Skip to main content

Typosquatters target US Presidential election

(Image credit: Pexels)

As the US 2020 election approaches, political campaigns and scammers are trying to capitalize on voters that misspell a candidate's name by taking them to fake and sometimes even malicious sites according to a new report from the cybersecurity firm Digital Shadows.

Typosquatters often target popular sites or keywords and register misspelled domain names in an effort to bring visitors to their own products, scams or even malware.

Researchers from Digital Shadows analyzed over 550 typosquats for the 34 candidates participating in the US 2020 primaries as well as other election-related domains to compile their new report. The firm broke down the typosquats they discovered by placing them into three categories; misconfigured or illegitimate sites, non-malicious and redirects.

Strategy and research analyst at Digital Shadows, Harrison Van Riper explained that not every typosquat the firm investigated led to something interesting, saying:

"Altogether, we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquatted domain was simply parked and not hosting content. Still, there were some worthwhile areas to dig into deeper." 

Typosquats

Misconfigured or illegitimate typosquat domains are ones that have not been properly configured and instead show directory indexes or HTML error messages.

Non-malicious typosquat domains on the other hand, are not designed to hurt visitors but rather the brand of the political candidate or party. At the same time though, the firm also found non-malicious typosquats that were actually helpful and informed users that they were actually at the wrong domain.

Redirects were found to be the most common type of typosquat and these sites redirect visitors to scam sites, fake Chrome or Firefox browser extensions, fake program updates used to install malware or tech support scams. According to Digital Shadows, 68 percent of redirects bring visitors to sites which promote malicious browser extensions or other unwanted content.

The firm also found it difficult to determine who owns these typosquatting domains due to changes in the WHOIS system following the introduction of GDPR.

To protect against typosquatting domains, Digital Shadow recommends that brands and public figures register similar domains to their actual site, even misspelled ones, before others have a chance to do so. Organizations should also monitor domain registrars for domains that are similar to their own brands. As for voters trying to find out more information on candidates, Digital Shadow suggests that they find the candidate's social media profile first and then use it to find their official website.

Via Bleeping Computer