I created this blog post for distribution internally as part of our Security Awareness program. Feel free to grab and share internally at your own company.
As the November 5, 2024, US elections approach, cybercriminals are exploiting the event to carry out sophisticated phishing campaigns, financial fraud, and misinformation according to a report from BforeAI. These malicious actors often use the names of prominent candidates, like "Harris," "Trump," and "Biden," in fake domains to mislead the public. Websites mimicking legitimate voting resources aim to steal personal and financial information. Additionally, fraudulent ecommerce stores and cryptocurrency themed around the elections pose significant financial risks to unsuspecting voters.
The Threat Landscape
Phishing and Fake Domains: Cybercriminals are creating fake domains and websites using candidate names and election-related terms like “vote” and “election” to increase their credibility. These sites are used to deceive voters into providing sensitive information, making donations to fraudulent campaigns, or spreading misinformation about voting dates and locations. For example, domains like "vote-no-sunnybailey[.]com" are designed to manipulate public opinion and suppress voter turnout through the dissemination of fake news and propaganda.
Financial Fraud: Many malicious websites are set up to collect personal and financial information from voters. Fraudulent donation sites mimic legitimate campaign fundraising efforts but are designed to steal credit card details and personally identifiable information (PII). This data is then sold on and used for future fraud and social engineering attacks. Furthermore, the emergence of meme coins themed around the elections is another avenue for financial exploitation, with these digital currencies often promoted on social media as quick investment opportunities, only to disappear after collecting funds from unsuspecting victims.
Misinformation Campaigns: Cybercriminals are also leveraging free web hosting platforms to quickly create and abandon malicious websites. These sites often contain misinformation about voting procedures, dates, and locations, aimed at confusing voters and reducing turnout. Additionally, unauthorized live streaming websites and other online platforms are being used to spread propaganda and manipulate voter behavior, further complicating the election process.
How to Protect Your Vote
To safeguard your vote and personal information during this election season, it’s essential to stay informed:
Use Official Sources: Always verify voting information through official government websites like usa.gov and vote.gov. These sites use the “.gov” domain, which is restricted to government entities and ensures the legitimacy of the information.
Avoid Clicking on Suspicious Links: Be wary of unsolicited emails, texts, or social media messages that link to unknown sites, especially those asking for donations or personal information. Always navigate to the official campaign or government website directly.
Conclusion
The 2024 US elections are a prime target for cybercriminals seeking to exploit voter emotions and manipulate election outcomes. By understanding the tactics used in these malicious campaigns, voters can better protect their identities and their votes. Staying informed and cautious is the best defense against these evolving threats.