There are currently 550 fake domains set up against the 19 Democrats and four Republicans presidential candidates, as well as Republican Party funding sites, according to "Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground" report, released by Digital Shadows.
The report explores the issue of counterfeit Internet domains registered and how these sites have the potential to sow confusion and spread misinformation among U.S. voters.
"The motivations of those setting up these sites are mixed," says the report. More than 68 percent redirect to another domain, often a rival candidate. For example, voters typing in wrong URL addresses such as Tulsi2020.co or elizibethwarren.com are redirected to marianne2020.com or donaldjtrump.com, respectively.
"Redirects also affect party funding pages," says the report. For example, ‘winrde.com,' a typo of WinRed.com, a funding platform developed mainly to raise funds for Republican candidates, redirects to ActBlue, the primary fundraising site for the Democratic Party.
The report found that eight percent of the domain squats discovered have potentially more nefarious purposes. Six domains affecting Democratic Party candidates Joe Biden, Tulsi Gabbard, and Andrew Yang, as well as party funding pages, redirect to “file converter” or “secure browsing” Google Chrome extensions. "These extensions can be used to infringe on voter privacy and host potentially dangerous malware if downloaded," says the report.
In total, 66 of the 550+ domains were being hosted on the same IP address, registered under the privacy protection service WhoisGuard, Inc. and potentially operated by the same individual. This finding demonstrates "how quick and easy it is to register multiple fake domains and how this issue is likely to worsen as party primaries and the national presidential election in November 2020 near," says the report.
Harrison Van Riper, research analyst at Digital Shadows commented, “Setting up a fake domain is easy with virtually no checks from the organization selling the address. It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It’s a problem we see every day. An unintentional consequence of GDPR since the regulation’s enactment last May has been the removal of domain registration details from the official records making it very hard to tell who or what organization stands behind a specific domain.”
Van Riper continued, “Data from June 2018 to June 2019 indicates that brand protection providers have had only four percent to 14 percent of Whois reveal requests actioned successfully. GDPR has generally been a great initiative, but in terms of domain impersonation, it's had the unintended consequences that aid criminals and other actors that are out to cause confusion and harm.”
