Chicago Tribune (Sunday)

Scammers exploit election looking for personal info

Cybercrimi­nals key on current events in bid to make money

- By David Klepper

PROVIDENCE, R.I. — The email from a political action committee seemed harmless: If yousupport­Joe Biden, it urged, click here to make sure you’re registered to vote.

But Harvard University graduate student Maya Jamesdid not click. Instead, sheGoogled­thenameof the soliciting PAC. It didn’t exist — a clue the email was a phishing scam from swindlers trying to exploit the U.S. presidenti­al election as a way to steal peoples’ personal informatio­n.

“There was not a trace of them,” James, 22, said. “It was a very inconspicu­ous email, but I noticed it used very emotional language, and that set off alarm bells.”

American voters face an especially polarized election this year, and scammers here and abroad are taking notice — posing as fundraiser­s and pollsters, impersonat­ing candidates and campaigns, and launching fake voter registrati­on drives. It’s not votes they’re after, but to win a voter’s trust, personal informatio­n and maybe a bank routing number.

The Federal Bureau of Investigat­ion, the Better Business Bureau and cybersecur­ity experts have recently warned of new and increasing­ly sophistica­ted online fraud schemes that use the election as an entry, reflecting both the proliferat­ion of political misinforma­tion and intense interest in this year’s presidenti­al and Senate races.

“Psychologi­cally, these scams play to our desire to do something — to get involved, to donate, to take action,” said Sam Small, chief security officer at ZeroFOX, a Baltimore, Maryland-based digital security firm.

Online grifters regularly shift tactics to fit current events, whether they are natural disasters, a pandemic or an election, according to Small. “Give them something to work with and they’ll find a way to make a dollar,” he said.

Adversarie­s like Russia, China and Iran get much of the blame for creating fake social media accounts and spreading deceptive election informatio­n, largely because of efforts by groups linked to the Kremlin to interfere in the 2016 U.S. presidenti­al election. In many instances, foreign disinforma­tion campaigns make use of the same tools pioneered by cybercrimi­nals: fake social media accounts, realistic looking websites and suspicious links.

Online scams have flourished as so many of life’s routines move online during the pandemic. The FBI reported that complaints to its cybercrime reporting site jumped from 1,000 a day to 3,000 to 4,000 a day since the pandemic began.

“Every election is heated, but this one is very much so,” Paula Fleming, a chief marketing officer for the Better Business Bureau, said.“People aremore trusting when they see it’s a political party or a candidate they like emailing them.”

The FBI warned Americans this month to watch out for election-related “spoofing,” when a scammer creates a campaign website or email address almost identical to a real one. Asmall misspellin­g or a slight change — using .com instead of .gov, for instance — are telltale signs of fraud, the agency said.

Investigat­ors atZeroFOX routinely scan dark corners of the internet to identify threats against its customers. This summer, they found a large cache of personal data for sale. The data dump included the phone numbers, ages and other basic demographi­c informatio­n for thousands of Americans. What made the data remarkable was that it also contained partisan affiliatio­n, the “cherry on top” for anyone interested in buying the material, Small said.

“Someone could use that to pretend to be a political

action committee raising money, to try to get your personal informatio­n or your account numbers,” he said.

Voters should be cautious of claims that sound too good to be true, fraud experts say. Before donating to any group that reached out by email or text, check their website or look to see if they’re registered as a campaign. Does the organizati­on have a physical location and phone number? Scammers often do not.

Beware of pushy pollsters or fundraiser­s, or emails or websites that use

emotionall­y loaded language that makes you angry or fearful, a tactic that experts say plays on human psychology. And don’t reveal personal informatio­n over the phone.

“It is tricky because there are legitimate organizati­ons out there that are trying to help people register to vote,” said Eva Velasquez, a former financial crimes investigat­or who now runs the Identity Theft Resource Center, based in San Diego. “But you don’t have to act in the moment. Take a few minutes and do a little homework.”

 ?? MICHAEL DWYER/AP ?? Harvard University graduate student Maya James received an email from a political action committee that seemed harmless. But a Google search showed her the PAC didn’t exist.
MICHAEL DWYER/AP Harvard University graduate student Maya James received an email from a political action committee that seemed harmless. But a Google search showed her the PAC didn’t exist.

Newspapers in English

Newspapers from United States