According to cybersecurity experts, there has been a sudden increase in politically themed cyber threats with the upcoming 2024 US presidential election.
Cybercriminals are taking advantage of the election to run phishing emails, financial scams, and spam campaigns that dupe individuals, businesses, and election officials. These threaten personal and corporate data and the integrity of the electoral process.
In the past months, spam with an election theme has increased. Trustwave SEG Cloud and Spam Traps report that "more than 11,000 spam messages that mention the name or political parties of the candidates" were detected in two months.
The organization also found that "Former President and Republican presidential candidate Donald Trump is the most used name in the subject lines of these spam mails – with 29%." Vice President and Democratic candidate, Kamala Harris, was also frequently mentioned at 5.7%, while President Joe Biden saw a decrease after he bowed out of the race.
These political-themed spam emails range from suspicious online shops selling candidate merchandise to stocks and cryptocurrency scams. Financial spam has been one of the commonly used tactics.
One such email claimed that the Biden administration had issued an executive order that collapsed the US dollar and urged recipients to click the link for financial protection.
Trustwave said the sender of this phishing email had resorted to "emotional manipulation through inducing fear in the reader." The message even cited Executive Order 14024 to mislead recipients into thinking it was about economic collapse when, in fact, it was about imposing sanctions on Russia.
Cybercriminals often use phishing campaigns to their malicious advantage. During this electoral season, businesses and individuals should expect an increase in election-themed phishing emails.
Most often, election emails appear legitimate, pretending to be political campaigns, election authorities, or news outlets to trick recipients into clicking on malicious links or downloading malicious attachments.
ReliaQuest reported a notable case of election-related phishing connected to the deployment of SocGholish remote access trojan (RAT). Several phishing incidents in July and August 2024 were centered around the email address moveon-help@list.moveon.org, impersonating a popular activist organization. The subject of one such email was worded, "Will you sign the petition to demand that Fox News address and STOP racism and sexism in their election reporting against Kamala Harris NOW? It was an email with a suspicious URL, which forwarded users to a domain associated with SocGholish activity.
Although ReliaQuest reported no evidence of customer data being compromised in the investigation, the incident marks the continuing risks of election-related phishing attacks.
Cybercriminals know how to capitalize on the sense of urgency stemming from elections. They pretend to be a trusted authority, fooling victims into accessing malicious links. Moreover, these methods open an avenue for victims to share valuable personal information, including login credentials, financial details, or other sensitive data.
Advances in technology, especially those with AI, have given cybercriminals new tools to create highly plausible phishing emails. AI algorithms analyze user behavior, preferences, and social media activity to create personalized phishing messages that closely resemble the style and tone of legitimate sources.
These tactics make fraud detection much harder for the user, especially since most election processes require opening email attachments like absentee ballot applications, explains CISA’s cybersecurity toolkit and resources to protect elections.
According to Trustwave, Donald Trump’s connection to cryptocurrency resulted in many crypto-related phishing attacks. Cyber fraudsters in one case publicized a non-existing cryptocurrency called “MAGA Coin”, which had increased in value, cybercriminals claimed, after Trump’s supportive statements regarding cryptocurrency. The phishing email lured targets with promises to give them a fictional token value worth $2.5 million.
"The embedded link points to a phishing website masquerading as a WalletConnect page," Trustwave reported. The phishing page was designed to collect the credentials of crypto wallets, and while the email subject was based on US politics, the sender's email address contained a Philippine domain, revealing the illegitimacy of the scam.
Cybercriminals also often use marketing spam during election periods. Trustwave monitored several incidents in spam emails offering candidate merchandise through fake online stores. Most of those have links to sham e-commerce websites designed to scam recipients.
In those instances, the emails used Gmail addresses that "do not appear to match the alleged brand." Many of the embedded links led to domains were registered in July 2024, showing how quickly cybercriminals create fake websites during the election cycle.
Election-themed phishing emails target individual voters as well as corporate networks to disrupt operations and steal sensitive data.
ReliaQuest showed that in 2023, " phishing was the most prevalent initial access method used by threat actors to breach targeted networks… accounting for an astonishing 71.1% of all tactics, techniques, and procedures (TTPs).” The phishing emails would introduce malware into the corporate systems, allowing cybercriminals to move across the networks, exfiltrate data, and disrupt operations.
Related: Why people still fall for phishing attacks in 2024
Yes, phishing attacks in healthcare fall under Health Insurance Portability and Accountability Act (HIPAA) regulations. Phishing attacks compromising the privacy and security of protected health information (PHI) can lead to severe penalties, including fines and reputational damage.
HIPAA compliance is required for covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates who handle protected health information (PHI).
Providers must use a Business or Enterprise plan, sign a business associate agreement (BAA) with Google, and use a HIPAA compliant platform, like Paubox, to protect patient information.
Go deeper: How to set up HIPAA compliant emails on Google