Scam­mers ex­ploit elec­tion look­ing for per­sonal info

Cy­ber­crim­i­nals key on cur­rent events in bid to make money

Chicago Tribune (Sunday) - - NATION & WORLD - By David Klepper

PROV­I­DENCE, R.I. — The email from a po­lit­i­cal ac­tion com­mit­tee seemed harm­less: If yousup­port­Joe Bi­den, it urged, click here to make sure you’re reg­is­tered to vote.

But Har­vard Univer­sity grad­u­ate stu­dent Maya James­did not click. In­stead, sheGoogled­thenameof the so­lic­it­ing PAC. It didn’t ex­ist — a clue the email was a phish­ing scam from swindlers try­ing to ex­ploit the U.S. pres­i­den­tial elec­tion as a way to steal peo­ples’ per­sonal in­for­ma­tion.

“There was not a trace of them,” James, 22, said. “It was a very in­con­spic­u­ous email, but I no­ticed it used very emo­tional lan­guage, and that set off alarm bells.”

Amer­i­can vot­ers face an es­pe­cially po­lar­ized elec­tion this year, and scam­mers here and abroad are tak­ing no­tice — pos­ing as fundrais­ers and poll­sters, im­per­son­at­ing can­di­dates and cam­paigns, and launch­ing fake voter reg­is­tra­tion drives. It’s not votes they’re af­ter, but to win a voter’s trust, per­sonal in­for­ma­tion and maybe a bank rout­ing num­ber.

The Fed­eral Bureau of In­ves­ti­ga­tion, the Bet­ter Busi­ness Bureau and cy­ber­se­cu­rity ex­perts have re­cently warned of new and in­creas­ingly so­phis­ti­cated on­line fraud schemes that use the elec­tion as an en­try, re­flect­ing both the pro­lif­er­a­tion of po­lit­i­cal mis­in­for­ma­tion and intense in­ter­est in this year’s pres­i­den­tial and Senate races.

“Psy­cho­log­i­cally, th­ese scams play to our de­sire to do some­thing — to get in­volved, to do­nate, to take ac­tion,” said Sam Small, chief se­cu­rity of­fi­cer at ZeroFOX, a Bal­ti­more, Mary­land-based dig­i­tal se­cu­rity firm.

On­line grifters reg­u­larly shift tac­tics to fit cur­rent events, whether they are nat­u­ral dis­as­ters, a pan­demic or an elec­tion, ac­cord­ing to Small. “Give them some­thing to work with and they’ll find a way to make a dol­lar,” he said.

Ad­ver­saries like Rus­sia, China and Iran get much of the blame for creat­ing fake so­cial me­dia ac­counts and spread­ing de­cep­tive elec­tion in­for­ma­tion, largely be­cause of ef­forts by groups linked to the Krem­lin to in­ter­fere in the 2016 U.S. pres­i­den­tial elec­tion. In many in­stances, for­eign dis­in­for­ma­tion cam­paigns make use of the same tools pi­o­neered by cy­ber­crim­i­nals: fake so­cial me­dia ac­counts, re­al­is­tic look­ing web­sites and sus­pi­cious links.

On­line scams have flour­ished as so many of life’s rou­tines move on­line dur­ing the pan­demic. The FBI re­ported that com­plaints to its cy­ber­crime re­port­ing site jumped from 1,000 a day to 3,000 to 4,000 a day since the pan­demic be­gan.

“Ev­ery elec­tion is heated, but this one is very much so,” Paula Flem­ing, a chief mar­ket­ing of­fi­cer for the Bet­ter Busi­ness Bureau, said.“Peo­ple are­more trust­ing when they see it’s a po­lit­i­cal party or a can­di­date they like email­ing them.”

The FBI warned Amer­i­cans this month to watch out for elec­tion-re­lated “spoof­ing,” when a scam­mer cre­ates a cam­paign web­site or email ad­dress al­most iden­ti­cal to a real one. As­mall mis­spelling or a slight change — us­ing .com in­stead of .gov, for in­stance — are tell­tale signs of fraud, the agency said.

In­ves­ti­ga­tors atZeroFOX rou­tinely scan dark cor­ners of the in­ter­net to iden­tify threats against its cus­tomers. This sum­mer, they found a large cache of per­sonal data for sale. The data dump in­cluded the phone num­bers, ages and other ba­sic de­mo­graphic in­for­ma­tion for thou­sands of Amer­i­cans. What made the data re­mark­able was that it also con­tained par­ti­san af­fil­i­a­tion, the “cherry on top” for any­one in­ter­ested in buy­ing the ma­te­rial, Small said.

“Some­one could use that to pre­tend to be a po­lit­i­cal

ac­tion com­mit­tee rais­ing money, to try to get your per­sonal in­for­ma­tion or your ac­count num­bers,” he said.

Vot­ers should be cau­tious of claims that sound too good to be true, fraud ex­perts say. Be­fore do­nat­ing to any group that reached out by email or text, check their web­site or look to see if they’re reg­is­tered as a cam­paign. Does the or­ga­ni­za­tion have a phys­i­cal lo­ca­tion and phone num­ber? Scam­mers often do not.

Be­ware of pushy poll­sters or fundrais­ers, or emails or web­sites that use

emo­tion­ally loaded lan­guage that makes you an­gry or fear­ful, a tac­tic that ex­perts say plays on hu­man psy­chol­ogy. And don’t re­veal per­sonal in­for­ma­tion over the phone.

“It is tricky be­cause there are le­git­i­mate or­ga­ni­za­tions out there that are try­ing to help peo­ple reg­is­ter to vote,” said Eva Ve­lasquez, a for­mer fi­nan­cial crimes in­ves­ti­ga­tor who now runs the Iden­tity Theft Re­source Cen­ter, based in San Diego. “But you don’t have to act in the mo­ment. Take a few min­utes and do a lit­tle home­work.”


Har­vard Univer­sity grad­u­ate stu­dent Maya James re­ceived an email from a po­lit­i­cal ac­tion com­mit­tee that seemed harm­less. But a Google search showed her the PAC didn’t ex­ist.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.