John Oliver promoted Vote411 to get out the vote. Then scammers made a fake version
If you’re looking for where to vote, this fake page will try to steal from you.
The fake version of Vote411 leads to a common "technical support" scam.
As the midterm elections approach, scammers are trying to take advantage of voters online.
They've targeted Vote411.org, a popular voter information website that explains how to register to vote and provides details about candidates. The page saw a 2,000 percent spike in traffic after John Oliver promoted it on his show last week.
Two days later, scammers created the website Vote411.com -- note the ".com" instead of the legit ".org" -- to redirect people to a page telling them their device is infected with a virus.
For that, you can blame typo-squatters -- people who create fake versions of websites based on typos, like when you write "goggle" instead of "google" in your browser's address bar.
It's a common online scam. Often, a pop-up tells you your device is infected and, through various means, tries to get you to pay to eliminate malware that isn't really there or to fix some other problem that doesn't really exist.
This particular scam is preying on people looking for voter information in a highly charged midterm election year, with voter turnout expected to be high. Democrats are aiming for a "blue wave" in Congress, while President Trump pushes to maintain Republican control of the legislative branch.
The interest in the midterm elections is why Oliver was prompting his viewers to visit Vote411.org. He spent the last two minutes of his Oct. 28 show directing people there.
Amanda Rousseau, a malware researcher at security company Endgame, said she discovered the fake page after watching Oliver's segment. She saw the original link and wanted to find out if there were fake versions of the URL around.
When she found it, Rousseau started looking for how to stop the scam.
"All I could think of was 'take this site down, fast,'" Rousseau said in a message.
Was watching @iamjohnoliver and discovered that vote411[.]com was redirecting to a site trying to distribute "Pegasus Spyware" malware only on IOS. Recorded the redirects: pic.twitter.com/KxoJGBZWbg
— Amanda Rousseau (@malwareunicorn) November 4, 2018
The creators of the fake page launched it on Oct. 30, just a week before Election Day. The malicious link it redirects to is hosted on CloudFlare. The company didn't respond to a request for comment, but CloudFlare's head of trust and safety, Justin Paine, posted that it's taking down the page.
Meanwhile, election officials and the US government are on high alert for cyberattacks.
On Friday, Kirstjen Nielsen, head of the Department of Homeland Security, said the midterms would be "the most secure election we've ever had," noting all the work the DHS has done with voting officials to make sure machines and votes are safe.
But it's a different story for third-party websites like Vote411, which isn't affiliated with the US government.
This isn't the first time an attacker has used URL tricks in an election-related scheme. In August, Microsoft said it stopped Russian hackers using a similar squatting technique to impersonate websites from conservative think tanks linked to Republican senators. Microsoft President Brad Smith said the company had to shut down 84 websites using this tactic in the last two years.
It's unclear if the scammers behind the fake Vote411 page were politically motivated in their attack.
Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.
iHate: CNET looks at how intolerance is taking over the internet.