Online fraudsters, Russian spies, or both are using fake voter registration emails to trick American voters seeking to participate in the upcoming U.S. general election out of their personal information, including name, address, date of birth, and Social Security number.
This is according to KnowBe4, a company that provides awareness training on phishing attacks and other security issues.
"Your Arizona voter registration application that was submitted was reviewed by your county clerk and some details could not be verified," reads a sample email included in a KnowBe4 blog post." Please reconfirm details for processing which could take up to two days to be reflected in the system."
This is followed by a helpful link, "You may reconfirm your application here."
Threatpost's Lindsey O'Donnell noted that the lousy spelling, grammar, and punctuation should suggest that this is a phishing email. But it can also help phishers weed out the clever ones.
The email appears to be from the U.S. Election Assistance Commission.
However, the link is to a fake version of Service Arizona, the official website of the Arizona Department of Motor Vehicles, which has a voter registration section.
The fake site asks for everything an identity thief needs to steal your identity: your name, mailing address, date of birth, Social Security number, plus your e-mail address and driver's license information. (The real Service Arizona site asks for only the last four digits of your SSN.)
Needless to say, if you receive a similar email that appears to be from the U.S. Election Assistance Commission or related agencies, be very careful. Instead of clicking on the embedded link, call the agency concerned to verify that it is genuine.
If you do click on the link, verify the website address and do not conduct this business on a cell phone or tablet. And never give your Social Security number to anyone who asks for it.
Oddly enough, Eric Howes of KnowBe4 wrote that this email sample was submitted by a KnowBe4 user in Kenosha, Wisconsin.
Like Arizona, Wisconsin is a "battleground state" where presidential candidates are vying for victory. That fact led Howes to speculate that this might not be just a phishing email.
"Given the election angle," he wrote, "we cannot ignore the possibility that this phish is part of an attempt by an unknown party to intervene in the election process, either by creating confusion and chaos or by engaging in some form of election fraud.
Comments