|
Even as the world continues to tackle the coronavirus pandemic, essential events just can’t be delayed. The U.S. presidential elections will continue to take place on 3 November 2020.
Although it is still months away, discussions are heating up. In parallel, as with other newsworthy events, dozens of election-related domain names are being detected.
We started detecting U.S. election-related domain names on 2 June. That day, primaries were also held in Washington, D.C., and seven states, namely, Indiana, Maryland, Montana, New Mexico, Pennsylvania, Rhode Island, and South Dakota.
We tracked election-related typosquatting domain names within the period 2—13 June, particularly those containing the following strings:
Within 12 days, we saw a total of 216 election-related domain names that appeared on the Domain Name System (DNS).
The chart above plots the number of domains that contain each string as well as the total. It shows that the number of election-related domain names peaked on the following dates:
Other election-related events that could shape domain registration are the Kentucky and New York primaries slated on 23 June. With the emerging trend, domain registrations can spike on or after that date. We saw the same thing happen with the coronavirus-themed domain names.
While the tally of “Biden” and “Trump” typosquatting domains seem close (73 and 87, respectively), the themes vary. “Biden” domain names, for instance, hint at who people may want to be his running mate. A few examples are:
Some domain names also hint at support for Biden coming from the Ukrainian-American community. We saw 24 domain names on that theme registered in just two days:
The WHOIS records of the Ukrainian-American domain names seemed to have the same registrant when ran through a bulk WHOIS lookup. All of them use the same privacy services, pointing to the address 96 Mowat Ave., Ontario, Canada.
On the other hand, typosquatting domain names that contain the string “trum” had slightly different themes. For one, only the Owen-Trump tandem seemed to be promoting a running mate, although they bear the 2024 and 2028 tags:
Some domain names also appeared to show support for Trump, such as:
Others also seemed to be against the incumbent president:
It’s a known fact that typosquatting domains can be used in nefarious activities such as phishing campaigns, scams, and malware attacks. So what kind of content could these domains possible host?
We can get a glimpse of the domains without having to visit the websites using a screenshot capture tool.
The Biden-inspired domain names that promote running mates, for example, are mostly parked, with some hosting ads.
The same is true for domain names that express support for Trump, although some pages promise to have contents soon.
Other screenshots show that most election-related domains follow the same patterns.They are either parked or under construction, save for a few that are already up and running.
The rise in election-related domain names reinforces the point that new registrations typically follow newsworthy events. While most of these domain may currently be parked or the object of speculative domain investments, they too could turn into phishing entities in the near future.
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign