Connect with us

Hi, what are you looking for?



Scammers Seize on US Election, But It’s Not Votes They Want

The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote.

The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote.

But Harvard University graduate student Maya James did not click. Instead, she Googled the name of the soliciting PAC. It didn’t exist — a clue the email was a phishing scam from swindlers trying to exploit the U.S. presidential election as a way to steal peoples’ personal information.

“There was not a trace of them,” James, 22, said. “It was a very inconspicuous email, but I noticed it used very emotional language, and that set off alarm bells.” She deleted the message, but related her experience on social media to warn others.

American voters face an especially pivotal, polarized election this year, and scammers here and abroad are taking notice — posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It’s not votes they’re after, but to win a voter’s trust, personal information and maybe a bank routing number.

The Federal Bureau of Investigation, the Better Business Bureau and cybersecurity experts have recently warned of new and increasingly sophisticated online fraud schemes that use the election as an entry, reflecting both the proliferation of political misinformation and intense interest in this year’s presidential and Senate races.

“Psychologically, these scams play to our desire to do something – to get involved, to donate, to take action,” said Sam Small, chief security officer at ZeroFOX, a Baltimore, Maryland-based digital security firm.

Online grifters regularly shift tactics to fit current events, whether they are natural disasters, a pandemic or an election, according to Small. “Give them something to work with and they’ll find a way to make a dollar,” he said.

Advertisement. Scroll to continue reading.

Foreign adversaries like Russia, China and Iran get much of the blame for creating fake social media accounts and spreading deceptive election information, largely because of efforts by groups linked to the Kremlin to interfere in the 2016 U.S. presidential election. In many instances, foreign disinformation campaigns make use of the same tools pioneered by cybercriminals: fake social media accounts, realistic looking websites and and suspicious links.

Online scams have flourished as so many of life’s routines move online during the pandemic. The FBI reported that complaints to its cybercrime reporting site jumped from 1,000 a day to 3,000-4,000 a day since the pandemic began.

Now, the final weeks of a contentious election are giving scammers yet another opportunity to strike.

“Every election is heated, but this one is very much so,” Paula Fleming, a chief marketing officer for the Better Business Bureau, said. “People are more trusting when they see it’s a political party or a candidate they like emailing them.”

The FBI warned Americans this month to watch out for election-related “spoofing,” when a scammer creates a campaign website or email address almost identical to a real one. A small misspelling or a slight change – using .com instead of .gov, for instance – are tell-tale signs of fraud, the agency said.

Investigators at ZeroFOX routinely scan dark corners of the internet to identify threats against its customers. This summer, they found a large cache of personal data for sale. The data dump included the phone numbers, ages and other basic demographic information for thousands of Americans. What made the data remarkable was that it also contained partisan affiliation, the “cherry on top” for anyone interested in buying the material, Small said.

“Someone could use that to pretend to be a political action committee raising money, to try to get your personal information or your account numbers,” he said.

In 2018, scammers posed as employees from the non-profit voting advocacy group TurboVote and phoned people in Georgia, Washington and at least three other states asking them to register to vote. The calls prompted complaints to state election officials, who issued a public warning.

“TurboVote doesn’t call. You’ll never get a call from us,” group spokeswoman Tanene Allison said of the organization that helped register millions of voters in 2018. “If you’re hearing something and you can’t verify the source, always check with your local election officials.”

Voters should be cautious of claims that sound too good to be true, fraud experts say. Before donating to any group that reached out by email or text, check their website or look to see if they’re registered as a charity or campaign. Does the organization have a physical location and phone number? Scammers often do not.

Beware of pushy pollsters or fundraisers, or emails or websites that use emotionally loaded language that makes you angry or fearful, a tactic that experts say plays on human psychology. And don’t reveal personal information over the phone.

“It is tricky because there are legitimate organizations out there that are trying to help people register to vote,” said Eva Velasquez, a former financial crimes investigator who now runs the Identity Theft Resource Center, based in San Diego. “But you don’t have to act in the moment. Take a few minutes and do a little homework.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...