Election 2020 – Fake Election Websites: Five Tips So You Don’t Get Fooled

Election 2020 – Fake Election Websites: Five Tips So You Don’t Get Fooled

When you spot a .GOV web domain tacked onto the end of a U.S. election website, that’s a strong sign you can turn to it for trustworthy election information. However, the overwhelming majority of local county election websites fail to use the .GOV domain.

Recent research by McAfee found that more than 80% of the 3,089 county election administration websites in the U.S. don’t use a .GOV domain.  The concern behind that stat is this: the lack of .GOV domain usage could allow bad actors to create fake election websites—which could in turn spread disinformation about the election and potentially hamper your ability to cast a valid ballot.

Moreover, nearly 45% of those 3,089 sites fail to use HTTPS encryption, a security measure which can further prevent bad actors from re-directing voters to fake websites that can misinform them and potentially steal their personal information.

And it appears that a number of fake sites have cropped up already.

Let’s take a closer look at what’s happening and what you can do to protect your vote.

Why .GOV domains matter

Not anyone can get a .GOV domain. It requires buyers to submit evidence to the U.S. government that they represent a legitimate government entity, such as a local, county, or state election administrative body. Thus, .GOV sites are quite difficult to fake.

Compare that to elections site that use publicly available domains like .COM, .ORG, and .US. A bad actor could easily create fake election sites by purchasing a URL with a similar or slightly mis-typed name to the legitimate election site—a practice known as typosquatting—and use it spread false information.

A rise in fake election sites?

Typosquatted election sites are more than a theory. Just this August, it was reported that the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) issued a warning bulletin to election officials that stated, ““The FBI between March and June 2020 identified suspicious typosquatting of U.S. state and federal election domains, according to recent FBI reporting from a collaborative source.”

And just last week, the Feds issued another warning about the risk of fake websites exploiting the lack of .GOV in the names of election websites.

What makes this approach of mimicry and typosquatting so attractive to bad actors? Rather than clear the much more difficult hurdle of meddling with ballots and other vote-tabulating infrastructure, bad actors can take the relatively easier route of faking websites that pass along incorrect voter information, all in an effort to keep people from casting a valid vote in the first place.

Protect your vote

While we have no direct control over the use of the .GOV domain and HTTPS encryption by our local election sites, there are still steps we can take to protect our vote. Here’s what you can do:

1. Stay informed. Check that the site you’re visiting is a .GOV website and that HTTPS security protection is in place to ensure your security. If your local site is one of the many that does not use one, the other, or both, contact your local officials to confirm any election instructions you receive. gov provides an excellent resource for this as does the U.S. Election Assistance Commission.
2. Look out for suspicious emails. Scrutinize all election-related emails you receive. An attacker could use time-tested phishing techniques to misinform you with emails that can sometimes look strikingly legitimate. Check this blog for tips on how to spot such phishing attacks.

2. Trust official voting literature. The U.S. Postal Service is the primary channel state and local governments use to send out voting information. Look to those printed materials for proper information. However, be sure to validate the polling information you find in them as well—such as with a visit this list of polling places by state compiled by Vote.org.
3. Steer clear of social media. It’s quite easy for bad actors to spread bad information by setting up phony social media groups or profiles. For more on spotting fake news in your social media feed and election misinformation, check out my recent blogs on those topics.
4. Protect yourself and your devices. Using strong security software that protects your computers, tablets, and smartphones will help prevent phishing attacks, block links to suspicious sites, and help protect your privacy and identity. Also, disable pop-ups in your browser. Together, these will offer a line of defense against attempts to steer you toward a phony election site.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Election 2020 – Fake Election Websites: Five Tips So You Don’t Get Fooled appeared first on McAfee Blogs.

Election 2020 – Keep Misinformation from Undermining the Vote

Election 2020 – Keep Misinformation from Undermining the Vote

On September 22^nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the potential threat from foreign actors and cybercriminals attempting to spread false information. Their joint public service announcement makes a direct statement regarding how this could affect our election:

“Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions.”

Their call to action is clear—critically evaluate the content you consume and to seek out reliable and verified information from trusted sources, such as state and local election officials. Not just leading up to Election Day, but during and after as well.

Here’s why: it’s estimated that roughly 75% of American voters will be eligible to vote by mail, potentially leading to some 80 million mail-in ballots being cast. That’s twice the number from the 2016 presidential election, which could prolong the normal certification process. Election results will likely take days, even weeks, to ensure every legally cast ballot is counted accurately so that the election results can ultimately get certified.

That extended stretch of time is where the concerns come in. Per the FBI and CISA:

“Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy.”

In short, bad actors may attempt to undermine people’s confidence in our election as the results come in.

Our moment to act as smart consumers, and sharers, of online news has never been more immediate.

Misinformation flies quicker, and farther, than the truth

Before we look at how we can combat the spread of false information this election, let’s see how it cascades across the internet.

It’s been found that false political news traveled deeper and more broadly, reached more people, and was more viral than any other category of false information, according to a Massachusetts Institute of Technology study on the spread of true and false news online, which was published by Science in 2018.

Why’s that so? In a word: people. According to the research findings,

“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”

Thus, bad actors pick their topics, pumps false information about them into social media channels, and then lets people spread it by way of shares, retweets, and the like—thanks to “novel” and click-baity headlines for content people may not even read or watch, let alone fact check.

Done on a large scale, false information thus can hit millions of feeds, which is what the FBI and CISA is warning us about.

Five ways you can combat the spread of false information this election

The FBI and CISA recommend the following:

1. Seek out information from trustworthy sources, such as state and local election officials; verify who produced the content; and consider their intent.
2. Verify through multiple reliable sources any reports about problems in voting or election results and consider searching for other reliable sources before sharing such information via social media or other avenues.
3. For information about final election results, rely on state and local government election officials.
4. Report potential election crimes—such as disinformation about the manner, time, or place of voting—to the FBI.
5. If appropriate, make use of in-platform tools offered by social media companies for reporting suspicious posts that appear to be spreading false or inconsistent information about election-related problems or results.

Stick to trustworthy sources

If there’s a common theme across our election blogs so far, it’s trustworthiness.

Knowing which sources are deserving of our trust and being able to spot the ones that are not takes effort—such as fact-checking from reputable sources like FactCheck.org, the Associated Press, and Reuters or researching the publisher of the content in question to review their credentials. Yet that effort it worthwhile, even necessary today. The resources listed in my recent blogs can help:

• Don’t Let COVID-19 Misinformation Suppress Your Vote provides online resources that can help you vote safely in a time of social distancing, mail-in balloting, and absentee votes.
• Five Tips to Secure a Mail-In Ballot That Counts gives you a rundown of trusted information sources that can help you cast and send a mail-in ballot.
• Spot Fake News and Misinformation in Your Social Media Feed covers exactly that—and offers several straightforward ways you can fact-check the stories you come across.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Election 2020 – Keep Misinformation from Undermining the Vote appeared first on McAfee Blogs.