Hundreds of fake domains have been set up against some of the presidential candidates through typosquatting, according to a report from digital risk company Digital Shadows.
Here’s a familiar scenario. You type the name of a website in your browser, but you accidentally misspell it. So instead of typing facebook.com, you type faceboo.com, or instead of typing twitter.com, you type twiter.com. In most cases, the mistake is harmless. You’ll either get an error that the site can’t be found, or the misspelled domain name will lead you to the correct one if the company has purchased and registered the incorrect name.
In other cases, however, that misspelled name could actually lead you to a site from a rival company or even to a malicious site. Now imagine that happening to your own organization’s website. A report released Wednesday by Digital Shadows describes the sneaky process of typosquatting (purchasing and redirecting a misspelled domain name), how it’s affecting websites for several presidential candidates, and how it can affect a company.
SEE: Phishing and spearphishing: An IT pro’s guide (free PDF) (TechRepublic)
In its research into typosquatting, Digital Shadows discovered more than 550 fake election domains set up against the 19 Democrats and four Republicans running for president as well as Republican Party funding sites. Among these counterfeit but registered Internet domain names, 68% redirect to another domain, often from a rival candidate. For example, the address Tulsi2020.co redirects to marianne2020.com. The address elizibethwarren.com redirects to donaldjtrump.com. The address winrde.com, a misspelling of WinRed.com, a platform to raise funds for Republican candidates, redirects to ActBlue, a fundraising site for the Democratic Party.
However, typosquatting can also lead a user to a malicious site. In its research, Digital Shadows found that six domains affecting Democratic Party candidates Joe Biden, Tulsi Gabbard, and Andrew Yang, as well as party funding pages, redirect to Google Chrome extensions for “file converter” or “secure browsing.” If downloaded and installed, these extensions can be used to infringe on voter privacy and potentially deploy malware, according to the report.
Out of the more than 550 typosquatted domains, 66 were hosted on the same IP address and possibly operated by the same person. As Digital Shadows points out, that shows how easy and fast it can be for someone to register multiple fake domains, a problem that’s likely to get worse the closer we get to the November 2020 Presidential election.
“Setting up a fake domain is easy with virtually no checks from the organization selling the address,” Harrison Van Riper, a research analyst at Digital Shadows, said in a press release. “It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It’s a problem we see every day.”
In its report, Digital Shadows provides words of advice both for voters and for organizations to protect themselves against typosquatting and fake domains.
For voters concerned about fraud:
- Ask someone about a suspicious site. If you think a political website looks suspicious, ask your spouse, a friend, or a colleague to check the site before you make a donation or sign up for a newsletter.
- Confirm the validity of a political website. Look at the candidate’s social media page or network. Often, candidates will post or highlight their official domain names on their social media accounts.
- Check out official donation information. If you want to donate to a certain campaign, seek out its official donation information first. Be wary of linked websites included in unsolicited emails as that’s a tactic used by malicious actors to deploy phishing pages.
For organizations concerned about their own websites:
- Buy domains that are similar to yours. Make sure to purchase them before others swoop in. Some obvious candidates are domains that are one or two letters off from your own domain.
- Use DNSTwister. Use a tool such as DNSTwister to generate a list of currently active domains. This information can track down domains that might already be impersonating your brand and help you come up with ideas for domain names to purchase.
- Monitor registration activity. Monitoring the registration activity of several domains can be challenging and time-consuming. But this is one of the best way to detect possible squatting activities. “Digital Shadows’ Practical Guide to Reducing Digital Risk contains several free tools and techniques which can be used to monitor for domain registration activity,” Van Riper told TechRepublic. “DNS Twist (or the web-based DNSTwister) is an excellent tool for generating domain permutations, along with checking them for registration and hosting activity. Similarly, Phishing Catcher looks specifically for domains that are hosting content on similar types of domains. These can be used to keep an eye on suspicious domains to see when MX records are added, or content starts being hosted.”