Election 2020 – Fake Election Websites: Five Tips So You Don’t Get Fooled
When you spot a .GOV web domain tacked onto the end of a U.S. election website, that’s a strong sign you can turn to it for trustworthy election information. However, the overwhelming majority of local county election websites fail to use the .GOV domain.
Recent research by McAfee found that more than 80% of the 3,089 county election administration websites in the U.S. don’t use a .GOV domain. The concern behind that stat is this: the lack of .GOV domain usage could allow bad actors to create fake election websites—which could in turn spread disinformation about the election and potentially hamper your ability to cast a valid ballot.
Moreover, nearly 45% of those 3,089 sites fail to use HTTPS encryption, a security measure which can further prevent bad actors from re-directing voters to fake websites that can misinform them and potentially steal their personal information.
Let’s take a closer look at what’s happening and what you can do to protect your vote.
Why .GOV domains matter
Not anyone can get a .GOV domain. It requires buyers to submit evidence to the U.S. government that they represent a legitimate government entity, such as a local, county, or state election administrative body. Thus, .GOV sites are quite difficult to fake.
Compare that to elections site that use publicly available domains like .COM, .ORG, and .US. A bad actor could easily create fake election sites by purchasing a URL with a similar or slightly mis-typed name to the legitimate election site—a practice known as typosquatting—and use it spread false information.
A rise in fake election sites?
Typosquatted election sites are more than a theory. Just this August, it was reported that the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) issued a warning bulletin to election officials that stated, ““The FBI between March and June 2020 identified suspicious typosquatting of U.S. state and federal election domains, according to recent FBI reporting from a collaborative source.”
And just last week, the Feds issued another warning about the risk of fake websites exploiting the lack of .GOV in the names of election websites.
What makes this approach of mimicry and typosquatting so attractive to bad actors? Rather than clear the much more difficult hurdle of meddling with ballots and other vote-tabulating infrastructure, bad actors can take the relatively easier route of faking websites that pass along incorrect voter information, all in an effort to keep people from casting a valid vote in the first place.
Protect your vote
While we have no direct control over the use of the .GOV domain and HTTPS encryption by our local election sites, there are still steps we can take to protect our vote. Here’s what you can do:
- Stay informed. Check that the site you’re visiting is a .GOV website and that HTTPS security protection is in place to ensure your security. If your local site is one of the many that does not use one, the other, or both, contact your local officials to confirm any election instructions you receive. gov provides an excellent resource for this as does the U.S. Election Assistance Commission.
- Look out for suspicious emails. Scrutinize all election-related emails you receive. An attacker could use time-tested phishing techniques to misinform you with emails that can sometimes look strikingly legitimate. Check this blog for tips on how to spot such phishing attacks.
- Trust official voting literature. The U.S. Postal Service is the primary channel state and local governments use to send out voting information. Look to those printed materials for proper information. However, be sure to validate the polling information you find in them as well—such as with a visit this list of polling places by state compiled by Vote.org.
- Steer clear of social media. It’s quite easy for bad actors to spread bad information by setting up phony social media groups or profiles. For more on spotting fake news in your social media feed and election misinformation, check out my recent blogs on those topics.
- Protect yourself and your devices. Using strong security software that protects your computers, tablets, and smartphones will help prevent phishing attacks, block links to suspicious sites, and help protect your privacy and identity. Also, disable pop-ups in your browser. Together, these will offer a line of defense against attempts to steer you toward a phony election site.