With the US presidential election dates coming soon, phishing groups are taking the chance to maximize their unethical profits. They are using voter registration-related lures to trick people into entering sensitive information like name, contact number, addresses, and sometimes even bank details and email passwords on the official-looking forms. These forms look like official ones issued by the election commission, but they actually give sensitive information to attackers to use as they will.
These campaigns have been going on since September, and the attackers have no intention of stopping anytime soon. These methods will be relevant until the elections, and unless the general masses get to know about it, they will fall victim. Email security firms KnowBe4 and Proofpoint have spotted that these campaigns are spoofing the identity of the US Election Assistance Commission (EAC). The EAC is the US government agency that looks after and is responsible for managing voter registration guidelines.
The subject lines in an email are the most important and eye-catching part. These attackers use simple subject to play on the fears of US citizens that their voter registrations might have failed. Using subject lines like “voter registration application details couldn’t be confirmed” and “your county clerk couldn’t confirm voter registration,” tricked users into opening web pages posing as government sites. There, they would fill up their information again in the voter registration forms, and sometimes these web pages even had the audacity to ask for bank details and email passwords.
Proofpoint says that these sites are fake and are usually hosted on hacked WordPress sites. Failing to notice the incorrect URL, users will end up providing their personal details to a criminal group. Data usually collected via these forms include name, date of birth, mail address, email address, Social Security Number (SSN), and driver’s license information.
The spammers use basic templates, and all their emails usually link to a site that looks very much similar to the official website. With the election approaching, the attacks have become more severe and the websites have become cockier.
They even ask for details like bank name, account number, routing number, email accounts password, and much more, which no one other than the n=bank and you are supposed to know. To allay fears, spammers claim this extra information is needed so users can claim a “stimulus.”
Proofpoint says that these spam and phishing attacks are the work of well-established and organized groups. They seem to have previous work experience, judging by the intensity of the attacks. Previously, they had profited by attacking businesses with the pretense of COVID-19 business grant-related lures.
People have not reported too many fraudulent transaction cases, which can be related to these attacks. It is unclear how successful these attacks are, but they seem to be ding pretty well. The fact that they are still running means they have some profits at the end of the day, otherwise, they would not be using these tactics anymore.