- Scammers take advantage of VOTE411.org popularity by producing a scam website tricking users with false information.
- Visitors of the .COM variant are redirected to malicious websites on both desktop and mobile platforms.
With the election season in full force, online scammers are trying to make quick money by fooling voters via a fake site that’s a variation of the VOTE411.org page that’s being highly promoted during this time.
The midterms elections in the United States are highly important and, given the experience of the 2016 elections where misinformation campaigns ran rampant and hackers had their way with some voting stations in the US, it’s that much more important for people to be vigilant. And yet, that’s not necessarily what’s happening. Just recently, John Oliver promoted the VOTE411.org website during his show, which pushed a lot of people to visit the site. VOTE411.org features a lot of information about the election that people should be aware of, like where polling places are, how to build a voting ballot, and more.
Well, with all the attention that’s been given to the site, scammers have taken advantage of the situation. With many people not giving proper attention to the fact that the domain is (dot)ORG instead of (dot)COM, cybercriminals are fooling people by redirecting them to unsafe sites.
An Election Scam
The situation was signaled by Amanda Rousseau from Endgame, who discovered the VOTE411 scam and started to track the redirects she was getting from the .com variant of the site. On iOS, she got an alert that said her phone had been infected with the Pegasus spyware and was offered a phone number to call. Usually, once this happens, the ‘technical support’ tries to trick the victim into paying for fake services or providing important personal data, which is a common hacking technique.
From Vote411.com, people get redirected to three more sites, taking visitors on a real trip. We tried it out on Windows first over at TechNadu and got a 502 Bad Gateway response. We tried it out on a second computer that wasn’t in the US, and we got congratulated for being selected as the potential winner of top-of-the-line smartphones and tablets. A third time, we were asked to go through a security check and then got redirected to a sketchy Chrome extension.
When we tried it out on Android, we got redirected to what clearly isn’t the right site, but no scam pop up appeared. It seems this thing is completely randomized and where people end up is just about (bad) luck.
Who’s to Blame for This Situation?
We were very close to pointing the blame finger to those who registered the vote411.org site for not bothering to buy the .com domain too, in order to avoid the whole situation. Whois.net, however, shows that the .COM domain was first created back in 1999 and the contract was updated on June 11, 2018, although it has probably changed hands a few times. The vote411.org domain was registered back in 2005 and launched in 2006, by the League of Women Voters. The domain name is a reference to the association between 411 and information. 4-1-1 is the telephone number for local directory assistance in the United States.
Chances are they probably registered .ORG since the .COM version was unavailable. Yet, perhaps a little more vigilance would have been best here and a different domain name registered to avoid the situation altogether, especially given the interest of scammers in taking advantage of such situations.
The phone number listed with the .COM site has an Arizona area code and has been linked to numerous online complaints about various scams. Plus, the number is also listed on a number of other phishing sites.
Remember to Stay Vigilant!
Ilia Kolochenko, CEO of Web security company High-Tech Bridge told us over email that it’s unlikely for this incident to have any political context, but it’s still a good example of how thousands of people can be misled without any sophisticated attack. “Human factor will probably remain among the biggest threats to elections and democracy over the next decade as it’s much more effective to “hack” voters’ minds than e-voting systems,” he added.
Throughout the entire voting season, however, scammers have had a field day. Just recently, Bitdefender Labs mentioned in a blog post that the popularity of fake domains was rising. More specifically, hackers are registering variations of valid website domains in order to hijack them and create lookalike websites with info that’s meant to trick visitors into clicking the wrong thing on a malicious site. That being said, the two situations are quite similar since this is basically a common domain variation taken advantage of.
So, much like Bitdefender advises, please make sure you have the spelling right for any site you visit, or just go ahead and google it to make sure. That applies to domain extensions too.