June 2, 2026 Tech that matters — in two languages
JA EN
Internet Voices

Surge in Phishing Ahead of US Midterm Elections, Over 5,000 Domains Identified as Threats

Check Point detects over 5,000 election-related domains with potential for misuse. Phishing and impersonation emerge as the biggest threats.

4 min read Reviewed & edited by the SINGULISM Editorial Team

CybersecurityPhishingUS ElectionsCheck PointDomain Fraud
Surge in Phishing Ahead of US Midterm Elections, Over 5,000 Domains Identified as Threats
Photo by Element5 Digital on Unsplash

With the US midterm elections approaching, Check Point’s cyber threat intelligence team has revealed that over 5,000 election-themed domains were newly registered between April and May 2026. Rather than direct hacking of voting machines, phishing, impersonation, and the spread of misinformation are becoming the greatest threats to election integrity.

According to Check Point’s monitoring, as of January 2026, there were approximately 1,300 domains containing the keyword “election” and around 2,957 containing “vote.” From April 13 to May 14, however, newly registered domains surged to about 1,140 with “election” and 4,010 with “vote.”

These domains could potentially be exploited for phishing pages disguised as voter information portals or candidate websites, fraudulent sites soliciting campaign donations, or misinformation portals posing as official sites.

Simply registering a domain doesn’t necessarily indicate malicious intent. However, the massive registration of election-related domains in a short period raises concerns about potential organized attack preparations.

Threat of Leaked Credentials

In addition to the domains, Check Point discovered approximately 17,000 leaked credentials tied to fundraising organizations, political parties, and government services in May.

Danielle Hess, a cyber threat intelligence analyst at Check Point, told The Register, “Election-related domains and leaked credentials are two sides of the same problem—the infrastructure and access issues.”

Hess further explained, “The increase in election-themed domains reflects not only the expansion of infrastructure that can be exploited for phishing and impersonation but also the growing ecosystem of election-related targets, including organizations, accounts, and users.” She warned, “When combined with the abundance of leaked credentials, attackers gain opportunities to launch convincing and large-scale election-related attacks.”

The combination of infrastructure preparation through domain registrations and access acquisition via leaked credentials enables attackers to conduct more effective and widespread misinformation campaigns and fraud.

AI Accelerating Attacks

Attack techniques like phishing, impersonation, and misinformation related to elections have evolved dramatically with the advent of generative AI. By leveraging AI, attackers can create scams and misinformation more quickly, at lower costs, and on a larger scale.

For example, AI can rapidly generate phishing pages that closely resemble legitimate election management sites or create fake statements mimicking politicians’ writing styles. Deepfake technology may also be used to produce fake videos or audio to impersonate individuals, posing risks to election campaigns.

While AI advancements also benefit defenders, they significantly lower the costs and barriers for attackers. This asymmetry presents a critical challenge for election security.

Decline in US Cyber Defense

The growing threats related to elections are coinciding with significant cuts to the Cybersecurity and Infrastructure Security Agency (CISA), the US’s primary cyber defense body, under the Trump administration.

The administration proposed a $707 million budget cut for CISA and implemented major staff reductions. Additionally, the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), responsible for sharing election-related cyber threat intelligence, has ceased operations.

EI-ISAC played a crucial role in strengthening defenses by enabling information-sharing among state and local election officials. Its suspension may leave local election management agencies more vulnerable to cyberattacks.

Election workers have long faced threats and harassment. The reduction of CISA’s support has weakened federal-level protection against phishing and malware attacks, increasing the burden on local election administrators.

Voting Machine Hacking: A Past Concern

Around 2017, the direct hacking of voting machines was a primary election security concern. However, technological improvements and enhanced physical security have shifted attackers’ focus to softer targets—namely, social engineering and phishing aimed at people.

Check Point’s report indicates that attackers are no longer targeting voting infrastructure directly but are instead attempting to manipulate the election process through digital impersonation and misinformation, exploiting trust among election officials and voters. This underscores the importance of not only technical defenses but also education and awareness measures.

Future Challenges

With less than five months remaining until the midterm elections in November 2026, election-themed domain registrations are expected to continue rising. As election day approaches, attackers are likely to deploy more sophisticated and convincing phishing campaigns.

Voters should exercise caution when interacting with election-related emails and websites, carefully verifying sender addresses and URLs. They should avoid entering personal information outside official sites. Organizations, meanwhile, must prioritize measures like implementing multi-factor authentication, training employees to recognize phishing, and regularly monitoring leaked credentials.

Frequently Asked Questions

How can individuals protect themselves from election-related phishing attacks?
Access official sites by typing the URL directly into your browser and avoid clicking on links in emails. Verify sender addresses and double-check the authenticity of sites requesting personal information or donations. Enable multi-factor authentication and report suspicious emails to election management authorities.
What impact does the suspension of EI-ISAC activities have on election security?
EI-ISAC facilitated sharing of cyber threat intelligence among state and local election agencies. Its suspension makes it harder for local officials to access such information, potentially delaying responses to attacks. This increases the need for municipalities to strengthen their own security measures.
Why is phishing now a bigger threat than voting machine hacking?
Improved technical and physical security measures have made direct hacking of voting machines more challenging. Meanwhile, phishing and impersonation attacks targeting human vulnerabilities have become easier, cheaper, and scalable due to advancements in generative AI. Attackers are shifting focus to these softer targets for high-impact results.
Source: The Register

Written by AI-assisted

Edited & reviewed by SINGULISM Editor-in-Chief

This article was drafted by AI (large language models) and reviewed by a human editor for fact-checking, structure, and style before publication.

Last updated:

If you find any factual errors or inaccuracies, we will promptly publish a correction. Please contact us via the contact form to request a correction.

Related Articles

Fired Hacker Twins Forget to Stop Teams Recording, Document Their Own Crime Fired Hacker Twins Forget to Stop Teams Recording, Document Their Own Crime

May 15, 2026

Foxconn Confirms Cyberattack, Confidential Files of Apple and Nvidia Potentially Leaked Foxconn Confirms Cyberattack, Confidential Files of Apple and Nvidia Potentially Leaked

May 13, 2026

In 2025, Cybercrime Losses in the U.S. to Reach $21 Billion—Cryptocurrency Scams Account for Over Half In 2025, Cybercrime Losses in the U.S. to Reach $21 Billion—Cryptocurrency Scams Account for Over Half

April 8, 2026

Comments

← Back to Home