Typo traps promote rival candidates

Domain squatting targeting election candidates and funding pages is expanding ahead of next year’s US presidential election.

With just over a year to go until US voters hit the ballot box, threat intel firm Digital Shadows has uncovered more than 550 fake election web domains.

These bogus locales mimic 19 Democratic and four Republican presidential candidates, as well as Republican Party funding sites.

Counterfeit Internet domains might easily be used to spread misinformation among US voters, as well as offering an avenue, in at least some cases, of more conventional fraud.

Rival redirects

The motivations behind the bogus sites appear to be mixed, according to a study by Digital Shadows, released today (October 16).

More than two thirds (68%) of the sample simply redirected to another domain – often that of a rival candidate.

For example, voters typing in wrong URL addresses such as ‘Tulsi2020.co’ or the deliberately misspelled ‘elizibethwarren.com’ are redirected to ‘marianne2020.com’ and ‘donaldjtrump.com’, respectively.


RELATED Domain names and DNS are being ‘weaponized’ to spread political propaganda


Redirects are also targeting party funding pages. For example, ‘winrde.com’ – a typo of ‘WinRed.com’, a funding platform established to solicit donations for Republican candidates – redirects to ‘ActBlue’, the primary fundraising site for the Democratic Party.

Around one in 12 (8%) of the domains uncovered by Digital Shadows are even more mendacious.

Six domains referencing Democratic Party candidates Joe Biden, Tulsi Gabbard, and Andrew Yang, as well as party funding pages, redirect to ‘file converter’ or ‘secure browsing’ Google Chrome extensions.

“These extensions can be used to infringe on voter privacy and host potentially dangerous malware if downloaded,” Digital Shadows warns.

Cloaking device

In total, 66 of the 550 plus domains were being hosted on the same IP address, registered under the privacy protection service WhoisGuard, Inc. and quite possibly under the control of the same group or individual.

This type of scam is facilitated by the fact that it’s becoming quicker and cheaper to register multiple fake domains, Digital Shadows warns.

Harrison Van Riper, research analyst at Digital Shadows, commented: “Setting up a fake domain is easy with virtually no checks from the organization selling the address. It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It’s a problem we see every day.

“An unintentional consequence of GDPR since the regulation’s enactment last May has been the removal of domain registration details from the official records making it very hard to tell who or what organization stands behind a specific domain,” he added.

Digital Shadows is offering advice on how to tell the difference between a well-crafted phishing page from the real deal, as well as tips for organizations on the more general problem of counterfeit domains, in a blog post.

The whole issue of fake domains and election is only likely to worsen as party primaries and the national presidential election in November 2020 approaches.

Digital Shadows study comes just weeks after researchers at Cisco Umbrella warned that domain names and DNS are being ‘weaponized’ to spread political propaganda ahead of the 2020 US presidential election.


YOU MIGHT ALSO LIKE Six arrested in connection with $27m typosquatting scam