Thousands of newly registered websites containing election-related keywords are raising alarm bells among cybersecurity experts and election officials. A new report from Check Point, a cybersecurity company, found that between April and May 2026, approximately 4,010 newly registered domains contained the word "vote," while roughly 1,140 contained "election." These registrations don't automatically indicate malicious intent, but they significantly expand the pool of domains that could later be weaponized for phishing attacks, impersonation schemes, fraudulent donations, or spreading election misinformation.

The timing is critical. As November's midterm elections approach, political organizations, fundraising platforms, and media outlets face what cybersecurity researchers describe as "elevated" cyber threats. The surge in domain registrations suggests that bad actors are laying groundwork now for attacks that could unfold closer to election day. This pattern mirrors concerns that have been building since the 2024 presidential election cycle, when experts first began warning about AI's potential to amplify election-related threats.

What Types of Threats Are Election Organizations Facing?

Check Point's research identified the most likely attack vectors targeting the upcoming elections. Understanding these threats helps explain why election officials and cybersecurity experts are sounding the alarm now, months before voters head to the polls.

• Phishing and Email Attacks: A staggering 82% of malicious file attacks come through email phishing attempts, according to Check Point research. Election-related organizations, both government agencies and private platforms, are prime targets because they handle sensitive voter information and fundraising data.
• Impersonation and Fake Websites: Foreign adversaries and domestic bad actors create fraudulent websites that mimic legitimate news organizations or election authorities to spread false narratives or harvest credentials from unsuspecting visitors.
• AI-Enabled Content Abuse: Artificial intelligence makes it cheaper, faster, and easier for attackers to generate convincing false information, deepfake videos, and personalized phishing content that spreads across social media and email.
• Influence Operations: State-sponsored actors use coordinated campaigns to amplify division, shape election narratives, and test vulnerabilities in the information ecosystem.
• Opportunistic Disruption: Hackers exploit vulnerabilities in election infrastructure and fundraising platforms to cause chaos or steal donor information.

The threat landscape has already claimed real victims. ActBlue, a major fundraising platform used by Democratic candidates, had approximately 9,600 leaked citizen credentials, including usernames and passwords. WinRed, the Republican counterpart, experienced 6,500 leaked credentials. These exposures create pathways for donor fraud and unauthorized access to election-related organizations.

How Is Artificial Intelligence Changing Election Security?

Artificial intelligence has fundamentally altered the calculus of election threats. Unlike traditional phishing emails or misinformation campaigns, AI-powered attacks can be generated at scale with minimal human effort and cost. This democratizes election interference in a dangerous way.

"Now that we're in the age of AI, it can consume and take so much data and learn so much about us that it can generate things that are believable. Not just things that are like a phishing email, but content that's shared on social media or deepfake videos that are getting harder and harder to actually tell what they truly are," said Aaron Rose, a cybersecurity expert with Check Point.

Aaron Rose, Cybersecurity Expert at Check Point

This capability matters because it lowers the barrier to entry for attackers. Previously, creating convincing election misinformation required significant resources and human creativity. Now, an attacker can feed an AI system publicly available information about candidates, voters, and election processes, and the system can generate thousands of personalized phishing emails, social media posts, or deepfake videos in hours. The result is that election organizations face not just more sophisticated threats, but exponentially more of them.

Which Foreign Adversaries Are Targeting U.S. Elections?

Intelligence assessments from federal agencies have consistently identified three primary foreign adversaries attempting to influence American elections. Each nation employs different tactics aligned with distinct strategic objectives.

• Russia: Uses influence operations and narrative amplification, including creating fake websites that impersonate reputable news organizations like Reuters or The Washington Post. The goal is to shape narratives and amplify existing social and political divisions within the United States.
• China: Focuses on reconnaissance and influence-testing, seeking to exploit existing social and political divisions rather than create new ones. This approach is more subtle and long-term in nature.
• Iran: Has engaged in hacking political operations in past election cycles and is expected to attempt similar activities again, according to the Check Point report.

"They want to either steer it or they want to cause confusion," said Aaron Rose, explaining the objectives of these three foreign adversaries when it comes to U.S. elections.

Aaron Rose, Cybersecurity Expert at Check Point

The common thread across all three adversaries is clear: they aim to either manipulate election outcomes or sow enough confusion and distrust to undermine confidence in the democratic process itself.

How Can Election Organizations Defend Against These Threats?

Election officials and cybersecurity experts emphasize that defense requires both technical measures and human awareness. Training and verification are critical components of any election security strategy.

Oregon Secretary of State Tobias Read told PBS News that his office conducts quarterly training sessions with staff to guard against phishing attempts. "We have scenarios and tests that we run internally, including me, where I have to think about it," Read explained. This hands-on approach helps staff recognize suspicious emails and websites before they become security breaches.

Read also emphasized the importance of verification when encountering unfamiliar election-related websites. "If you're suspicious, verify it," he advised, noting that the surge in election-related domain registrations makes this guidance increasingly relevant. Voters and election workers should independently verify that they're visiting legitimate government or campaign websites before entering personal information or making donations.

However, election officials have expressed concern about reduced federal support for cybersecurity. Read noted that it would be beneficial to receive more assistance from the Cybersecurity and Infrastructure Security Agency (CISA), the federal agency responsible for protecting critical infrastructure. "That's the job they're supposed to be doing. We've lost a lot of that," Read said, adding that Oregon is relying on state resources like the National Guard to fill cybersecurity gaps.

Read

What Should Voters and Donors Know Right Now?

While cybersecurity experts warn of rising threats, they also caution against creating unnecessary panic. Kathy Boockvar, former Secretary of the Commonwealth of Pennsylvania, acknowledged that the Check Point report findings are concerning but noted the importance of balancing security awareness with public trust in elections.

"Seeing that these websites are continuing to grow is of significant concern, on top of what's already a concerning status quo," said Kathy Boockvar of Athena Strategies, who served as secretary of the Commonwealth of Pennsylvania from 2019 to 2021.

Kathy Boockvar, Athena Strategies

One positive finding from Check Point's research offers some reassurance: individual political campaign domains for a sample of swing-state candidates from both parties showed hardly any leaked credentials. Instead, credential exposure is concentrated among larger platforms like ActBlue and WinRed. This suggests that smaller campaign operations may face lower risk from large-scale data breaches, though they remain vulnerable to targeted phishing attacks.

The broader lesson is clear. The convergence of surging domain registrations, AI-powered attack capabilities, and foreign interference efforts creates a complex threat landscape for the 2026 midterm elections. Election organizations, fundraising platforms, and individual voters all have roles to play in defending against these threats through training, verification, and awareness.