John Oliver promoted Vote411 to get out the vote. Then scammers made a fake version – CNET
As the midterm elections approach, scammers are taking advantage of voters online.
Typo-squatters — people who create fake versions of websites based off typos, like if you wrote Goggle instead of Google in your browser's address bar — have targeted Vote411.org, a popular voter information website that explains how to register to vote and candidate details.
The page gained a 2,000 percent spike in traffic after John Oliver promoted the website on his show last week. Two days later, scammers made the website Vote411.com redirect people to to a page telling them their device was infected with a virus.
It includes a phone number to call, which is a common online scam where a pop-up will tell someone their device is infected and request they pay to fix it. Often times, there's no real malware involved.
This type of attack takes advantage of people typing in the wrong URL, but it's also preying on victims looking for voter information. Voter turnout is expected to be at a higher rate this year because of major political issues surrounding the midterm elections.
The midterm elections are highly contested in multiple regions across the US as Democrats aim for a "blue wave" in Congress and President Donald Trump pushes to maintain Republican control of the legislative branch.
This election's importance is why Oliver was prompting his viewers to visit Vote411.org, spending the last two minutes of his Oct. 28 show directing people there.
Amanda Rosseau, a malware researcher at security company Endgame, said she discovered the fake page after watching Oliver's segment. She saw the original link and wanted to see if there were fake versions of the URL around.
When she found it, Rosseau started looking for how to stop the scam.
"All I could think of was 'take this site down, fast,'" Rosseau said in a message.
The creators of the fake page launched it on Oct. 30, just a week before Election Day. The malicious link it redirects to is hosted on CloudFlare. The company didn't respond to a request for comment, but CloudFlare's head of trust and safety, Justin Paine, posted that it was taking down the page.
The fake page comes at a time when election officials and the US government are on high alert for cyberattacks.
On Friday, DHS Secretary Kirstjen Nielsen said this election would be "the most secure election we've ever had," noting all the work the agency has done with voting officials to make sure machines and votes are safe.
But it's a different story for third-party websites like Vote411, which isn't affiliated with the US government.
This isn't the first time an attacker has used URL tricks in an election-related scheme. In August, Microsoft said it stopped Russian hackers using a similar squatting technique to impersonate websites from conservative think tanks linked to Republican senators.
Microsoft President Brad Smith said in a blog post it's had to shut down 84 fake websites using this tactic in the last two years. It's unclear if the scammers behind the fake Vote411 page were politically motivated in their attack.
Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.
iHate: CNET looks at how intolerance is taking over the internet.