FBI and CISA Warn of Spoofed Website Domains and Emails Exploiting the 2020 Election

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning to help Americans spot spoofed election-related domains and email accounts that subject them to the risks of cybercrime and disinformation.

The alert, part of a series of public service announcements meant to prepare the American electorate for a cyber-safe election year, teaches people how to avoid becoming a victim of cybercriminals.

Domain spoofing is an effective tool used by cybercriminals to gather sensitive information such as usernames, passwords and email addresses or spread malware that could lead to financial and data compromise.

“Cyber actors set up spoofed domains with slightly altered characteristics of legitimate domains,” the alert reads. “A spoofed domain may feature an alternate spelling of a word (“electon” instead of “election”), or use an alternative top-level domain, such as a “[.]com” version of a legitimate “[.] gov” website.”

The FBI and CISA say citizens could unintentionally visit these spoofed websites when seeking information about the 2020 election, or receive official-looking emails that harbor malicious files or links.

It’s imperative for citizens to carefully analyze websites they visit and email correspondence they receive. Below is a list of helpful recommendations:

• Check the spelling of websites and email addresses that may closely imitate legitimate election websites
• Seek information from trustworthy sources only, such as The Election Assistance Commission (https://www.eac.gov)
• Ensure all operating systems and apps are up to date
• Use security solutions on your internet-enabled devices
• Don’t enable macros on documents downloaded from an email unless necessary. If you must, make sure the file is not malicious
• Disable or remove unnecessary software from devices
• Enable two-factor authentication where possible
• Never access emails or attachments from unknown individuals and don’t communicate with unsolicited email senders
• Never give out personal information via email, phone or links