Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
Scammers thrive in times of crisis and confusion. This is perhaps why the controversy surrounding mail-in voting could prove to be another golden opportunity for cybercriminals.
Throughout 2020, we’ve seen a surge of cybercriminals capitalizing on key and newsworthy moments in the COVID-19 crisis, creating scams that take advantage of the stimulus checks, the Paycheck Protection Program and students heading back to school.
Knowing that people are seeking answers during uncertain times, hackers craft scams – usually in the form of phishing emails – that appear to provide the information people are looking for. Instead, victims are lured to fake websites that are designed to steal their valuable personal or financial information.
Given the uncertainties surrounding election security and voters’ safety during the pandemic, fueled further by President Trump’s recent attacks against the US Postal Service, it’s highly likely that scammers could set their sights on creating scams associated with mail-in voting.
In fact, our researchers discovered that around 75 domains spoofing websites related to mail-in voting were registered between July 2 to August 6.
Some of these websites tout information about voting-by-mail, such as mymailinballot.com and mailinyourvote.com. Others encourage voters to request or track their ballot, such as requestmailinballot.com and myballotracking.com.
Anyone accessing these websites should be wary, though. Keep reading to find out why.
To understand the risks these spoofed domains pose, consider why hacker’s create them. They’re after sensitive information like your name, address, and phone number as well as financial information like your credit card details.
For example, if a malicious website claims to offer visitors a way to register to vote or cast their vote – which several of these newly created domains did – there will be a form that collects personally identifiable information (PII). Likewise, if a malicious website is asking for donations, visitors will be asked to enter credit card details.
If any of this information falls into the wrong hands, it could be sold on the dark web, resulting in identity theft or payment card fraud.
Of course, not every domain that our researchers discovered can be deemed malicious. But, it’s important you stay vigilant and never provide personal information unless you trust the domain.
Here are some tips to help you avoid falling victim to voting scams in the upcoming election:
1. Find answers online, but don’t trust everything you read
It’s perfectly reasonable to look online for answers about how to vote. There’s a lot of useful information about ordering absentee ballots and locating local secure ballot boxes. However, be aware that there is a lot of misinformation online, particularly around this year’s election. Source information from trusted websites like https://www.usa.gov/how-to-vote.
2. Think twice before sharing personal details
Before entering any personal or financial details, always check the URL of the domain and verify the legitimacy of the service by calling them directly. Question domains or pop-ups that request personal information from you, especially as it relates to your voting preference or other personal information.
3. Never share direct deposit details, credit card information, or your Social Security number on an unfamiliar website
This information should be kept private and confidential. If a website asks you to share details like this, walk away.
Keep up with our blog for more insights, analysis, and tips for staying safe online.