Digital Shadows Finds Over 550 Fake Election Web Domains
October 16, 2019
Domain squatting targets election candidates and funding pages – and GDPR makes it hard to pinpoint who’s to blame
London and San Francisco, October 16, 2019 – Digital Shadows, the leader in external threat intelligence, today reveals new research finding that there are currently 550 fake domains set up against the 19 Democrat and four Republican presidential candidates as well as Republican Party funding sites. Digital Shadows has been exploring the issue of counterfeit Internet domains registered as these sites have the potential to sow confusion and spread misinformation among US voters.
You can read the full research here: Typosquatting and the 2020 U.S. Presidential Election
The motivations of those setting up these sites are mixed. Over 68% redirect to another domain, including to rival candidates. For example, voters typing in wrong URL addresses such as Tulsi2020.com or elizibethwarren.com are redirected to marianne2020.com or donaldjtrump.com, respectively. Redirects also affect party funding pages. For example, ‘winrde.com,’ a typo of WinRed.com, a funding platform developed mainly to raise funds for Republican candidates, redirects to ActBlue, the primary fundraising site for the Democratic Party.
Worryingly, Digital Shadows discovered that 8% of the domain squats discovered have more nefarious purposes. Six domains affecting Democratic Party candidates Joe Biden, Tulsi Gabbard, and Andrew Yang, as well as party funding pages, redirect to “file converter” or “secure browsing” Google Chrome extensions. These extensions can be used to infringe on voter privacy and host potentially dangerous malware if downloaded.
In total, 66 of the 550 domains were hosted by the same IP address, under the privacy protection service WhoisGuard, Inc., since October 3rd, 2019. This finding demonstrates how quick and easy it is to register multiple fake domains and how this issue is likely to worsen as party primaries and the presidential election in November 2020 near.
Harrison Van Riper, research analyst at Digital Shadows commented: “Setting up a fake domain is easy with virtually no checks from the organization selling the address. It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It’s a problem we see every day that has got harder to combat since GDPR was enacted in May last year. The regulations have removed details of the person registering domains from the official records making it very hard to tell who or what organization stands behind a specific domain.”
Van Riper continued: “Data from June 2018 to June 2019 indicates that brand protection providers have had only 4% to 14% of Whois reveal requests actioned successfully. GDPR has generally been a great initiative, but in terms of domain impersonation, it’s had the unintended consequences that aid criminals and other actors that are out to cause confusion and harm.”
For voters and regular internet users, it can be challenging to tell the difference between a well-crafted phishing page from a legitimate one. Therefore, Digital Shadows advises the following actions:
- If you think a website looks suspicious, don’t be afraid to ask your spouse, friend, or coworker if something seems legitimate or not before you make a donation or sign up for a newsletter; a second set of eyes can be an easy way to spot telltale signs you may have missed!
- Validate the legitimacy of the page by looking at the candidate’s social media networks. Typically, candidates will share their official domains in their biography sections or highlight them within their feed.
- If you are looking to donate to one of the campaigns, look for their official donation information first. We don’t recommend visiting linked websites sent via unsolicited emails, as this is a common tactic used by threat actors employing phishing pages.
For organizations running legitimate websites, the advice is as follows:
- Buy domains that appear to be similar to yours before others do. Obvious options are domains that are 1 or 2 letters off from your legitimate domains.
- Use a tool like DNSTwister to generate a list of currently active domains that could already be impersonating your brand or ideas for domains to purchase.
- Monitor registration activity. While this is hard enough for one domain, and if you have several it could become unmanageable, it is one of the best ways to gain first-hand visibility into potential domain squatting activities
Review the Practical Guide to Digital Risk for further tips.
To see the full research findings, check out the blog post here: Typosquatting and the 2020 U.S. Presidential Election
ABOUT DIGITAL SHADOWS
Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more, visit www.digitalshadows.com.