x
URGENT MESSAGE: Log4j Zero-Day Vulnerability Response| Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Election Security Spotlight – Typosquatting

What it is

Typosquatting attempts to take advantage of typographical errors (i.e. “typos”) introduced by users when URLs are typed directly into the address bar. Similarly, malicious actors may seek to trick users taking a quick glance at a URL into opening a visually similar, yet malicious link. These visual similarities are accomplished through six techniques, which are used individually or in combination. Take for example our domain: cisecurity[.]org.

Omission – “csecurity[.]org” (first “i” omitted)
Addition – “cissecurity[.]org” (an “s” added)
Substitution – “cisecurlty[.]com” (last “i” and “.org” swapped for “l” and “.com”)
Transposition – “csiecurity[.]org” (first “i” switched places with “s”)
Hyphenation – “ci-security[.]org” (hyphen “-“ added between “i” and “s”)
Homoglyph – “cіsecurіtу[.]org” (Latin “y” homographed with  Cyrillic U “у”)

Note: In reports, cybersecurity firms often put brackets around the ‘dot’ on all URLs to avoid accidental clicks on what could be a malicious domain.

Why does it matter

A successfully typosquatted election domain could impact the public’s confidence in the U.S. electoral process. It is common for actors to use typosquatted domains to display custom images or text, conduct scams, capture sensitive data, or infect users with malware. Typosquatted domains may also be designed to mimic the original website. This tactic could be used to mislead voters or trick them into divulging personal information. Additionally, typosquatted domains may give users the impression that the legitimate domain is compromised.

Not all typosquatted domains are malicious. Prior to the 2016 election, the domain registrar responsible for the “.vote” top-level domain, created multiple “state.vote” domains which redirected to the appropriate state voter registration website. At the time many believed these sites were malicious. Many domain owners also purchase renditions of their domain name to direct users to the correct website and protect against typosquatting.

What you can do

Make it a practice to closely examine links before clicking as the subtle changes in typosquatted domains are only noticeable upon close inspection. The easiest way to accomplish this is to view the link by hovering over it with your mouse. Additionally, election offices should consider the following:

  1. Consider purchasing domains similar to your website, especially .com or .org, to protect against illegitimate registrations.
  2. Bookmark frequently visited websites to ensure you always navigate to the correct site.
  3. Search for a website in the browser instead of manually typing in a URL.

For additional recommendations and technical details on this topic, please see the MS-ISAC’s Typosquatting Security Primer.

---

The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact [email protected].