Election Interlopers Register 5K+ Domains, Hope to Catch Some Voting Phish

Election Interlopers Register 5K+ Domains 🚨

The biggest threat to America’s midterm elections in November likely isn’t foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising organizations, political parties, and government-related services also spotted by the security shop’s intelligence arm in May.

Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register, “Election-related domains and leaked credentials represent two sides of the same problem: infrastructure and access.” Hess added, “A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted.”

Key Findings 📊

• In January, Check Point documented about 1,300 domains containing the keyword “election” and 2,957 containing “vote.”
• Between April 13 and May 14, about 1,140 newly registered domains contained the word “election,” while the number containing “vote” had climbed to about 4,010.

While simply registering a domain doesn’t guarantee it will be used for malicious purposes, such domains are often used for phishing pages that impersonate voter info sites or candidates themselves, campaign donation scams, and misinformation sites designed to look like official election communications. Additionally, AI gives phishing, impersonation, election misinformation, and other scam operations a massive boost, making them faster, cheaper, and easier to scale.

Credential Exposure 🔑

Along these lines, the security shop documented thousands of leaked credentials in May linked to fundraising and political party websites including about 9,500 ActBlue.com (Democrats’ fundraising site) compromised credentials, 6,500 leaked WinRed.com (Republican fundraising) credentials, plus 600 from the official Republican gop.com website, 130 from democrats.org, and 150 leaked usa.gov citizen services’ site credentials.

Hess emphasized that the credential statistics reflect credentials identified on Check Point’s External Risk Management (ERM) platform as of May 2026 and are not limited to credentials that were necessarily stolen or leaked during May 2026 itself. The reports point out that the credential leaks aren’t limited to one political party or specific campaigns.

Dark Web Concerns 🌐

Voter information is also appearing across dark web forums ahead of the November midterms. This includes a January 30 BreachForums post advertising data tied to the Fremont County, Colorado election division. The data dump included names, email addresses, IP address data, and election-related portal submission information.

For more details, check out the full article: Read full article