While voting is underway for the 2020 presidential election, some hackers are taking advantage of voting enthusiasm by scamming individuals with fake registration websites that collect sensitive personal data.
According to ZDNet, the phishing campaigns have been in effect since September and have since been spotted by tech security firms KnowBe4 and Proofpoint. According to the companies, the fake emails look like they have been sent by the U.S. Election Assistance Commission, which is the agency that is responsible for dealing with voter registration and election guidelines. The messages even use official U.S. logos and may link up to fake websites that look legitimate but do not have a “.gov” URL ending.
Subject lines in the fraudulent emails are often something like, “voter registration application details couldn’t be confirmed.”
“Your county clerk couldn’t confirm voter registration,” read another example.
The fraudsters then direct their targets to fill out a new voter registration form. This new form asks for details including the individual’s name, date of birth, mailing and email address, social security number, and driver’s license information.
The data then allows criminals to open accounts and credit lines in other peoples’ names.
According to KnowBe4 and Proofpoint, the spammers are using a basic email template, and ZDNet has images of how the messages involved in the scam usually look.
But it is not just this voter registration scam that is targeting Americans. Tech companies have warned that a similar scam appears to be run by the same hacking group — and this one even more serious. The message asks Americans for financial information under the guise that their accounts must be set up to receive coronavirus-related aid should a second stimulus package pass in Congress.
However, details that are required include sensitive data such as bank name, account, routing numbers, and even banking usernames and passwords.
Though it is not known how successful these phishing attempts have been, Proofpoint noted that they must be making a decent amount of money as the fraudsters are continuing their operations.
Other websites have detailed even more crimes that occur around elections.
“Fraudsters pretend to be an election official and contact you by email, text, phone, or social media. For example, you receive an unsolicited phone call asking you to pay a fee to complete your voter registration paperwork. After you pay, you never receive your voter registration card in the mail,” explained Cyber Crime Support in one example.
“If you provided financial information, contact your bank or financial institution immediately to close or change any compromised accounts. Then visit Fraudsupport.org for more recovery tips,” the website concluded.