Counties in more than a dozen swing states across the country operate election-related websites that lack basic security measures and are not even identified as government related, computer security research firm McAfee found in a study published Wednesday.

“We found that large majorities of county websites use top level domain names such as .com, .net and .us rather than the government validated .gov in their web addresses,” the study found after examining 20 swing states. “Our findings essentially revealed that there is no official U.S. governing body validating whether the majority of county websites are legitimately owned by actual legitimate county entities.”

Websites that use .gov must pass a U.S. government validation process to ensure that the entity operating such a site indeed belongs to a government entity, McAfee said.

“This is important, because unlike .gov sites where there is a thorough vetting process and background checks, including government officials as references, anyone can buy a .com domain,” McAfee’s Chief Technology Officer Steve Grobman said in a statement. Attackers could launch a fake .com website that mimics a county website, he said.

Minnesota and Texas had the largest percentage of non-.gov domain names with 95.4 percent and 95 percent respectively, according to McAfee. They were followed by Michigan with 91.2 percent of the sites lacking a .gov designation, followed by 90 percent in New Hampshire, 86.6 percent in Mississippi, 85.9 percent in Ohio, the study found. McAfee chose the 20 swing states because they present the “most compelling targets for threat actors.”