Phishing and Elections

• Check Email Addresses: Always verify the sender’s email address before clicking on any links or downloading attachments. Phishing emails often come from addresses that look similar to legitimate ones but have slight variations.
• Look for Red Flags: Be cautious of emails with urgent requests, spelling errors, or unfamiliar links. Official communications will rarely ask for sensitive information via email.

• Create Complex Passwords: Use a combination of letters, numbers, and symbols to create strong passwords. Avoid using easily guessable information like birthdays or common words.
• Password Managers: Utilize password managers to generate and store unique passwords for each of your accounts securely.

• Add an Extra Layer of Security: Enable 2FA on your email, social media, and other important accounts. This requires a second form of verification, such as a code sent to your phone, making it harder for attackers to gain access.
• Authentication Apps: Use authentication apps instead of SMS for better security, as SMS can be intercepted.

• Recognize Phishing Attempts: Educate yourself on the latest phishing tactics and how to recognize them. Many institutions offer training sessions and resources on cybersecurity.
• Report Suspicious Activity: If you receive a suspicious email or notice unusual activity, report it to your IT department or the appropriate authorities immediately.

• Method: Scammers send emails or messages claiming to help you register to vote or update your registration. These phishing emails often contain links to fake voter registration forms designed to steal personal identifiable information, as Social Security numbers and addresses.
• Protection Tips:
  • Register to vote only through official government websites or in person at your local election office.
  • Do not click on links or download attachments from unsolicited emails or texts.

• Method: Scammers make fake political action committees (PACs) or impersonate legitimate campaigns to solicit donations. These phishing emails or messages direct you to false donation pages to capture your credit card information or steal your donations.
• Protection Tips:
  • Donate only through official campaign websites or trusted platforms.
  • Verify the legitimacy of the organization by checking their registration with the Federal Election Commission (FEC).

• Method: Scammers pose as political volunteers or representatives of polling companies, may ask you to participate in fake surveys. These surveys are designed to collect personal information under the guise of political research.
• Protection Tips:
  • Do not provide personal or financial information in response to unsolicited surveys.
  • Verify the legitimacy of the organization conducting the poll before participating.

• Method: Cybercriminals spread false information through phishing emails or using social media, their aim is to confuse voters about election dates, procedures, or candidates’ platforms.
• Protection Tips:
  • Make sure that you are receiving your election information from official government websites or trusted news sources.
  • Be cautious of sensational or unverified news stories and report disinformation to the platform where you found it.

Phishing attacks tend to increase during election seasons. Cybercriminals often create fake election-related websites or send emails that appear to be from legitimate sources, such as voter registration drives or fundraising campaigns. These attacks aim to steal personal information or install malware on users’ devices.

Ransomware attacks can target election infrastructure, including voter registration databases and election management systems. These attacks can disrupt the electoral process by locking critical systems and demanding a ransom for their release.

DDoS attacks can overwhelm election-related websites and online services, making them unavailable to voters and officials. This can cause significant disruptions, especially on election day when access to information is crucial.

Threat actors may attempt to compromise or manipulate voter registration databases to cause confusion or delay voting. This can include altering voter information or deleting records, which can lead to disenfranchisement and mistrust in the electoral process.

Disinformation campaigns, often conducted in concert with cyberattacks, aim to spread false information and undermine public confidence in the election. These campaigns can be orchestrated by foreign adversaries or domestic actors and can significantly impact voter perception and behavior.

• Incident: Russian operatives conducted extensive cyber operations, including hacking into the email accounts of political figures and spreading disinformation through social media.
• Impact: These actions aimed to influence public opinion and undermine trust in the electoral process, highlighting the vulnerability of digital platforms to foreign interference.

• Incident: Iranian hackers breached the Trump campaign and targeted the Biden-Harris campaign, while ransomware attacks and DDoS attacks threatened election infrastructure.
• Impact: These incidents demonstrated the evolving tactics of cyber adversaries and the need for robust cybersecurity measures to protect election integrity.