Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Hundreds of Fake Election Domains Target Democrats, Republicans

Threat intelligence company Digital Shadows has uncovered over 550 fake domains attempting to mimic websites related to the 2020 presidential election in the United States.

The company’s researchers identified typosquatted domains targeting Democratic and Republican candidates, along with funding sites of the Republican Party.

Threat intelligence company Digital Shadows has uncovered over 550 fake domains attempting to mimic websites related to the 2020 presidential election in the United States.

The company’s researchers identified typosquatted domains targeting Democratic and Republican candidates, along with funding sites of the Republican Party.

Roughly one-third of the typosquatted domains are either non-malicious, which means they host no content or content that only makes fun of a candidate, or they are misconfigured or unauthorized websites, which includes improperly configured sites that only host an index page and unofficial domains that may have been set up by fans of a candidate.

The rest, however, representing 68%, redirect visitors to other sites, in many cases ones belonging to the competition. For example, the winrde.com domain, which may be accessed by users who want to go to the Republican donation website WinRed.com, redirects users to ActBlue, the primary fundraising website of the Democrats.

The domains tulsi2020.co and elizibethwarren.com — the legitimate domains are tulsi2020.com for Tulsi Gabbard and elizabethwarren.com for Elizabeth Warren, both Democratic candidates — redirect visitors to marianne2020.com and donaldjtrump.com, the campaign websites of Democratic candidate Marianne Williamson and Republican candidate Donald Trump.

Fake election domains

Six of the fake election domains have been found to redirect visitors to websites offering file conversion and secure browsing Chrome extensions. Some of these tools can allow attackers to hijack users’ browser sessions.

In one case, researchers uncovered an IP address hosting over 60 fake domains, including a dozen related to candidates or political topics. All of the domains were registered to an address in Panama, with other information hidden by the WhoisGuard privacy protection service.

“Setting up a fake domain is easy with virtually no checks from the organization selling the address. It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It’s a problem we see every day,” said Harrison Van Riper, research analyst at Digital Shadows.

Advertisement. Scroll to continue reading.

“An unintentional consequence of GDPR since the regulation’s enactment last May has been the removal of domain registration details from the official records making it very hard to tell who or what organization stands behind a specific domain,” Van Riper added.

Data from June 2018 to June 2019 indicates that brand protection providers have had only 4% to 14% of Whois reveal requests actioned successfully. GDPR has generally been a great initiative, but in terms of domain impersonation, it’s had unintended consequences that aid criminals and other actors that are out to cause confusion and harm,” he explained.

Related: 2020 U.S. Presidential Candidates Vulnerable to Email Attacks

Related: New Service Hunts Malicious Domain Names

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.