Online swindlers looking for a quick buck are using a domain that can be easily confused with a voter information website to redirect users to pages pushing various types of scams.

With the US midterm elections on November 6 and English comedian John Oliver promoting the website on his show last week, visits to VOTE411.org increased significantly.

Top-level domain confusion

The boost in popularity during this period draw the attention of online scammers who used the .com version of the original domain to point visitors from macOS and iOS platforms to pages showing fake malware infection alerts.

The scammers attempt to take advantage of the users that do not pay attention tot he TLD (top-level domain) detail and instead of adding .ORG at the end of the domain name they go with the more popular .COM.

This is the classic technical support scam where the victim is supposed to call a number to receive paid assistance in removing the threat. Pretending to be part of a popular company's support staff the scammers' purpose is to trick the victim into paying for fake services.

Amanda Rousseau of Endgame discovered the VOTE411 scam and recorded the redirects coming from the .com variant. The alert that pops up on the screen says that the iPhone is infected with the Pegasus spyware (known as the creation of the Israel-based company NSO Group) and provides a phone number for assistance.

The fraudsters have set up multiple redirects, some of them for pages specifically designed for iOS users.

Lukas Stefanko of ESET also analyzed the scam and says that it does not attempt to deliver a binary. "Most of the time, it leads people to SMS subscription or to lure credit card details," he replied to Rousseau.

He added that when he loaded the website on an Android device he received a localized version of the scam that enticed the user with the opportunity to win a $6.5 million jackpot.

When BleepingComputer tested the site from Windows, the scam site would redirect to Tech Support Scams or landing pages for unwanted browser extension.

Tech Support Scam shown by Vote411.com
Tech Support Scam shown by Vote411.com

It is easy to confuse the name of a domain and land on a dangerous page. The typical recommendation when a website shows alerts about your system being infected with malware is to close it immediately.

Related Articles:

McAfee Tech Support Scam Harvesting Credit Card Information

Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Scammers Use Facebook Sharer Page to Push Tech Support Scams

Fake Elon Musk Twitter Bitcoin Scam Earned 180K in One Day

The Few Privileged North Koreans Are Savvy Scammers