How to Avoid Election Scams

Summary:

In this timely episode of Exploring Information Security, host Timothy De Block is joined by Pieter Arntz from Malwarebytes to discuss the growing threat of election-related scams. With election season upon us, scammers are becoming more active, and this episode dives deep into how these scams work, what tactics scammers use, and how to protect yourself from falling victim.

You can check out Pieter’s article How To Avoid Election Related Scams at the Malwarebytes blog.

Key Topics:

  • Seasonal Scams: Scams are often timed with key events, including elections, holidays, and tax season. Pieter discusses how scammers shift focus from elections to events like Black Friday or Christmas.

  • Common Election Scams: Scammers often target voters through text messages, social media, and robocalls, attempting to steal personal information or solicit fake donations.

  • Mobile Devices as a Target: With more focus on mobile devices, Android and Apple users are increasingly targeted through phishing texts and malicious links.

  • Social Engineering: Scammers manipulate users by pretending to represent political parties, asking for donations, or engaging in online discussions to steal information.

  • Detecting Scams: Pieter and Timothy offer practical advice on identifying scam messages, such as unsolicited communications, urgency in messaging, and phishing links with suspicious domains (e.g., .xyz, .top).

  • Who’s Behind These Scams?: The episode touches on the actors behind the scams, ranging from cybercriminal gangs to state actors, and how they profit from fraudulent activities.

  • Scams Beyond Elections: While elections are a prime target, natural disasters and other events are also exploited by scammers to steal donations and personal information.

  • Privacy Concerns: A survey revealed that 3% of people are hesitant to vote due to privacy concerns, highlighting the critical need for secure election processes.

Key Takeaways:

  1. Be Wary of Unsolicited Messages: If you receive unsolicited texts or emails, always double-check the source before acting. Election scams often use urgency to push people into making hasty decisions.

  2. Verify Political Donations: Only donate through verified websites. Scammers frequently clone official websites to trick people into giving money to fraudulent causes.

  3. Protect Your Personal Information: Avoid sharing personal details through unofficial or unfamiliar channels. Scammers can use this information for identity theft or phishing attacks.

  4. Report Scams: If you suspect a scam, report it to organizations like the FTC or the FBI to help others stay safe.

Resources Mentioned:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


ShowMeCon: Bypassing MFA with Shameer Amir

Summary:

Shameer Amir AKA Titan joins me to discuss his upcoming talk on his research into bypassing multifactor authentication (MFA) at the upcoming ShowMeCon conference. In this episode we talk about a variety of different ways of bypassing MFA from human interaction to more technical interactions with the platforms. A lot of what it comes down to is making sure MFA is setup properly.

Episode Highlights:

  • Why this talk

  • Response manipulation

  • SIM jacking

  • Misconfigurations

Guest Information:

Shameer Amir AKA Titan is a globally recognized bug hunter

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]