Election Scams

With election season beginning to ramp up, it’s important to be aware and prepared for the barrage of phishing, smishing, vishing and other “ishing” scams and campaigns that are sure to follow. Just this weekend, I received multiple texts related to voting and polling, so let’s explore a few of the common scams and tactics that bad actors will try to leverage to obtain your personal information.

Fake Voter Surveys or Polls

Election season will always bring numerous, legit organizations and campaigns calling and polling voters to learn what issues and problems candidates should focus on. However, we also know that bad actors will use these to obtain as much personal information about individuals as possible. Some will offer the lure of monetary compensation and gifts to participants. If you choose to participate in one of these polls, be sure not to provide too much personal information. Some demographic information is normal, like age and race and which political party you identify with, but providing much more than that should be a red flag. Also, if you get texts and emails with links to click on to participate in polls, I highly suggest you investigate the entities contacting you before clicking on ANYTHING! Remember, surveys shouldn’t require your social security or credit card number to participate.

Political Donation Scams

No surprise on this one. Bad guys will often impersonate campaign workers and attempt to solicit funds from victims on behalf of their “candidate”. This may come in the form of a phone call, email, text or maybe even showing up at your house in person. Always do your research on any organization asking for money. Never click on links or respond to messages you are unsure where they originated from. These can often lead to malicious software and applications being installed on your devices. If you are ever unsure but want to donate, it is probably best to find and go through the candidate’s official campaign page.

Voter Registration Scams

Anyone contacting you by any means saying you are not registered to vote or need to register should raise a red flag. Bad actors will try to get victims to click on a link and submit personal information to “register” to vote. Often, not only will these links lead to fake pages for you to enter your information to be stolen, but they are also usually laced with malware. If you receive any form of communication asking you to confirm your voter registration information or register to vote, or if your registration has expired, please contact your local voter registration office and go through them.

These are just a few scams that we often see repeated year after year, and this year, they seem to be coming earlier and with more frequency. With anything of this nature, following the suggestions below can help you better prepare and protect your organization and employees.

  • Educate users in your organization about political phishing campaigns
  • Continued internal training for phishing and social engineering campaigns
  • Enforce or enable multi-factor authentication
  • Maintain and enforce a strong password policy
  • Keep all systems up to date and patched for the known latest vulnerabilities
  • Block threat indicators at their respective controls
  • Backup critical data regularly
  • Have a recovery plan
  • Use app hardening
  • Restrict administrative access

DefenseStorm is committed to providing the latest and most critical information about cybersecurity threats, scams, and developments. Follow us on LinkedIn or check our resources page regularly for more essential news and insights.


Original Post by DefenseStorm on January 17, 2024: https://defensestorm.com/insights/election-scams/