Security experts have sounded another US election warning after claiming that the majority of US county websites could be copied to spread disinformation and steal info.
Comparitech analyzed the websites and official contact email addresses for 3144 US counties to compile its report. These administrative districts play an important role in elections, as many voters turn to their local county website for information on polling booths and other queries.
However, Comparitech found that 57% of such sites are registered with non-.gov domains, meaning they could easily be spoofed with malign intent. Additionally, over half (55%) of counties in the seven swing states have non-.gov registered domains – all of Arizona’s counties have .gov domains, whereas 72% of Michigan’s do not, the report claimed.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have already released an alert warning that foreign threat actors may use fake lookalike sites to spread disinformation.
Read more on US election threats: FBI and CISA Assure Public on Election Ransomware Security
The report also claimed that 85 websites were found to be lacking an SSL certificate. SSL certificates help to authenticate the owner of the website and encrypt the connection – meaning sites without a valid certificate are further exposed to possible spoofing or phishing campaigns.
Comparitech found that 41% of voting contact emails displayed on US county websites lack the DMARC email authentication protocol, meaning they’re also exposed to phishing attempts. Nearly 100 websites apparently displayed generic webmail addresses like @gmail.com and @hotmail.com.
Some 39% of email addresses listed on county election websites in swing states don’t have DMARC authentication, the report noted.
“Many US counties should improve the security and authentication of their websites and emails. But with little time before the election, those searching for key information and advice should first look to their official state websites,” said Comparitech head of data research, Rebecca Moody.
“Relying on search engine results may lead voters to websites that have been spoofed, display misinformation and/or are phishing for voter information.”