With the US Presidential Elections less than a month away, a leading cybersecurity firm decided to look into its last year’s report on typo squatters looking to target next month’s elections.
Typo squatters are a group of cybercriminals that often target popular websites or keywords and register an incorrectly spelled domain name. Typosquatting is also known as URL hijacking, where the cybercriminals intend to attract visitors to their products, services, scams or even malware.
The cybersecurity firm decided to relook its last year’s report after the Department of Homeland Security released a bulletin in August that warned the Internet users of malicious domains about the US elections. The cybersecurity firm used the Shadow Search technique for identifying such malicious domains comprising of words like- Trump, Pence, Biden, Kamala Harris, to name a few.
The results of Shadow Search were quite shocking as the firm identified 225 such similar domains being related to candidates or elections.
Fake Domain Research Findings
The cybersecurity firm is still not able to find out who had set up such election-related websites. The method of domain squatting is becoming popular between the cyber-threat actors and enthusiast voters.
The firm’s researchers have decided to segregate the various forms of detected typo squats into three major categories. These categories include- misconfigured/illegitimate sites, non-malicious sites and redirects.
- Misconfigured sites represent the typo squats that were not rightly configured and hosted nothing besides an index page
- Non-malicious sites comprise a major portion of the sites identified by the cybersecurity firm. These sites also didn’t have content hosted on them
- Redirected sites refer to those typo squats that redirects a user to another website
Results of Fake Domain Findings (in 2020)
Nearly 21% of the sites identified by the firm were recognized as illegitimate or misconfigured sites. The firm found that most of the domains for these misconfigured sites were associated with DNS errors. Other sites weren’t malicious; however, these websites could still create a dent in the candidate’s campaign and reputation.
The cybersecurity firm found that nearly 2/3rd (67%) percent of 225 websites on Presidential candidates or election were identified as non-malicious sites. These websites don’t host anything; however, this can dynamically change without any pre-warnings. It is important to note that a parked domain with a Mail exchange record can also launch phishing attacks. Some of these malicious domains contained harmful contents about the Presidential candidates and “associated dangers.”
The redirected sites accounted for 12% of the total data analyzed by the cybersecurity firm. Some of these sites indeed got redirected to legitimate sites, while some were redirected to sites with contrasting content with respect to the candidates. The reason behind such redirects can be identified as most of the website owners decided to go for a similar domain name to stop others from using them to misguide visitors.
Some Researched Domains
The following table contains some of the domains that the cybersecurity firm identified in 2019-
Word of Advice for Online Voters
Any internet user must follow the following pieces of advice to remain secure from malicious and typo squatted sites-
- For the regular Internet users or even voters, it can prove to be quite difficult to identify the difference between a legitimate webpage and a ‘well-trapped’ phishing page. If you feel that a website looks phishy or illegitimate, it is always better to take a peer opinion on the same. Sometimes these pieces of advice can help you from landing on malicious and fake websites.
- With the Presidential elections, not even a month, it is advised that you check the legitimacy of a page by looking at the candidates’ social media networks. Usually, candidates tend to share their official domains in their biography section. It is advised that you don’t visit websites present contained inside malicious emails. Feeding such links in the mails has emerged as a common method for introducing phishing webpages.
This Election Season, beware of such malicious and typo squatted domains. If you’re looking for a trusted domain registrar for your business site, reach out to Team bodHOST today.