Typosquatting Websites Proliferate in Run-up to US Elections

  /     /     /  
Publicated : 23/11/2024   Category : security


Typosquatting Websites Proliferate in Run-up to US Elections


People who mistype the URL for their political candidate or partys website could end up on an opposing party or candidates website, Digital Shadows research shows.



Another sign that the Internet has become the newest venue for political battles is the sheer number of websites that have sprung up that appear designed to confuse or take advantage of people following the 2020 US Presidential elections.
Researchers from Digital Shadows recently looked at how many domains they could find that appear to be targeting users who accidentally mistype the website address for a US political candidate or an election-related domain (for example berniesander.com instead of berniesanders.com).
They wanted to find out where exactly on the Internet individuals who made such typos would end up and discovered over 550 phony websites for the 19 Democratic and 4 Republican candidates and 11 other election-related domains as of Sept. 20, 2019.
About one quarter of the domains (24%) appeared harmless and simply parked with no content. Another 8% appeared to be the result of the URLs not being correctly configured when initially created: many of these sites hosted nothing but an index page.
The remaining 68% of typosquatting sites, however, actively redirected people to entirely new sites - some of which could eventually end up being used for nefarious purposes. For example, Digital Shadows found that an individual who inadvertently typed elizibethwarren.com would get redirected to a donaldjtrump.com page. Similarly, someone entering donaldtrump.digital would instead end up on hillaryclinton.com.
Users wanting to donate to specific Republican candidates by going to the WinRed site get redirected to the ActBlue fundraising site for Democrats if they accidentally submit winrde.com instead of winred.com. Digital Shadows researchers found similar redirects for sites associated with several other candidates including Tulsi Gabbard, Bernie Sanders, and Joe Biden.
Six of the typosquatting domains studied by Digital Shadows redirected users to various secure browsing and file converter Google Chrome extensions. While none of the extensions appeared overtly malicious, the permissions they required appeared unreasonably high, Digital Shadows said in a report this week that summarized its research. Three of the extensions had access to cookies in the users browser.
Without calling out one candidate or one party over another for these typosquats, its clear that the political battles are not taking place just on the debate stage or in the media but expanding to the cyber realm, as well, the security vendor
said
.
Harrison Van Riper, strategy and research analyst at Digital Shadows, says the typosquatting sites to which users are being directed dont appear malicious like the ones scammers typically use to host malware or to directly spoof a legitimate site. Additionally, though, redirection can also be used to initiate a drive-by download or a watering hole attack. There is no sign of such activity on the election-related sites so far, he says.
So its challenging to determine precisely how harmful they are, Van Riper notes. Its hard to quantify the negative impact any one specific candidate could receive from typosquats like this though it could potentially be measured in dollars lost from fundraising, or from frustrating voters trying to get more information about a candidate.
Digital Shadows research uncovered 66 domains with political-sounding names hosted on a single IP address by an entity with an address in Panama. The domains were all registered in the last 40 days and include those with names like cleareconomy.info; brinkofrecession.com; kamalaharriss.info; and polociprotest.info. Among the domains is one called dailytravelposh.com that previously hosted typosquatting pages for several technology companies.
All 66 domains presently contain no content, but it is possible that they will begin hosting typosquatted content sometime in the future, Digital Shadows said.
Related Content:
Iranian Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come
Election Security Isnt as Bad as People Think
Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says
8 Steps Toward Safer Elections
 
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for 
more information
 and, to register, 
here
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Typosquatting Websites Proliferate in Run-up to US Elections