Security analysts at Check Point have identified a sharp increase in election-themed web domains, documenting more than 5,000 new registrations between April and May. According to a report from The Register, these sites present a significant risk for phishing, fraud, and misinformation campaigns ahead of the November U.S. midterm elections.
While previous concerns focused on direct hacking of voting machines, experts now warn that the primary threat lies in social engineering. Attackers are leveraging these domains to impersonate election officials and political organizations, a tactic amplified by the accessibility of artificial intelligence tools.
Danielle Hess, a cyber threat intelligence analyst at Check Point, noted that the infrastructure and access provided by these domains create a dangerous environment for voters and political entities alike. "A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation, but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted," Hess said.
Credentials and digital risk
The threat is compounded by a wave of exposed user credentials. In May alone, Check Point identified roughly 17,000 leaked credentials associated with political parties, fundraising organizations, and government services. This data includes approximately 9,500 compromised logins for the Democratic fundraising platform ActBlue and 6,500 for the Republican site WinRed. Smaller numbers of leaked credentials were also linked to official party websites and the federal portal usa.gov.
These leaks provide attackers with the necessary access to conduct scalable, convincing operations. The Register reports that the increase in malicious activity coincides with significant budgetary and organizational cuts to the Cybersecurity and Infrastructure Security Agency (CISA). These changes include the elimination of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).
Check Point’s monitoring data underscores the rapid growth of this digital footprint. In January, the firm tracked 1,300 domains containing the word "election" and 2,957 containing "vote." By mid-May, the "vote"-themed registrations had surged to 4,010, while "election"-themed domains reached 1,140 for the one-month period alone. The outlet reports that these sites are frequently utilized for campaign donation scams and fake voter information portals designed to deceive the public.
