Elections & Phishing: A Susceptible Population
Some people associate elections with excitement and drama. Which candidate will win? Which candidate is best? Why is the other candidate awful?
I’ve always associated election season with messaging overload. Yard signage, snail mail, YouTube ads, commercials, text messages, emails, people knocking on our front door passing out fliers… this list goes on. While it’s normal to tune out this constant bombardment of messages, it is more important than ever to stay alert. Cyber-attacks have become increasingly common during election season, and cybercriminals are keen on taking advantage of strongly divided political opinions.
Phishing is usually at the forefront of election season cyber attacks. Phishing occurs when an attacker poses as a known sender to gain Personally Identifiable Information (PII) from you. Any information shared can be used to exploit your data for the attacker’s financial or personal gain. The scary thing is that signs of phishing used to be relatively easy to spot. Nowadays, phishing messages can come from highly sophisticated attackers, especially during election periods when a population is susceptible to receiving unsolicited information.
Common Types of Phishing During Elections
Smishing, otherwise known as SMS Phishing or Text Phishing, occurs when the attacker contacts you via text messaging. During election time, this can include messaging like “Elections are 36 days away. Respond with which candidate you’re going to vote for!” While this may seem harmless, any message you didn’t sign up to receive should not warrant a response. In some cases, attackers are looking to see which phone numbers respond, meaning that they are active and working numbers. They may later use knowledge of your working phone number to exploit a more sophisticated SIM Hijacking. Below you can see an example of an election-related text message that I recently received. While not every message is necessarily from an attacker, I have no way to confirm this as the receiver.
Vishing or Voice Phishing occurs when an attacker contacts you over the phone, posing as someone else. Outside of election season, these usually occur when an attacker pretends to an employee from the company you bank with or phone provider. During election season, it’s also common to see an attacker pose as an employee from the Board of Elections asking for personal information, or even a candidate campaign team member asking for funding.
Instead of being targeted to a large group of people, spear phishing targets a specific individual. This type of message will appear to come from a person that you have a relationship with. For example, suppose you’re affiliated with a specific political party. If you see an email from a friend encouraging you to donate to a particular candidate’s campaign, you might not think it is anything unusual. The email may include a false email URL that could then take you to a fake site, posing as that candidate that where you’ve now entered in your financial information. If anyone is asking for money or information in an email, verify that it is indeed someone you have a relationship with, and not an imposter looking to exploit you.
How to protect yourself from phishing during election season?
1. Don’t Respond & Don’t Click
The best response is no response. If you receive a text, phone call, email, or mail from an unsolicited unknown sender, do not respond. Around election season, senders may try to stir up controversy in order to get you to respond. Don’t fall prey to their attempts. Not only should you not reply, but don’t click any links either. You should treat your personal information in the same way you treat your financial information — with extreme caution. It’s important to be wary of any link that comes your way from an unknown sender. In some cases, attackers will even disguise an email link as another URL. For example, this link below looks like a generic banking website but leads you to the MindPoint Group contact page instead.
2. Block & Report
Not only should you not respond to the unsolicited message, but you should take further action. Block the number or email address if you received the message from and then look into reporting the sender as well. Most email providers like Microsoft Outlook and Gmail have the option to report an email as phishing.
3. Update Your Passwords
Election season is an excellent reminder to keep your personal security protection as top of mind. It’s always important to update your passwords with strong passwords and enable two-factor authentication when it is available.
4. Educate Others
Knowledge is power! Help educate others by spreading awareness. It is especially important for those not in technology fields who may not be aware of the vast capabilities of cybercriminals. Most people assume they will be able to spot phishing attempts, but with the increased sophistication of attacks, everyone could use a friendly reminder. If you own a business or are a leader within an organization, make sure your employees stay educated on phishing and always report suspicious activity.
Maintaining a strong security posture is essential year-round — not just during election season. The good news is that you don’t have to go it alone. MindPoint Group’s team of cybersecurity experts has over a decade of experience in providing cybersecurity services for top commercial and public sector organizations. From pen testing to risks assessments and security engineering, we offer a wide range of services to fit your needs. Contact us to learn more.