With the United States Presidential Election coming up, cyber-criminal and hacktivist activity has grown. Recent phishing and disinformation campaigns may pose a threat to the election’s validity on a large scale, as well as voter personal identifiable information (PII) remaining secure.
Technical detail and additional information
What is the threat?
With only a few weeks remaining until election day, cybercriminals are continuing to ramp up their attacks on prospective U.S. voters in the form of phishing campaigns. One such campaign was investigated by KnowBe4, a popular security awareness training platform, and the details involved phishing attacks that spoofed an Arizona state voting service website and targeted voters in an attempt to steal their PII. The campaign stretched as far as Wisconsin, where users reported receiving the email asking for additional voter registration information. In addition to phishing, the DHS, the FBI, and CISA have stated that there are numerous hacktivist and nation-state Advanced Persistent Threats (APTs) that have ongoing disinformation campaigns to cause confusion and distrust of the United States’ ability to handle the election securely, as well as influence voters in their choice of candidate. One example being Russia capitalizing on voter hesitancy to utilize mail-in-ballots due to COVID-19 and is actively attempting to undermine trust in the election process. It is important to note that these examples are not the only campaigns that are ongoing, and that there are many more in the wild.
Why is this noteworthy?
These ongoing campaigns are widespread and are attempting to influence voters, polls, media, and the election. The disinformation campaigns hosted by nation-states such as Russia have the potential to influence millions of voters in the United States during Presidential elections every four years. The phishing campaigns also have the potential to undermine the election process with fraudulent ballots which could be obtained using stolen PII. Lastly, phishing campaigns related to voter registration can cause victims to divulge more PII than normal such as a driver’s license number, or even a social security number which can lead to identity theft.
What is the exposure or risk?
These threat actors have the capability of reaching everyone in the general public with their attacks. Nation-state actors, as reported by the FBI and CISA, are utilizing various social media platforms to spread false information to voters in an effort to discredit the security of the election. It should also be noted that the FBI and CISA have stated that no information suggests there is any cyber-attack on election infrastructure. The phishing campaigns also have a large attack surface as they compromise more accounts and organizations. The current, widespread Emotet campaign is a perfect example of such an attack.
What are the recommendations?
Recommendations for protecting oneself from disinformation attempts and phishing attempts are listed below:
Phishing: Maintain good general cyber hygiene by using complex and secure passwords, utilizing Multi-Factor Authentication wherever possible. Educate yourself and your organization on how to spot phishing emails, be skeptical of external emails, and vigilant on what links you click on. Rely on state and government issued information about voter registration and systems.
- If you believe you have been a victim of phishing, it is imperative to notify your IT or Information Security Team immediately and change all passwords.
Disinformation: Remain informed by credible, trustworthy sources, and verify the author’s credentials and understand their intent. Be skeptical of unverified claims. If available, utilize in-platform tools to report suspicious posts that could be spreading false information.
- Report potential election crimes—such as disinformation about the manner, time, or place of voting—to the FBI.
For more information on election crimes and how to protect yourself please visit the links below:
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.