With the Presidential election just a few days away, bad actors are ramping up their efforts to lure in victims with phishing attacks designed to harvest credentials and personal information that could lead to the next large-scale breach. The threat is so prevalent that the Better Business Bureau, the Identity Theft Resource Center and the National Association of State Election Directors have all issued warnings to the general public.
Election-related phishing attacks can surface across channels in various formats, and the unsuspecting user can be caught off-guard. Phishing is the number one cause of breaches, and all the major breaches in 2020 started with phishing. Successful phishing attacks start with a compelling message, and elections are great for cybercriminals because the message is targeted to elicit an emotional response to prompt action. Here are a few examples:
- Surveys and polls:Bad actors may send an email or post an ad on a social channel asking voters to take a survey or participate in a poll. This is a good way to collect personally identifiable information (PII) such as social security numbers. Emails requesting that you confirm your status as a registered voter to take a poll are particularly suspect.
- Petitions:It’s common to be passionate about political issues and have a desire to initiate change. Fraudsters play on this natural instinct and send bogus petition requests, asking you to offer up personal information.
- Donation requests:Like petitions, online requests for money to support an important cause or specific candidate can be fraudulent. Fraudsters may pose as campaign volunteers and ask for credit card numbers and other personal information to complete the donation. They may even impersonate candidates using pre-recorded audio to lure you in. (Screen 1)
- Registration scams: In the U.S., it is not possible to vote by phone, email, or text — but that doesn’t stop scammers from trying to convince you it isn’t. (Screen 2)
These are just some ways bad actors phish for PII, perpetrate credit card or money transfer scams. Today’s phishing doesn’t just happen over email, but numerous channels — SMS, messaging apps, social platforms, search…