Digital Shadows has identified 225 new, potentially malicious, typosquats related to the upcoming US presidential elections. Based on the major party tickets, Digital Shadows identified three classes of typosquats - misconfigured or illegitimate sites, non-malicious sites, and sites that redirect to another – associated with election-specific keywords like Trump, Pence, Biden, and Harris, among others.   

In October 2019, Digital Shadows released a similar report revealing over 550 typosquats for the 34 different candidates at the time. While it marks an absolute decrease from the previous sample, the newest typosquats discovered by Digital Shadows have increased relative to the major party candidates by orders of magnitude.

Of these, non-malicious “parked domains” comprised 67% of the domains identified in the research while 21% of the domains hosted illegitimate or misconfigured sites and 12% were redirecting domains. 

Digital Shadows also found shady Chrome extensions: a typosquatted domain that redirected to a “secure browsing” Google Chrome extension - trump-donald[.]com. The domain eventually resolved to Donald Trump’s dedicated Wiki page. Occasionally, bad actors will lure users into downloading Chrome extensions, and they’re rarely legitimate. In June 2020, Google removed 106 Chrome extensions for collecting sensitive user data.

As we get close to the election, says Digital Shadows, "it’s highly likely that malicious actors will register and leverage election and voting websites to mislead users. We identified 47 potentially malicious domains that were either parked, redirected to a different website, or were illegitimate or misconfigured. For example, register2vote2020[.]com and register2vote2020[.]net, are not currently hosting content; however, the potential for these sites to gather sensitive voter details is something to consider, especially as we’re approaching the cutoff for 2020 voter registration. Another site, real2020poll[.]com, does not appear to be malicious in nature, but I think it’s safe to say that it’s probably not operated by a legitimate United States polling organization." 

For the full blog, please visit https://www.digitalshadows.com/blog-and-research/revisiting-typosquatting-and-the-2020-us-presidential-election/