As if the 2020 US Presidential Election wasn't going to be stressful enough, the FBI has announced that someone has started registering look-alike websites that copy the content of state and federal voter information sites, with the intention of collecting personal data.
Phishing scams have become an integral, albeit frustrating aspect of life online for a while now. Whether it's through email scams, service ploys, or just plain stupidity, hackers have nefariously devised hundreds of different ways to get you to input your personal information for their personal gain.
Now, with the frenzy of the 2020 US Presidential Election looming, hackers are taking advantage as much as they can by going after your personal information on these copycat election websites, and they're just convincing enough to work.
FBI Warns of Look-Alike Election Websites
According to a Department of Homeland Security (DHS) bulletin, acquired by Yahoo News, the FBI has identified register domains that appear to be typosquatting election websites, a practice that sees common websites being purposefully misspelled to ideally catch unsuspecting users on nefarious websites. The bulletin stated that:
“The FBI between March and June 2020 identified suspicious typosquatting of U.S. state and federal election domains, according to recent FBI reporting from a collaborative source.”
The problem is made infinitely worse by the fact that many of these election sites are simple “.com” or “.org” domains, rather than “.gov” domains, which allows for pretty much anyone to create a look-alike domain that can pass for normal.
So what exactly are these websites for?
What is the Purpose of These websites?
To make matters worse, the FBI and DHS are both unsure about the intentions of these websites. No nefarious activity — outside of the typosquatting, which is rarely done benevolently — has been detected, but the DHS was quick to assure everyone that they can be used for a wide range of problematic behavior.
“These suspicious typosquatting domains may be used for advertising, credential harvesting, and other malicious purposes, such as phishing and influence operations,” says the DHS bulletin.
To say these websites don't have the potential to cause some serious problems would be a bit naïve. For one, the potential malware and phishing implications are enough to raise a red flag. Just last year, a similar scam arose, with typosquatting domains popping up with misspelled Democratic candidate websites spreading malware.
Outside of the obvious security threats, these websites could also be politically motivated as well, providing incorrect information to potential voters in hopes of swaying the election. And with the political landscape of the US in enough trouble as it is, this could add a lot more gas to the fire.
How to Protect Yourself Online
As for how to protect yourself from these likely nefarious websites, the FBI and DHS had some piece of evergreen advice for spotting scams online: be vigilant.
“Users should pay close attention to the spelling of web addresses or websites that look trustworthy but may be close imitations of legitimate U.S. election websites.”
Truthfully, that's the best advice you can receive when it comes to avoiding scams, as many of them are pretty easy to spot if you're paying attention. However, there is a wide range of options for keeping yourself safe online. From password managers that protect your accounts to VPNs that keep your browsing private, all you need to do is invest a bit of money to avoid the many problems that arise from compromised cybersecurity.