With the US 2020 election quickly approaching, the cybersecurity firm Digital Shadows has decided to revisit its report from last year on typoquatters targeting the US Presidential election.
Typosquatters often target popular sites or keywords and register misspelled domain names in an effort to bring visitors to their own products, scams or even malware.
Digital Shadows decided to revisit its blog post from last year after the Department of Homeland Security released a bulletin in August warning internet users of potentially malicious domains related to the US election. The firm used Shadow Search to identify domains that included the words Trump, Pence, Biden, Kamala or Kamala Harris, vote, elect and poll within their WHOIS data.
After collecting this data, Digital Shadows identified the likelihood of domains being candidate or election-related and ended up with 225 potentially malicious domains which is half of the sample it found last October.
Fake domain campaigns
While Digital Shadows is unable to confirm who is setting up these election-related websites, domain squatting has become popular among both threat actors and zealous voters. The firm’s researchers decided to classify the different types of typosquats it detected into three distinct categories: misconfigured or illegitimate sites, non-malicious and redirect.
Misconfigured or illegitimate sites represent typosquats that were not correctly configured, aren’t hosting anything but an index page and likely are not legitimate but look like they could be. Non-malicious sites was the largest category Digital Shadows detected and these sites were also not hosting content while redirect sites are typoquats that redirect a user to a different website.
Digital Shadows found that 67 percent of the 225 sites related to presidential candidates or the election were non-malicious. While these sites aren’t hosting anything now, this can change in an instant and without warning. At the same time, if a parked domain has a Mail eXchange record, it could potentially be used to launch phishing attacks. Some of these non-malicious sites did host content including biden2020[.]com which displayed anti-Biden content and informed voters about “the dangers of voting for Biden”.
Of the sites it found, 21 percent were illegitimate or misconfigured sites. While many of the domains Digital Shadows identified were associated with DNS errors, others seemed to be hosting sites that weren’t malicious in nature but could be detrimental to a candidate’s campaign and reputation.
Redirecting domains accounted for 12 percent of the firm’s sample data during this round of analysis. While some domains appeared to be used to redirect to legitimate sites, others redirected to content disagreeing with candidates. The reason for so many redirects is that many site owners choose to buy similar domains so that others can’t use them to mislead visitors or impersonate their brand.
Staying safe online this election season
To protect against typosquatting domains, Digital Shadow recommends that brands and public figures register similar domains to their actual site, even misspelled ones, before others have a chance to do so. Organizations should also monitor domain registrars for domains that are similar to their own brands. As for voters trying to find out more information on candidates, Digital Shadow suggests that they find the candidate’s social media profile first and then use it to find their official website.