Online swindlers looking for a quick buck are using a domain that can be easily confused with a voter information website to redirect users to pages pushing various types of scams.
The boost in popularity during this period draw the attention of online scammers who used the .com version of the original domain to point visitors from macOS and iOS platforms to pages showing fake malware infection alerts.
The scammers attempt to take advantage of the users that do not pay attention tot he TLD (top-level domain) detail and instead of adding .ORG at the end of the domain name they go with the more popular .COM.
This is the classic technical support scam where the victim is supposed to call a number to receive paid assistance in removing the threat. Pretending to be part of a popular company's support staff the scammers' purpose is to trick the victim into paying for fake services.
Amanda Rousseau of Endgame discovered the VOTE411 scam and recorded the redirects coming from the .com variant. The alert that pops up on the screen says that the iPhone is infected with the Pegasus spyware (known as the creation of the Israel-based company NSO Group) and provides a phone number for assistance.
The fraudsters have set up multiple redirects, some of them for pages specifically designed for iOS users.
Lukas Stefanko of ESET also analyzed the scam and says that it does not attempt to deliver a binary. "Most of the time, it leads people to SMS subscription or to lure credit card details," he replied to Rousseau.
He added that when he loaded the website on an Android device he received a localized version of the scam that enticed the user with the opportunity to win a $6.5 million jackpot.
This is scareware, it is not going to infect device with binary. Most of the time, it leads people to SMS subscription or to lure credit card details.— Lukas Stefanko (@LukasStefanko) November 4, 2018
Basicaly, it is aggressive advertisement implemented by site.
In Android case, it says I have great chance to spin for $6,5mil. pic.twitter.com/whA8QIM1F3
When BleepingComputer tested the site from Windows, the scam site would redirect to Tech Support Scams or landing pages for unwanted browser extension.
It is easy to confuse the name of a domain and land on a dangerous page. The typical recommendation when a website shows alerts about your system being infected with malware is to close it immediately.