With 14 days to go, we haven’t nailed the basics: election security risks from expired domains

On November 3, 2020, the United States held its Presidential election amidst concerns over cybersecurity protections and processes implemented in the preceding four years. Area 1 Security highlighted the risks posed by threat actors to election administrators and their email security controls. One key risk identified was the failure for any organization to properly register their domains, which could allow anyone to assume the identity of elections officials and send phishing emails or alter critical voter information. To mitigate these risks, domain owners were advised to check expiration dates and secure their domains for maximum ownership time available, as well as follow recommendations for securing email outlined in a prior report.