Research by Digital Shadows has discovered over 550 fake domains set up against the 19 Democrat and four Republican presidential candidates.
The motivations behind setting up the sites are varied, with over 68% simply redirecting the user to another domain which tends to be that of a rival candidate. For example, voters may type in the wrong URL addresses such as “elizibethwarren.com” and be redirected to “donaldjtrump.com”.
Party funding pages are also being affected by the redirects, for example if someone mistypes “WinRed.com”, a site developed to raise funds for the Republican candidates, they are automatically redirected to ActBlue, the fundraising site for the Democratic Party.
Worryingly, 8% of the domain squats discovered redirected users to “secure browsing” or “file converter” Google Chrome extensions – to which can be utilised to infringe on voter privacy and host potentially dangerous malware if downloaded.
It remains unknown as to who is responsible for the redirects, however Harrison Van Riper, research analyst at Digital Shadows claimed that it “could be hackers with a sense of humor”, or even an individual who doesn’t want their opposition to succeed.
Of the 550 domains, 66 were hosted by the same IP address, WhoisGuard, Inc., a privacy protection service, since October 3rd 2019. This shows how easy it is to register fake domains, and how this method will likely be used more often as party primaries and the presidential election in November 2020 comes near.
Riper added: “Setting up a fake domain is easy with virtually no checks from the organization selling the address. It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud.
“It’s a problem we see every day that has got harder to combat since GDPR was enacted in May last year. The regulations have removed details of the person registering domains from the official records making it very hard to tell who or what organization stands behind a specific domain.”
Viper continued to add that between June 2018 and June 2019, data indicates that “brand protection providers have had only 4% to 14% of Whois reveal requests actioned successfully. GDPR has generally been a great initiative, but in terms of domain impersonation, it’s had the unintended consequences that aid criminals and other actors that are out to cause confusion and harm.”
The post #Privacy: More than 550 fake election web domains identified appeared first on PrivSec Report.