A Note On Elections And Voting Websites

As we get closer to the election, it’s highly likely that malicious actors will register and leverage election and voting websites to mislead users. We identified 47 potentially malicious domains that were either parked, redirected to a different website, or were illegitimate or misconfigured. For example, register2vote2020[.]com and register2vote2020[.]net, are not currently hosting content; however, the potential for these sites to gather sensitive voter details is something to consider, especially as we’re approaching the cutoff for 2020 voter registration. 

Another site, real2020poll[.]com, does not appear to be malicious in nature, but I think it’s safe to say that it’s probably not operated by a legitimate United States polling organization. 

In times where disinformation, manipulation, and shady websites are at an all-time high, users must remain vigilant. Are you sure that the website you’re visiting is legitimate? Do you really need to download that Chrome extension? Are your sensitive details being submitted to a legitimate database? These are all things to seriously consider while surfing the web. 

To keep yourself safe, we recommend that you corroborate the website’s legitimacy by looking at the candidate’s social media networks. Typically, candidates will share their official domains in their biography sections or highlighted within their feed―if you’re looking to donate to one of the campaigns, try looking there first for information. We don’t recommend visiting linked websites sent via unsolicited emails, as this is a common tactic of threat actors employing phishing pages.

From an organizational point of view, here are our recommendations on avoiding possible brand impersonation or damage:

1. Buy Domains Similar To Yours. For practitioners, if we look at typosquats in a timeline, one of the initial things you can do is buy domains that appear to be similar to yours. Obvious options would be domains that are one or two letters off from your legitimate domains. Using a tool like DNSTwister, you can generate a list of currently active domains that could already be impersonating your brand or give ideas for where to start purchasing domains.
2. Monitor Domain Registration Activity. You should also start monitoring registration activity. This is hard enough for one domain, but if you have several it may be a bit unmanageable. At that stage we would suggest getting help; part of our core service at Digital Shadows is monitoring for domain impersonations and providing a variety of alerts: when a new typosquatted domain is available to register, when someone has added an MX record that is required to send emails (read: PHISHING emails), when a domain is actively hosting impersonating content, and more.

To learn more about typosquat and phishing protection, check out the Phishing Protection resources center page.

RESEARCHED DOMAINS