Scammers exploit election looking for personal info
Cybercriminals key on current events in bid to make money
PROVIDENCE, R.I. — The email from a political action committee seemed harmless: If yousupportJoe Biden, it urged, click here to make sure you’re registered to vote.
But Harvard University graduate student Maya Jamesdid not click. Instead, sheGoogledthenameof the soliciting PAC. It didn’t exist — a clue the email was a phishing scam from swindlers trying to exploit the U.S. presidential election as a way to steal peoples’ personal information.
“There was not a trace of them,” James, 22, said. “It was a very inconspicuous email, but I noticed it used very emotional language, and that set off alarm bells.”
American voters face an especially polarized election this year, and scammers here and abroad are taking notice — posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It’s not votes they’re after, but to win a voter’s trust, personal information and maybe a bank routing number.
The Federal Bureau of Investigation, the Better Business Bureau and cybersecurity experts have recently warned of new and increasingly sophisticated online fraud schemes that use the election as an entry, reflecting both the proliferation of political misinformation and intense interest in this year’s presidential and Senate races.
“Psychologically, these scams play to our desire to do something — to get involved, to donate, to take action,” said Sam Small, chief security officer at ZeroFOX, a Baltimore, Maryland-based digital security firm.
Online grifters regularly shift tactics to fit current events, whether they are natural disasters, a pandemic or an election, according to Small. “Give them something to work with and they’ll find a way to make a dollar,” he said.
Adversaries like Russia, China and Iran get much of the blame for creating fake social media accounts and spreading deceptive election information, largely because of efforts by groups linked to the Kremlin to interfere in the 2016 U.S. presidential election. In many instances, foreign disinformation campaigns make use of the same tools pioneered by cybercriminals: fake social media accounts, realistic looking websites and suspicious links.
Online scams have flourished as so many of life’s routines move online during the pandemic. The FBI reported that complaints to its cybercrime reporting site jumped from 1,000 a day to 3,000 to 4,000 a day since the pandemic began.
“Every election is heated, but this one is very much so,” Paula Fleming, a chief marketing officer for the Better Business Bureau, said.“People aremore trusting when they see it’s a political party or a candidate they like emailing them.”
The FBI warned Americans this month to watch out for election-related “spoofing,” when a scammer creates a campaign website or email address almost identical to a real one. Asmall misspelling or a slight change — using .com instead of .gov, for instance — are telltale signs of fraud, the agency said.
Investigators atZeroFOX routinely scan dark corners of the internet to identify threats against its customers. This summer, they found a large cache of personal data for sale. The data dump included the phone numbers, ages and other basic demographic information for thousands of Americans. What made the data remarkable was that it also contained partisan affiliation, the “cherry on top” for anyone interested in buying the material, Small said.
“Someone could use that to pretend to be a political
action committee raising money, to try to get your personal information or your account numbers,” he said.
Voters should be cautious of claims that sound too good to be true, fraud experts say. Before donating to any group that reached out by email or text, check their website or look to see if they’re registered as a campaign. Does the organization have a physical location and phone number? Scammers often do not.
Beware of pushy pollsters or fundraisers, or emails or websites that use
emotionally loaded language that makes you angry or fearful, a tactic that experts say plays on human psychology. And don’t reveal personal information over the phone.
“It is tricky because there are legitimate organizations out there that are trying to help people register to vote,” said Eva Velasquez, a former financial crimes investigator who now runs the Identity Theft Resource Center, based in San Diego. “But you don’t have to act in the moment. Take a few minutes and do a little homework.”
Harvard University graduate student Maya James received an email from a political action committee that seemed harmless. But a Google search showed her the PAC didn’t exist.