With the Presidential election just a few days away, bad actors are ramping up their efforts to lure in victims with phishing attacks designed to harvest credentials and personal information that could lead to the next large-scale breach. The threat is so prevalent that the Better Business Bureau, the Identity Theft Resource Center and the National Association of State Election Directors have all issued warnings to the general public.
Election-related phishing attacks can surface across channels in various formats, and the unsuspecting user can be caught off-guard. Phishing is the number one cause of breaches, and all the major breaches in 2020 started with phishing. Successful phishing attacks start with a compelling message, and elections are great for cybercriminals because the message is targeted to elicit an emotional response to prompt action. Here are a few examples:
- Surveys and polls:Bad actors may send an email or post an ad on a social channel asking voters to take a survey or participate in a poll. This is a good way to collect personally identifiable information (PII) such as social security numbers. Emails requesting that you confirm your status as a registered voter to take a poll are particularly suspect.
- Petitions:It’s common to be passionate about political issues and have a desire to initiate change. Fraudsters play on this natural instinct and send bogus petition requests, asking you to offer up personal information.
- Donation requests:Like petitions, online requests for money to support an important cause or specific candidate can be fraudulent. Fraudsters may pose as campaign volunteers and ask for credit card numbers and other personal information to complete the donation. They may even impersonate candidates using pre-recorded audio to lure you in. (Screen 1)
- Registration scams: In the U.S., it is not possible to vote by phone, email, or text — but that doesn’t stop scammers from trying to convince you it isn’t. (Screen 2)
These are just some ways bad actors phish for PII, perpetrate credit card or money transfer scams. Today’s phishing doesn’t just happen over email, but numerous channels — SMS, messaging apps, social platforms, search engines, and more. According to Verizon’s 2020 Mobile Security Index, as much as 85% of mobile phishing attacks take place outside of email. SMS-based phishing attacks, or “SMishing,” has increased from 2% to 13%.
With worker mobility on the rise and 55% of the U.S. workforce projected to work remotely after Covid-19, an increasing number of unprotected mobile and personal devices falling outside the network perimeter can put organizations at high risk for fraud. In fact, mobile phishing attacks jumped 37% in 2020 since the onset of Covid-19.
Take Steps to Protect Yourself — and Your Organization
With so much election information coming from so many channels and sources, it can be hard to distinguish what’s real and fraudulent. The historic election, combined with the Covid-19 era’s “new normal” of remote working, has the unfortunate side-effect of broadening the phishing threat landscape, and cybercriminals are ready to pounce. Here are four best practices to keep in mind:
- Don’t overshare personal information. If you’re contacted via email or SMS to verify voter information, take a survey, participate in a poll, or sign a petition, consider what information you’re being asked to provide. It’s common for legitimate polls to ask how you intend to vote or what party you belong to, but they shouldn’t ask for personal information like your social security number, date of birth, or driver’s license. And if a prize is offered, it’s likely a scam. Similarly, some legitimate petitions may require basic information, but it’s probably fraudulent if asking for too much personal data. If you feel like they’re digging too deep, don’t participate.
- Research and understand your state’s voting law. Every state has specific requirements and deadlines for voter registration and the voting process. To protect yourself against these types of scams, make sure you’re familiar with the rules in your state. Check your state’s official website for up-to-date information. You can find it here.
- Research fundraising organizations or donate via your candidate’s official website. It’s tempting to just click through a social ad or text message asking you to help defeat your favorite candidate’s opponent but resist the urge. It’s better to go straight to the candidate’s website and donate there.
- Implement phishing detection and prevention on mobile and browsers. Implementing real-time anti-phishing protection on all endpoint devices that fall outside the corporate network’s perimeter defenses is essential to detecting and preventing phishing attacks and the downstream damage they cause. AI-powered solutions such as SlashNext provide zero-hour protection via lightweight cloud-based apps and block malicious phishing sites, both inside and outside the network.
Stay Ahead of Sophisticated Phishing Attacks with the World’s Largest Phishing Database
The SlashNext AI phishing detection cloud with patented SEER technology has the industry’s largest phishing database, delivering 99.07% accuracy and one in one million false positives. SlashNext inspects billions of internet transactions and millions of suspicious URLs daily using virtual browsers to detect zero-hour phishing attacks across all communication channels– email, SMS, collaboration, messaging, social networking, and search services – up to 30 days before they are live. So, when phishing campaigns launch, the threats are already blocked by SlashNext, and users are protected immediately.