The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote.
But Harvard University graduate student Maya James did not click. Instead, she Googled the name of the soliciting PAC. It didn’t exist — a clue the email was a phishing scam from swindlers trying to exploit the U.S. presidential election as a way to steal peoples’ personal information.
“There was not a trace of them,” James, 22, said. “It was a very inconspicuous email, but I noticed it used very emotional language, and that set off alarm bells.” She deleted the message, but related her experience on social media to warn others.
American voters face an especially pivotal, polarized election this year, and scammers here and abroad are taking notice — posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It’s not votes they’re after, but to win a voter’s trust, personal information and maybe a bank routing number.
The Federal Bureau of Investigation, the Better Business Bureau and cybersecurity experts have recently warned of new and increasingly sophisticated online fraud schemes that use the election as an entry, reflecting both the proliferation of political misinformation and intense interest in this year’s presidential and Senate races.
“Psychologically, these scams play to our desire to do something – to get involved, to donate, to take action,” said Sam Small, chief security officer at ZeroFOX, a Baltimore, Maryland-based digital security firm.
Online grifters regularly shift tactics to fit current events, whether they are natural disasters, a pandemic or an election, according to Small. “Give them something to work with and they’ll find a way to make a dollar,” he said.
Foreign adversaries like Russia, China and Iran get much of the blame for creating fake social media accounts and spreading deceptive election information, largely because of efforts by groups linked to the Kremlin to interfere in the 2016 U.S. presidential election. In many instances, foreign disinformation campaigns make use of the same tools pioneered by cybercriminals: fake social media accounts, realistic looking websites and and suspicious links.
Online scams have flourished as so many of life’s routines move online during the pandemic. The FBI reported that complaints to its cybercrime reporting site jumped from 1,000 a day to 3,000-4,000 a day since the pandemic began.
Now, the final weeks of a contentious election are giving scammers yet another opportunity to strike.
“Every election is heated, but this one is very much so,” Paula Fleming, a chief marketing officer for the Better Business Bureau, said. “People are more trusting when they see it’s a political party or a candidate they like emailing them.”
The FBI warned Americans this month to watch out for election-related “spoofing,” when a scammer creates a campaign website or email address almost identical to a real one. A small misspelling or a slight change – using .com instead of .gov, for instance – are tell-tale signs of fraud, the agency said.
Investigators at ZeroFOX routinely scan dark corners of the internet to identify threats against its customers. This summer, they found a large cache of personal data for sale. The data dump included the phone numbers, ages and other basic demographic information for thousands of Americans. What made the data remarkable was that it also contained partisan affiliation, the “cherry on top” for anyone interested in buying the material, Small said.
“Someone could use that to pretend to be a political action committee raising money, to try to get your personal information or your account numbers,” he said.
In 2018, scammers posed as employees from the non-profit voting advocacy group TurboVote and phoned people in Georgia, Washington and at least three other states asking them to register to vote. The calls prompted complaints to state election officials, who issued a public warning.
“TurboVote doesn’t call. You’ll never get a call from us,” group spokeswoman Tanene Allison said of the organization that helped register millions of voters in 2018. “If you’re hearing something and you can’t verify the source, always check with your local election officials.”
Voters should be cautious of claims that sound too good to be true, fraud experts say. Before donating to any group that reached out by email or text, check their website or look to see if they’re registered as a charity or campaign. Does the organization have a physical location and phone number? Scammers often do not.
Beware of pushy pollsters or fundraisers, or emails or websites that use emotionally loaded language that makes you angry or fearful, a tactic that experts say plays on human psychology. And don’t reveal personal information over the phone.
“It is tricky because there are legitimate organizations out there that are trying to help people register to vote,” said Eva Velasquez, a former financial crimes investigator who now runs the Identity Theft Resource Center, based in San Diego. “But you don’t have to act in the moment. Take a few minutes and do a little homework.”