Spoofing sites targeting mail-in voting

As the national controversy around voting by mail continues to escalate, new data from Tessian found that many recently registered domains are spoofing sites related to mail-in voting. President Trump’s attacks against the US Postal Service have created nationwide uncertainty around the security and safety of voting during a pandemic – and where there is confusion, there are scammers.

These domain names, registered between July 2 and August 6, often have an associated action, touting information related to voting by mail (such as mymailinballot.com and mailinyourvote.com), and encourage users to request or track their ballot, which may prompt them to provide sensitive information that could be used maliciously (such as requestmailinballot.com and myballotracking.com). With the election looming, national discord will only continue to create a perfect storm for bad actors looking to prey on this uncertainty and questioning voters.

Further detail on Tessian’s analysis and advice can be found here

Key findings from Tessian’s analysis

  • Tessian discovered 75 domains tied to mail-in voting that have been registered between the ~1-month period of July 2 and August 6
  • Several domains that Tessian analyzed request customers to “Register” to vote. People should always be wary of requests like these that do not come from official channels. Never provide your personal info unless you trust the domain, which will typically have a .gov or .us address.
  • Other sites ask for donations and require credit card information. While these sites aren’t always malicious, people should use caution when asked to provide credit card details on unofficial sites.
  • Lastly, some sites touted the ability to vote online. This is not possible in the US, so users should be aware not to get tricked into thinking they voted online, when in fact it was just a fake website that may be using that voting data for malicious purposes.

Comments from Tessian:

“If there’s one cyber takeaway that we’ve learned from the pandemic, it’s that cybercriminals will seek out controversy and stick to it like glue. We saw this with scams around tax season, stimulus checks, the Paycheck Protection Program and now, voting by mail. Most recently, many Americans are scrambling for answers around how to vote and seeking out information online to get informed.

It comes as no surprise that bad actors are taking advantage of times of crises. This is not a new concept. But when the stakes are as high as a presidential election, and especially during a time of high levels of misinformation on the internet, we need to be aware of the ways we could be manipulated or duped. Although not every domain that Tessian discovered may be malicious, it’s possible that these websites that encourage users to mail in votes for a certain candidate (such as votebidenonline.com) or request information in order to request or track ballots, could be set up to trick people into sharing money or personal information.

Before taking action, always check the URL of the domain and verify the legitimacy of the service by calling them directly. It’s OK to look up answers to your questions on the internet – that’s what it’s there for! – but be skeptical and questioning of any domain or pop-up that requests personal information from you, especially as it relates to your voting preference or other personal information.” – Tim Sadler, CEO and co-founder of Tessian