Phishing and Elections

As the 2024 election season approaches, the digital landscape becomes increasingly fraught with cybersecurity risks and threats. Higher education institutions, with their vast networks and diverse user bases, are particularly vulnerable. This article explores the potential cyber risks associated with the upcoming election and provides practical tips for protecting your personal identifiable information (PII) and enhancing cybersecurity.

Four Ways to Protect Your Data during Election Season

Election seasons are prime times for cybercriminals to launch phishing attacks, aiming to steal personal information or install malware. Here are four effective ways to protect your data during this critical period:

    • Check Email Addresses: Always verify the sender’s email address before clicking on any links or downloading attachments. Phishing emails often come from addresses that look similar to legitimate ones but have slight variations.
    • Look for Red Flags: Be cautious of emails with urgent requests, spelling errors, or unfamiliar links. Official communications will rarely ask for sensitive information via email.
    • Create Complex Passwords: Use a combination of letters, numbers, and symbols to create strong passwords. Avoid using easily guessable information like birthdays or common words.
    • Password Managers: Utilize password managers to generate and store unique passwords for each of your accounts securely.
    • Add an Extra Layer of Security: Enable 2FA on your email, social media, and other important accounts. This requires a second form of verification, such as a code sent to your phone, making it harder for attackers to gain access.
    • Authentication Apps: Use authentication apps instead of SMS for better security, as SMS can be intercepted.
    • Recognize Phishing Attempts: Educate yourself on the latest phishing tactics and how to recognize them. Many institutions offer training sessions and resources on cybersecurity.
    • Report Suspicious Activity: If you receive a suspicious email or notice unusual activity, report it to your IT department or the appropriate authorities immediately.

Common Types of Phishing Scams to Watch Out During the Election Season

    • Method: Scammers send emails or messages claiming to help you register to vote or update your registration. These phishing emails often contain links to fake voter registration forms designed to steal personal identifiable information, as Social Security numbers and addresses.
    • Protection Tips:
      • Register to vote only through official government websites or in person at your local election office.
      • Do not click on links or download attachments from unsolicited emails or texts.
    • Method: Scammers make fake political action committees (PACs) or impersonate legitimate campaigns to solicit donations. These phishing emails or messages direct you to false donation pages to capture your credit card information or steal your donations.
    • Protection Tips:
      • Donate only through official campaign websites or trusted platforms.
      • Verify the legitimacy of the organization by checking their registration with the Federal Election Commission (FEC).
    • Method: Scammers pose as political volunteers or representatives of polling companies, may ask you to participate in fake surveys. These surveys are designed to collect personal information under the guise of political research.
    • Protection Tips:
      • Do not provide personal or financial information in response to unsolicited surveys.
      • Verify the legitimacy of the organization conducting the poll before participating.
    • Method: Cybercriminals spread false information through phishing emails or using social media, their aim is to confuse voters about election dates, procedures, or candidates’ platforms.
    • Protection Tips:
      • Make sure that you are receiving your election information from official government websites or trusted news sources.
      • Be cautious of sensational or unverified news stories and report disinformation to the platform where you found it.

Election-Related Cybersecurity Risks & Threats

  • Phishing attacks tend to increase during election seasons. Cybercriminals often create fake election-related websites or send emails that appear to be from legitimate sources, such as voter registration drives or fundraising campaigns. These attacks aim to steal personal information or install malware on users’ devices.

  • Ransomware attacks can target election infrastructure, including voter registration databases and election management systems. These attacks can disrupt the electoral process by locking critical systems and demanding a ransom for their release.

  • DDoS attacks can overwhelm election-related websites and online services, making them unavailable to voters and officials. This can cause significant disruptions, especially on election day when access to information is crucial.

  • Threat actors may attempt to compromise or manipulate voter registration databases to cause confusion or delay voting. This can include altering voter information or deleting records, which can lead to disenfranchisement and mistrust in the electoral process.

  • Disinformation campaigns, often conducted in concert with cyberattacks, aim to spread false information and undermine public confidence in the election. These campaigns can be orchestrated by foreign adversaries or domestic actors and can significantly impact voter perception and behavior.

Real-Life Scenarios of Past Election Cybersecurity Risks

    • Incident: Russian operatives conducted extensive cyber operations, including hacking into the email accounts of political figures and spreading disinformation through social media.
    • Impact: These actions aimed to influence public opinion and undermine trust in the electoral process, highlighting the vulnerability of digital platforms to foreign interference.
    • Incident: Iranian hackers breached the Trump campaign and targeted the Biden-Harris campaign, while ransomware attacks and DDoS attacks threatened election infrastructure.
    • Impact: These incidents demonstrated the evolving tactics of cyber adversaries and the need for robust cybersecurity measures to protect election integrity.

Guidance for LMU on How to Report Election Related Incidents

Election scams are a serious threat that requires proactive measures to protect yourself, especially in the higher education sector. By being vigilant and taking steps to secure your personal information, you can reduce the risk of being scammed and ensure your safety and privacy.

If you have any specific concerns or need further assistance, feel free to reach out to ITS Service Desk at servicedesk@lmu.edu

If you have any questions or need more detailed advice, ITS Information Security Team are here to help!

The following resources from Cybersecurity & Infrastructure Security Agency (CISA) provide additional guidance on potential Election Scam risks and threats.