According to a survey of 225 typosquatted domains registered using US election-related terms, about two-thirds of them were not malicious, "hosted" political propaganda or were in a parked state without to have content.
A report by threat intelligence Digital Shadows, explored these typosquatted domains, which are URLs that simulate legitimate websites. While the Digital Shadows report found that 67% of domains were not malicious, the researchers found that 21% of them were malformed or illegal sites. These include sites that were down, scams, products that were sold using candidate brands or products that are supposedly related to the official campaign.
In addition, the remaining domains, ie about 12%, redirected users to other sites. Most were official candidate and campaign sites, while the domains most likely came from the campaigns themselves, as a form of protection. According to the researchers, however, not all redirects were "malicious", and they also found typosquatted domains redirecting to sites that attack the candidate whose name was misused. For example, the trump-is-bad-for-us [.] com and biden [.] exposed.
This report is a follow-up to a similar survey conducted in October 2019, which examined typosquatted domains for 34 terms related to the US election, as well as candidates, finding a total of 550 sites.
However, as this year’s US presidential election approaches, Digital Shadows reiterated its earlier report and explored only terms such as Trump, Pence, Biden, Kamala, Kamala Harris, voting, election and poll.
While the new 2020 report found that 2/3 of the sites were not malicious, Digital Shadows argues that this should not be taken for granted, as it could easily change as the day of reckoning approaches. elections.
According to Digital Shadows, most of the non-malicious sites it identified were parked domains, which could potentially act as a "false sense" security“. In addition, if a parked domain has MX (Mail eXchange) record, could be used in a Phishing campaign.
Also, even if the sites identified as "non-malicious" did not host scams or malware, this does not mean that they were not malicious in the spectrum of electoral interference, with many of them containing negative to even catastrophic for the candidates propaganda, for both sides of the election. This is something that the US Department of Homeland Security (DHS) warned about last month, in a bulletin sent to officials in the country.