of an organization.
There are certain times during which organizations become especially vulnerable to such attacks (Johansson et al., 2023). Sometimes, communication hijacking occurs in online brand communities among stakeholders, harming trust without the organization even knowing (Bowden et al., 2017). Poor crisis communication and inadequate control over the media or the message, such as neglecting cybersecurity or an executive’s silence during a crisis, are directly related to vulnerability to hijackings (Badham et al., 2024; Hansson et al., 2020; Johansson et al., 2023; Woon and Pang, 2017). Exploiting these vulnerabilities with a malicious mission can be understood as an extreme form of dark strategic communication. Hautala et al. (2025) propose that there are several levels at which organizations and communication are vulnerable to hijacking. Ranging from an individual responsible for the communication (persona) to individual communication identifiers (the campaign or a hashtag), hijacking can occur at the levels of news, brand, media, and even narratives (Hautala et al., 2025).
Categorizing strategic influence attempts
Disinformation has been previously categorized based on conditions of legitimacy or truthfulness (Pamment et al., 2018), and influence has been seen as a continuum from legitimate to illegitimate and even to extreme illegal influence. Within the DIDI framework, influence attempts are categorized and evaluated along four dimensions: Deceptiveness, Intention, Disruptiveness, and Interference (Pamment et al., 2018). The first dimension, deceptiveness, refers to (non)transparency: legitimate influence and its goals are transparent, while unacceptable influence is less so. The second dimension relates to intentions: in acceptable influence, the goals are benevolent and constructive, whereas the aim of unacceptable influence is to harm an organization or even cause its destruction. The third dimension refers to disruptiveness: acceptable influence does not disrupt the functioning of society unreasonably, unlike disruptive influence (Pamment et al., 2018). The fourth dimension, interference, refers to societal interests and impacts: having a malicious influence over another state’s elections is interference, as recently proven by Russian attempts to influence the US 2024 presidential elections (U.S. Department of Justice, 2024). By considering all these dimensions holistically and simultaneously, the acceptability and legitimacy of influence can be assessed.
Another emerging example of a system for categorizing and assessing information influence attempts that is used by journalists and disinformation researchers is the DISARM framework, which catalogs hundreds of mis- and disinformation tactics, technologies, and procedures (DISARM Foundation, 2024; Terp and Breuer, 2022). DISARM is based on the popular ATT&CK cybersecurity framework created by MITRE, which categorizes cyber threat models and tactics in a searchable knowledge base (MITRE, 2024). The DISARM framework allows researchers to systematize their observations of misinformation and disinformation tactics in a repeatable and reportable manner. DISARM has two frameworks: DISARM Red (offense) categorizes the chain of events an attacker may use to “plan, prepare, execute, and assess” a disinformation campaign (Booz Allen Hamilton, n.d.), whereas DISARM Blue (defense) categorizes countermeasures for these attacks.
The European Union and World Health Organization recently used DISARM-based analysis to create educational interventions and digital campaigns and thus address misinformation and disinformation about vaccines (Scholz, 2021). In 2023, the European Union and the United States adopted the DISARM framework as the “common methodology for identifying, analyzing and countering FIMI (foreign information manipulation and interference)” (EEAS, 2023). More recently, researchers have used DISARM to study disinformation associated with emerging concerns with Russian influence operations (Fruhwirth and Nazari, 2024) and the 2024 European elections (Nazari, 2024).
There are several similarities between the DISARM framework and communication hijacking. Currently, the DISARM Red framework shows promising cross-connections with the seven levels of communication hijacking described in Hautala et al. (2025). In Table 1, we identify the most relevant DISARM tactics and techniques that indicate that a hijacking is likely taking place. These tactics and techniques do not represent an exhaustive list of all the options available to an actor; instead, the list represents an early analysis of the activities most frequently observed in our preliminary studies. Tactics suggest “why” an actor is conducting a disinformation event, whereas techniques further refine “how” the actor is implementing the event to achieve their tactical goal (MITRE, 2024; Terp and Breuer, 2022). We also suggest potential tactics or techniques indicators that could lead an investigator to recognize one of the elements of hijacking. While the DISARM Blue framework explores countermeasures to disinformation attacks, including those related to communication hijacking, a deeper analysis of those countermeasures is beyond the scope of this paper.
Analysis of the impact of DISARM framework’s tactics and techniques on communication hijacking
| Communication hijacking level (Hautala et al., 2025) | Representative DISARM tactic or technique (DISARM Foundation, 2024) | Potential indicators |
|---|---|---|
| Persona | Impersonate Existing Entity (T0090) Create Inauthentic Accounts (T0099) Develop Image-Based Content (T0086) Defame (T0140.001) Suppress Opposition (T0124) | Create accounts that mimic legitimate users Create fake content designed to mislead readers or defame the Persona Flag content as “inappropriate,” leading to it being taken down without cause |
| Hashtag | Flood Existing Hashtag (T0049.002) Create Inauthentic Accounts (T0090) Post Violative Content to Provoke Takedown and Backlash (T0115.002) | Repost unrelated content with a trending hashtag Hashtag hijacking may attempt to defame a legitimate user or hashtag |
| Media | Purchase Targeted Advertisements (T0018) Deliver Content (TA09) Attract Traditional Media (T0117) Establish Assets (TA15) | Influence the media through large purchases of advertisements Purchasing/acquiring control of the organization |
| Narrative | Develop Inauthentic News Articles (T0085.003) Use Copypasta (T0084.002) Post Across Platform (T0119.002) Flooding the Information Space (T0049) | Manipulate the volume of available information Cross-post the same information simultaneously across many platforms |
| Brand | Develop Image-Based Content (T0086) Facilitate State Propaganda (T0002) “Boycott” or “Cancel” Opponents (T0048.001) Post Across Platform (T0119.002) | Manipulate a legitimate brand and image Capitalize on the success of a brand Defame a brand’s reputation using other hijacking layers or purposefully boycotting the brand |
| Newsjacking | Create Personals (T0097) Aggregate Information into Evidence Collages (T0085.004) Share Memes (T0115.001) Use Hashtags (T0104.005) | Capitalize on current trending news Draw attention away from serious events with memes Accelerate the spread of alternate versions of news event |
| Campaign | Create Inauthentic Accounts (T0090) Develop Document/Develop False or Altered Documents (T0085.002) Use Copypasta (T0084.001) | Link various hijacking layers in a deliberate campaign of deception and false information |
With these in mind, we turn to the literature review.
Methods
The research and model construction consisted of several stages combining various methods and insights: First, a thematic literature review was conducted regarding communication hijacking. Second, a snowball sample was taken to verify the literature review findings, and altogether, sixteen thematic interviews of leading global experts on disinformation and strategic communication were conducted. These expert interviews were conducted between June 2023 and October 2024, and they focused on the various aspects of communication hijacking discovered in the literature review and collected recent industry experiences regarding communication hijacking.
The interviews followed the ethical guidelines of Tutkimuseettinen neuvottelukunta (TENK), the Finnish research ethics council. The interviews were conducted by the first two authors both in person and online via Teams, and they took around 1 h each. The interviewees represented research and authority agencies and think tanks from Europe and North America (the interview questionnaire is attached in Appendix 1, as well as the table of interviewees in Appendix 2). As the goal of the interviews was to verify the emerging framework, the interviewees were first presented with the three conditions that emerged from the literature review. Second, they were asked to freely amend, change, or critique these. Third, they were asked to share global examples of communication hijacking or other forms of malicious information influence.
The interview data was analyzed following the steps of concept-driven qualitative content analysis introduced by Schreier (2012). In concept-driven qualitative content analysis, the coding frame is developed deductively, drawing on prior knowledge such as theoretical frameworks, previous research, everyday understanding, logical reasoning, or the structure of the interview guide. This approach involves determining relevant dimensions and subcategories before engaging with the data in depth, allowing the researcher to verify predefined concepts while remaining open to revising the coding frame if the data suggest additional, inductively derived categories (Schreier, 2012).
The steps were the following. First, the research question was defined to guide the study focus, and relevant interview material was selected for analysis. The coding frame was developed by the first author based on theoretical concepts related to communication hijacking, identified through the literature review, with the aim of verifying conditions of communication hijacking (involuntary, co-opted, against the original purpose). This coding frame formed the initial structure for categorizing the data and was pilot-tested on a subset of the material to identify necessary adjustments. Finally, the main analysis was conducted by applying the refined coding frame to the entire data set, enabling both deductive verification of theoretical assumptions and inductive incorporation of emergent insights. This approach ensured that the analysis was not limited solely to theoretical preconceptions but also reflected the unique content and nuances arising directly from the data (Schreier, 2012).
Based on these, a novel framework was constructed (the communication hijacking triad). Finally, the communication hijacking triad was tested using three illustrative examples that emerged from the interview data.
Results
RQ1: What kind of phenomenon is communication hijacking?
The literature provided several definitions that pointed to the idea of communication hijacking, though this exact term had not been used previously. The most useful definitions included mentions of a technique of malicious rhetoric and hostile information influence (Swedish Psychological Defence Agency, 2019), which refers to undesirable co-opting or misuse that contradicts the original purpose of a message, harming citizens and society. In fact, value can be co-destroyed in the same manner as it is co-created via the collaboration of hostile actors (Lumivalo et al., 2024). The literature on changing the purpose of messaging included material on stakeholder backlash (Christensen et al., 2020) in which stakeholders adopt a corporate message but interpret it as meaning something different from and, in fact, in opposition to its original purpose. In practice, communication hijacking involves taking ownership of communication elements, such as hashtags, accounts, or narratives, and co-opting and using them in a way that is somehow harmful from the perspective of the original owner.
Because hijacking serves to present alternative narratives and challenge prevailing ones (Jackson and Foucault Welles, 2015), the original owner’s message or narrative is hijacked when communication is taken over by unauthorized sources. What exactly is taken over, varies. Hautala et al. (2025) propose that what is taken over must consist of original content in the form of hashtags, persona, campaigns, news, media, brands, and narratives. Additionally, some levels feature specific sublevels, such as account and identity hijacking within the persona level, as well as internet domain names within the media level (Hautala et al., 2025). Hijacking can have clear and tangible forms, such as the unauthorized use of logos and websites, or it can occur within a vague timeframe and involve actors that are difficult to identify.
RQ2: Which conditions must be met for communication hijacking to occur?
The review yielded three recurring factors related to hostile takeovers of communication. These make up the three central factors in communication hijackings. We propose that communication is considered hijacked when these three conditions exist:
Communication is involuntary:
First, communication hijacking is defined as involuntary on the part of the organization (Carroll, 2016), meaning the target has not chosen to be hijacked or participate in the attack (e.g. ridiculing a campaign or stealing ownership of an account; Calabresi, 2010).
Communication is co-opted:
Second, communication hijacking requires an element of co-opting (Luoma-aho et al., 2018). This refers to building on what the organization has originally created (Johansson et al., 2023). Generally, some pre-existing communication content (e.g. a campaign or social media account) is taken over in a hostile way (Iglesias et al., 2020). Co-creation that is unintended may co-destroy organizational value (Lumivalo et al., 2024) or the reputation of the original owner behind it.
Communication is turned against its original purpose:
Third, communication hijacking requires turning communication against its original purpose (Caldeira and Machado, 2023; Truong et al., 2022) by taking control of it for unintended purposes. Consider, for example, activists protesting greenwashing and other types of corporate claims (Christensen et al., 2020).
Interviewee reflections on communication hijacking
Sixteen leading global experts on strategic communication and malign influence were interviewed in depth regarding these three emerging conditions for communication hijacking. The results of the interviews were applied to the development of the framework. No new factors arose from the interviews, and all three prior factors were confirmed and recommended for inclusion in the framework. Appendix 3 summarizes the results of the qualitative analysis related to the hijacking factors emerging from the interview data. Three case examples emerging from the interview data are analyzed in more detail as illustrative examples, and further interviewee discussions on the hijacking criteria are summarized in Table 2 below.
Illustrative examples of communication hijacking
| Communication hijacking factors | HybridCOE launch takeover | The People’s 5 tips for tackling COVID | Let’s save the children of Finland |
|---|---|---|---|
| Involuntary | Declined by the Prime Minister’s Office, “Eurooppalainen hybridiosaamiskeskus” was attempted: a fake center with a similar name was established “When the fake association created its Twitter account, [a person representing Finnish authorities] participated in the discussion on Twitter and reminded the audience that this is not the official center’s account.” (Interviewee 2) | Without consulting the authorities, fake messages were sent directly to citizens, and social media influencers were encouraged to participate “Authorities’ were intentionally misinterpreted or used in a very purposefully manipulative way.” (Interviewee 2) | Without consulting the NGO, riding on the recognition and reputation of the original association, a similar name was utilized “Well, after the conversation on the name started in public, they ended up changing it.” (Interviewee 2) |
| Co-opting | The competing association mimicked the name and the visual identity of the official center on Twitter “When the Hybrid CoE was established, a visually identical website was created, as well as a Twitter account.” (Interviewee 11) | Mimicking the original campaign’s design and wording “It mimicked the visual design of the appearance of the Finnish Institute of Health and Welfare.” (Interviewee 2) | The name of the campaign, Pelastetaan lapset, was very close to the name of the well-known organization Pelastakaa lapset “They clearly aimed to ride on the name of a traditional organization.” (Interviewee 2) |
| Against the original purpose | The fake association shared pro-Kremlin content on Twitter, portraying Russia as a friend “When there was the official signing event for the Hybrid CoE, this fake association organized a competing event. They had a Kremlin-friendly speaker at their event.” (Interviewee 2) | The campaign questioned the original campaign’s guidelines and shared instructions that directly contradict them “Then came this ‘People’s 5 tips’ campaign, where the original message was turned 180°.” (Interviewee 2) | The messages of the campaign, including disinformation and misleading content, were mistaken for those from the account of the original association. “The website was also really close to ‘Save the Children,’ so it got confusing. -- And they were critical of vaccines.” (Interviewee 2) |
Utilization and modification of an existing communicative element were emphasized, although determining ownership remains challenging at times.
There’s something concrete that’s being taken over because hijacking is a metaphor. It means taking something that belongs to someone else or and taking it over. -- I wonder whether you really can hijack a campaign in that way. Or a narrative, because no one really owns a narrative as such, it’s a bit more complicated. You can take someone’s hashtag. And you can start putting other content into that. That’s really concrete. -- And you can probably do that with the logos of a brand. (Interviewee 4)
Is this actor considered to have hijacked the message if they use existing material and create a new message from it, essentially remixing it? In my view, this is also a conceptual question. The ownership of the interpretation is immediately lost once the message is disseminated. (Interviewee 10)
You have ownership over your own brand and certain materials. However, you cannot think that you own your messages, as the information environment is so diverse. Everything can be used for various purposes. Song lyrics can be owned, or poems have copyright, but when it comes to a collection of stories – who owns that? [On the other hand], they can certainly be hijacked, and narratives are precisely a means to influence people in a hostile manner. (Interviewee 11)
As the managerial or reputational perspective was emphasized in some of the interviews, the interviewees also addressed vulnerabilities that make communication susceptible to hijacking, as well as methods for preventing communication hijacking or mitigating its serious consequences. The interviews emphasized not only general factors related to preventing the spread of disinformation and misinformation, such as overall societal trust, fact-checking, and media literacy, but also communicative preparedness, debunking, knowledge and analysis of the information environment, as well as a recognizable communicative tone and adequate resources.
If nonsense starts spreading in the name of an organization, the better people know that organization, the more likely they are to question whether it could be true. The more familiar the communication practices, culture, and style are, the more likely it is that someone will realize that this message may not actually be from the organization. (Interviewee 2)
Reputation can partially protect against hijacking. However, it must be linked to reality; it cannot be entirely fake. One cannot build their communication on illusions; it must reflect reality. One’s actions must be as open and transparent as possible, goal-oriented, and well-planned. Additionally, those involved must understand the information environment in which they operate. Communication and leadership go hand in hand; communication is not an independent entity that operates in isolation. (Interviewee 11)
However, even though no new factors arose from the interviews, the definition and the factors were also discussed and criticized. Some comments and critiques focused on whether a definition of communication hijacking is even necessary and on the importance of the organizational or managerial perspective in the definition.
Well, if it’s a business aspect (communication hijacking), then it’s protecting reputation, right? So it’s understandable. Your crisis communications plan, I guess, or your emergency communications plan and you’re looking at vulnerabilities and potential scenarios. Then I would suggest that (communication hijacking). (Interviewee 7)
The communication hijacking triad
For the communication hijacking triad, these three concepts were confirmed to be central; involuntariness, co-opting, and turning content against its original purpose. The most severe form of hijacking constitutes a purposeful information operation, and the targeted organization loses control over its message or the media arena or both. There are also some areas in which these overlap, as in the case of involuntary and co-opting, which could be described as plagiarism; involuntary and against the original purpose, such as fake reviews; and co-opting and against the original purpose, such as memes. In practice, the lines are blurred, and the overlaps between the criteria may change dynamically and evolve over time. Figure 1 illustrates the communication hijacking triad.
The diagram consists of three overlapping circles, labeled “INVOLUNTARY” in the top left, “CO-OPTING” in the top right, and “AGAINST THE ORIGINAL PURPOSE” in the bottom center. The overlap between “INVOLUNTARY” and “CO-OPTING” contains the term “Plagiarism.” The overlap between “CO-OPTING” and “AGAINST THE ORIGINAL PURPOSE” contains the term “Memes.” The overlap between “INVOLUNTARY” and “AGAINST THE ORIGINAL PURPOSE” contains the term “Fake reviews.” The central area where all three circles overlap is labeled “Communication Hijacking.” The non-overlapping regions in “INVOLUNTARY,” “CO-OPTING,” and “AGAINST THE ORIGINAL PURPOSE” contain the terms “Info leaks,” “Co-creation,” and “Washing,” respectively.The communication hijacking triad. Authors’ own illustration
The diagram consists of three overlapping circles, labeled “INVOLUNTARY” in the top left, “CO-OPTING” in the top right, and “AGAINST THE ORIGINAL PURPOSE” in the bottom center. The overlap between “INVOLUNTARY” and “CO-OPTING” contains the term “Plagiarism.” The overlap between “CO-OPTING” and “AGAINST THE ORIGINAL PURPOSE” contains the term “Memes.” The overlap between “INVOLUNTARY” and “AGAINST THE ORIGINAL PURPOSE” contains the term “Fake reviews.” The central area where all three circles overlap is labeled “Communication Hijacking.” The non-overlapping regions in “INVOLUNTARY,” “CO-OPTING,” and “AGAINST THE ORIGINAL PURPOSE” contain the terms “Info leaks,” “Co-creation,” and “Washing,” respectively.The communication hijacking triad. Authors’ own illustration
As seen in Figure 1, an Information leak refers to the dissemination of confidential information to outsiders without the permission of the original owner (Calabresi, 2010). If the information is not disseminated as such but is, rather, somehow co-opted and the purpose of dissemination somehow contradicts the original purpose, leaked information can be considered hijacked.
Co-creation is a social and collaborative process through which an organization aims to develop product or service innovations through interactions and relationships with customers (Iglesias et al., 2020). From a communication perspective, co-creation refers to the joint construction of meaning through dialogue between an organization and its publics, rather than a one-way transmission of messages from the organization. In this view, publics are the main force of strategic communication (Botan, 2021), which can, from the organizational perspective, result not only in positive outcomes but also lead to value co-destruction (Lumivalo et al., 2024). This dual potential is especially evident in character assassination, where co-creation is employed not to support organizational reputation and goals, but to challenge them (Samoilenko, 2021). When co-creation is not collaborative but, rather, involuntary and contradicts the original purpose set by the organization, the brand’s value can be considered hijacked (Siano et al., 2022a).
Washing (e.g. greenwashing) refers to a misleading presentation or communication that is intended to influence public opinion (Oxford English Dictionary, n.d.) while often simultaneously diverting attention from this goal. Because washing frequently occurs in societal or environmental contexts, there is typically no existing communicative element or owner from whose perspective the situation can be seen as involuntary or co-opted and, thus, hijacked.
Plagiarism occurs when an individual uses someone else’s ideas or words and presents them as if they were one’s own (Oniang’o, 2023). Typically, the purpose is to benefit from the original owner’s reputation or position by co-opting it without permission. When the purpose is, in addition to pursuing one’s own interests, to damage the original owner, this can be seen as a case of communication hijacking.
As fake reviews can cause significant damage to companies, affect consumer decision-making processes (Shukla and Goh, 2024), and work against an organization’s purposes, they are undesirable and involuntary from the organization’s perspective. However, they are not typically co-optive and, thus, cannot be considered true communication hijacking. If the review is built on some existing communicative element or fraudulently posted in the name of an existing person, for example, it may be considered communication hijacking. For example, digital identity verification can be used to prevent fake reviews from becoming a form of communication hijacking.
Originally, memes were defined as messages that were “loaded” on various vehicles, which could be images, artifacts, rituals, or images passed on to another person or platform (Dawkins, 1976). In today’s digital information environment, memes can be, for example, humorous responses to viral photos. Memes have a capacity to significantly contribute to the framing of news events and political attitudes and behaviors (Ross and Rivers, 2017). In cases in which a meme is based on the image of a political decision-maker and causes them significant reputational harm, the meme can be considered a communication hijacking operation occurring at a persona level. However, memes that are not fundamentally based on anyone’s ownership or personal communicative elements are not, in and of themselves, communication hijacking operations.
Logic of the communication hijacking triad
Communication hijacking is typically used in malicious information influence attempts with an aim to deceive and manipulate others (Xia et al., 2019). However, not all hijackings are absolutely negative, depending on the mission and the perspective of the parties involved (Hautala et al., 2025). For instance, a hijacked campaign direction can sometimes be a positive change in message arena control. For example, McDonald’s customer engagement campaign of “I’m Loving It” was hijacked for different purposes than originally intended, but discussion of it kept the organization on the media agenda. Similarly, not all hijackings are malicious and can be done accidently or just for fun, with a limited tactical goal (e.g. advancing a funny internet meme) rather than as part of a malicious strategic information operation. However, even accidental or just for fun hijacking can be unethical or illegal, as the ethics of communication also requires an evaluation of the chosen methods and actions (Chiru and Buluc, 2023).
Consequently, hijacking can be viewed as both a positive or negative phenomenon, with this being entirely dependent on the perspective of the parties involved (Hautala et al., 2025). In practice, communication hijacking can create conditions that threaten an organization’s operations, competitive advantage, capacity to manage the distribution of its messages, and ability to manage its intangible assets, such as by rehabilitating a ruined reputation. Such victimization may even qualify as a criminal offense in cases involving identity theft, the unauthorized use of trademarks, or the illegal exploitation of intellectual property (Hautala et al., 2025).
Communication hijacking is distinct from other information influence operations, which can also be malicious or intentional. The following three examples illustrate the concept of communication hijacking and how it differs from other communication operations. To test the communication hijacking triad in practice, three recent cases from Finland were selected due to their societal impact, the dynamic nature of the unfolding events, and the broad media coverage received. We present these cases more in detail below and determine in which situations the communication hijacking conditions could be verified. This framework allows for an examination of the factors that lead to an organization being hijacked, along with the methods available to recover from the hijack.
Illustrative examples from Finland
Case 1: hybrid CoE launch takeover
The European Center of Excellence for Countering Hybrid Threats (Hybrid CoE) was founded in Helsinki in 2017. Its membership is open to EU and NATO member states. The primary goal of the center is to raise awareness about hybrid threats and the ways to counter them. In fall 2016, an association called “Eurooppalainen hybridiosaamiskeskus” (the European Center of Hybrid Expertise) was registered in the association registry of Finland. The Finnish Patent and Registration Office responded to the registration of the office and asked for a statement from the Prime Minister’s Office, which was responsible for establishing the official center. According to Finnish law, the name of a registered association cannot be misleading, so the association could not be registered under that name. However, an association under the name of Euroopan riippumaton hybridiuhkien tutkimuskeskus yhdistys ry (European Independent Research Center for Hybrid Threats) was established, with a well-known pro-Russian Finn being among the founders. Also, a Twitter account mimicking the verbal and visual identity of the official center appeared, sharing anti-Semitic and pro-Putin content.
The founding document of the real Hybrid CoE was signed in Helsinki on April 11, 2017. On the same day, the competing association organized a seminar in Helsinki, with the keynote speaker of the seminar being the Russian Aleksandr Dugin. This caused confusion, especially because the center had not yet achieved significant public recognition and could not yet protect its reputation (Halminen, 2017). All necessary conditions for communication hijacking were met at the most severe level: the hijacking was involuntary and malign (it was intended to de-legitimize the organization from the start and influence Finns and NATO member countries), and the victim organization’s message was co-opted (it utilized the same words in the imposter organization’s name, turning them against the original organization’s purpose).
Case 2: “The People’s Five Tips to tackle COVID”
As part of the multi-agency Finland Forward campaign, which was created at the beginning of COVID-19 pandemic, the Prime Minister’s Office (VNK) and the Finnish Institute for Health and Welfare (THL) launched a campaign entitled “Five tips to tackle COVID-19” in November 2020. The campaign was intended to remind people about measures to prevent the spread of COVID-19 infection. The campaign was featured on various platforms and represented by well-known people. The five key reminders of the campaign were as follows:
If you have symptoms, get tested for COVID-19, and then, stay home.
Keep a safe distance of 1–2 meters from others.
Wash your hands and cover your mouth with your sleeve when you cough.
Wear a face mask whenever you can’t keep a safe distance from others.
Download the Koronavilkku mobile app.
Soon after the campaign was launched, a fake version of the campaign began to spread, particularly on social media, under the title Kansan viisi valttia (The People’s Five Tips). The fake campaign mimicked the original campaign’s design, logos, hashtags, and wording, presumably aiming to cause confusion and undermine the original campaign’s content while capitalizing on its visibility. Additionally, printed campaign materials were distributed. Each of the fake campaign’s tips, such as the encouragement to eat healthily and exercise outdoors, was not inherently in conflict with general health recommendations. The tips of the fake campaign were as follows:
Breathe deeply and freely. There is no clinically proven benefit to masks. Also, remember that an obligation or recommendation does not mean compulsion. There is no mask mandate.
Eat fresh, healthy food. Favor domestic, clean ingredients. Especially during the dark winter season, ensure your vitamins and minerals are balanced.
Drink more clean water, vegetable juices, and herbal teas than usual.
Exercise every day, preferably in the peace of nature. Stretch and explore your surroundings.
Smile and focus on happiness. Avoid fear campaigns created by the media and decision-makers. Occasionally, disconnect from communication channels and focus your attention on positive things, such as gratitude.
When it comes to hijacking, all three criteria were fulfilled: the campaign was involuntary (no authorities were consulted), there was co-opting (utilizing the wording and visual image of the original campaign in a severely misleading way), and the message was turned against its original purpose (e.g. stating that there was no benefit to wearing a mask). However, as the impact of this hijacking was limited to some parts of Finland and online, its impact remained smaller than that of the Hybrid CoE case.
Case 3: “Let’s Save the Children of Finland”
Pelastakaa lapset ry (Save the Children) is a Finnish association, founded in 1922, with a mission of promoting the children’s rights, both in Finland and globally. The association is a part of the international Save the Children umbrella organization. During the COVID-19 pandemic, some Finnish healthcare professionals who had come to oppose vaccinations began a campaign called Pelastetaan lapset (Let’s Save the Children), with the aim of preventing COVID-19 vaccinations for children and young people (Harju and Nyroos, 2021). On social media and their own websites, the campaign shared disinformation and other misleading content. As the name Pelastetaan lapset is very close to Pelastakaa lapset, the campaign created significant confusion. The people behind the campaign denied their intention to benefit from the name of the well-known organization. After much public debate, the campaign changed its name to Pelastetaan Suomen lapset (Let’s Save the Children of Finland). The new name was soon updated on social media and websites (Harju and Nyroos, 2021). Regarding communication hijacking, all three criteria were met: it was involuntary (e.g. not officially sanctioned by the Save the Children foundation), involved co-opting (utilizing a similar name), and turned the message against its original purpose, as Save the Children promotes vaccines for children’s health.
Discussion
Organizations will likely have even less control over their messages and media arenas in the future digital environment, as false information continues to be a global challenge (World Economic Forum, 2025). In fact, there will be an increasing number of factors predisposing actors toward the use of disinformation and misinformation and exposing communication to hijacking at all levels. These vulnerabilities include both human factors, such as the cognitive biases of the human mind (Pamment et al., 2018; Nurkka et al., 2025), and non-human factors, such as cyber issues and technological innovations. Artificial intelligence can significantly impact influence operations, as generating manipulated content at scale and creating fake accounts becomes easier, thus posing challenges for organizations on digital platforms (Fredheim and Pamment, 2024).
As the digital information environment becomes increasingly competitive, countering strategic communication hijacking is becoming an important task for communication and public relations professionals (Luoma-aho et al., 2023). Understanding the severity of the communication hijacking provides a basis for developing effective management and response strategies that would resonate with the publics (Ecker et al., 2022). This is particularly important as emerging technologies such as AI (Karinshak and Jin, 2023) impact influence operations.
Organizations, especially public authorities, must monitor and analyze the information environment to ensure an up-to-date situational picture. Previous frameworks can serve as a starting point for such analyses (e.g. the DIDI model aids in monitoring the information environment and assessing the legitimacy of various operations). In addition to analysis of the information environment (Wanless, 2025), organizations should prepare for various information operations with planning and guidelines and rehearse various scenarios in advance to be ready to act if a hostile operation occurs. For example, the emergent DISARM Blue framework provides tactics and techniques that communicators can use to counter some hijacking events.
Susceptibility to hijacking can originate from various factors, such as ineffective crisis communication (Woon and Pang, 2017); inadequate control over messaging or the media environment (Badham et al., 2024), including cybersecurity lapses; and the absence of strong and accessible leadership during crises (Hansson et al., 2020; Johansson et al., 2023). When an organization recognizes its vulnerabilities, it becomes easier to defend itself against adversaries, making it more difficult for a hostile actor to exploit those vulnerabilities through hostile information operations. To mitigate the risks associated with hijacking and its severe consequences, organizations should take proactive measures to address these challenges effectively and assess their vulnerabilities to information influence activities.
The three factors of the communication hijacking triad serve as a vulnerability map of the digital realm in which organizations operate, broadening our understanding of the dark side of strategic communication. Understanding the various factors in communication hijacking may help organizations recognize malicious communication hijacking operations and prepare accordingly both to prevent them and respond to them, including the following initial countermeasures. Here the suggested factors once more discussed:
Involuntariness: A distinct and consistent communicative tone is essential, and it is equally important that the organization clearly communicates its values and objectives. Debunking disinformation and misinformation and providing accurate information when necessary is needed, despite the minor role that such debunks have proven to play in reality (Ecker et al., 2022). Additionally, crisis communication strategies should be employed when communication is hijacked, alongside active engagement in communication efforts.
Co-opting: The use of a recognizable brand identity, including distinguishable logos, fonts, and other visual elements, along with potential patents and trademarks, is crucial. Proactivity in managing domains and social media accounts further supports the protection of the brand and its intellectual property. But perhaps most importantly, a defence emerges from intangible assets (Luoma-aho and Canel, 2020): creating a strong enough corporate character and providing a distinct brand experience for the stakeholders and customers that they recognize when some suggested activity is off-brand or unlikely to be true.
Against the original purpose: Maintaining consistency in communication and all organizational activities is critical, with an emphasis on debunking false information when necessary. Proactivity, transparency, and openness are key to ensuring that the organization’s goals and values are clearly communicated, thereby minimizing the risk of misleading consumers or citizens. Here again the corporate purpose is central: ensuring that stakeholders understand what the organization does and stands for in good times will help carry through the more turbulent times.
In general, the most effective interventions are those that reduce one or more elements in the hijacking triad. This means that communicators seeking to counter communication hijacking will need to focus on techniques to regain physical or virtual control of a co-opted message, campaign, or platform; revert a message or campaign back to its original purpose; or seek to reduce the involuntary impacts of the hijacking.
Conclusion
As communication hijacking represents an extreme form of stakeholder relations that departs from an organization-centered approach, often being used by hostile and malicious actors as a tactic of dark strategic communication, the vulnerabilities which enable hijacking, and the methods used to prevent them are important to recognize. The communication hijacking triad provides a distinctive framework that enables scholars and organizational leaders to identify the nature and intensity of increasingly prevalent hostile communication takeovers in all areas of business, organizations and government. The triad consists of three dimensions (involuntariness, co-opting and turning communication against the original purpose). This framework facilitates the identification of the phenomenon as distinct from other information operations and enables an analysis of the elements that contribute to being hijacked, along with the strategies available for recovering from a hijack situation. Diminishing or counteracting communication hijackings and their severe consequences requires a new level of strategic thinking for communication management, the full investigation of which should be undertaken by future studies on the topic.
This study had several limitations, which must be acknowledged. First, the choice of keywords for the review of the literature was limited to only those regarding hijacking-related events and could have missed important contributions regarding the same phenomenon discussed under different topics and concepts. Second, only sixteen expert interviews were conducted, representing the opinions and perspectives of mostly Western democratic countries. This was mitigated slightly by their backgrounds and experience in other regions, especially those on the offense regarding macro-level information operations. Third, the illustrative case examples were collected only within one cultural context of Finland, in which media literacy scores and persuasion knowledge are quite high based on a global scale.
Future studies should test the communication hijacking triad in other cultural settings, as well as analyzing case severeness and impacts across countries. Furthermore, as AI develops, future studies could focus on helping organizations detect manipulated content, such as hijacked communication. Future studies should also focus more precisely on the kinds of damage caused to organizational intangible assets such as trust, reputation and legitimacy, as well as the potential recovery routes. We call for future studies to address how hijacking will evolve, how organizations and brands can better prepare for hijackings, and whether inoculation or strategic preparations would be able to mitigate communication hijackings.
The authors utilized generative AI to improve the clarity and language of the text. Following this, they thoroughly reviewed and revised the content to ensure its accuracy, taking full responsibility for the final published version.
Appendix 1
Interview questions for experts
Insights from a systematic literature review on communication hijacking
Do you identify any additional levels that extend beyond those recognized in the review?
Do you agree with the working definition of “communication hijacking”?
Case example of communication hijacking
Can you describe the case in detail?
Who was responsible for the hijacking?
Who was targeted?
Vulnerabilities enabling communication hijacking
In the case you described, what vulnerabilities enabled the hijacking?
In a broader context, what are the vulnerabilities that typically enable communication hijacking?
Prevention of communication hijacking
What preventive measures could have been taken to prevent the hijacking in the case you mentioned?
More generally, what strategies or practices do you recommend for preventing communication hijacking?
Mitigating consequences and responding to communication hijacking
At both the individual and societal levels, what could be done to minimize the impact of communication hijacking?
At the organizational level, what strategies can help manage or mitigate the consequences of a hijacking?
Source: Authors’ own work.
Appendix 2
Table of interviewees
| Interviewee | Date | Country | Professional category |
|---|---|---|---|
| 1 | 6/2023 | Canada | Public sector |
| 2 | 10/2023 | Finland | Public sector |
| 3 | 11/2023 | Denmark | Academic |
| 4 | 11/2023 | Sweden | Academic |
| 5 | 11/2023 | Finland | Public sector |
| 6 | 11/2023 | Italy | Academic |
| 7 | 11/2023 | Great Britain | Academic |
| 8 | 12/2023 | Latvia | Practitioner |
| 9 | 12/2023 | Latvia | Practitioner |
| 10 | 1/2024 | Finland | Practitioner |
| 11 | 1/2024 | Finland | Public Sector |
| 12 | 4/2024 | Finland | Public Sector |
| 13 | 4/2024 | USA | Practitioner |
| 14 | 4/2024 | USA | Practitioner |
| 15 | 9/2024 | USA | Academic |
| 16 | 10/2024 | USA | Academic |
