Election Interlopers Register 5K+ Domains, Hope to Catch Some Voting Phish
Election Interlopers Register 5K+ Domains đ¨
The biggest threat to Americaâs midterm elections in November likely isnât foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising organizations, political parties, and government-related services also spotted by the security shopâs intelligence arm in May.
Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register, âElection-related domains and leaked credentials represent two sides of the same problem: infrastructure and access.â Hess added, âA rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted.â
Key Findings đ
- In January, Check Point documented about 1,300 domains containing the keyword âelectionâ and 2,957 containing âvote.â
- Between April 13 and May 14, about 1,140 newly registered domains contained the word âelection,â while the number containing âvoteâ had climbed to about 4,010.
While simply registering a domain doesnât guarantee it will be used for malicious purposes, such domains are often used for phishing pages that impersonate voter info sites or candidates themselves, campaign donation scams, and misinformation sites designed to look like official election communications. Additionally, AI gives phishing, impersonation, election misinformation, and other scam operations a massive boost, making them faster, cheaper, and easier to scale.
Credential Exposure đ
Along these lines, the security shop documented thousands of leaked credentials in May linked to fundraising and political party websites including about 9,500 ActBlue.com (Democratsâ fundraising site) compromised credentials, 6,500 leaked WinRed.com (Republican fundraising) credentials, plus 600 from the official Republican gop.com website, 130 from democrats.org, and 150 leaked usa.gov citizen servicesâ site credentials.
Hess emphasized that the credential statistics reflect credentials identified on Check Pointâs External Risk Management (ERM) platform as of May 2026 and are not limited to credentials that were necessarily stolen or leaked during May 2026 itself. The reports point out that the credential leaks arenât limited to one political party or specific campaigns.
Dark Web Concerns đ
Voter information is also appearing across dark web forums ahead of the November midterms. This includes a January 30 BreachForums post advertising data tied to the Fremont County, Colorado election division. The data dump included names, email addresses, IP address data, and election-related portal submission information.
For more details, check out the full article: Read full article