With such a large number of 2020 presidential hopefuls, political campaigns and scammers are capitalizing on searchers mistyping candidates’ names to send them to sites that they weren’t expecting. Typosquatting, also known as URL hijacking, is a form of cyberattack that targets internet users who incorrectly type a web address into their web browser (e.g. “Gooogle[.]com instead of Google[.]com). When users make a typographical error, they may be led to an alternative website owned by a cybercriminal that is typically designed for malicious purposes. With 23 presidential hopefuls, there are plenty of targets for these types of attacks and domain squatters have been busy. In a new report by the cybersecurity firm Digital Shadows, researchers analyzed over 550 typosquatting domain names for 34 candidates and election-related domains and put them into three categories: misconfigured or illegitimate sites, non-malicious, or redirects. Misconfigured or illegitimate typo squat domains are described as websites that have not been configured properly and show directory indexes or HTML error messages. Non-malicious typo squat domains are ones that are designed to not hurt the candidate or the political party. Redirects are the most common type of typosquatting. These sites will redirect a visitor to scam sites, unwanted browser extensions, fake program updates, tech support scams or the opponent’s legitimate site. Of the different types of typo squats, 68% are redirects that bring visitors to sites promoting malicious extensions or other unwanted content. It has become extremely difficult to track down the actual owner of the redirect sites due to privacy laws or fake email addresses used for registration.
Brands and public identities should register domains, including misspelled domains before criminals have a chance to do so. When looking for a specific candidate or company, searchers can use a popular search engine to search for the information instead of typing them directly. Binary Defense recommends that companies and public entities should monitor domain registrations that are similar to their brand. The Binary Defense Counterintelligence Team can scan for, and document sites that are attempting to typo squat the legitimate domain.