Reports from two email security firms reveal that a group of sophisticated phishing attackers is sending fake emails to citizens to steal their data. Theyโre being lured, citing as failed voter registration, and asking them to fill a phishing form containing PII along with banking details too. Researchers say the campaign is active since September.
Fake Voter Registration Phishing Emails Out There
The US presidential elections 2020 is approaching, so makes the cyber attacks on US voting infrastructure and citizens. Several fraudsters are trying their means to attack the voting processes, ultimately steal the data, and use them for manipulating the mindsets of voters. A new act of this routine is the phishing emails campaign.
Email security firms Proofpoint and KnowBe4 have identified a campaign where a spam group impersonates the US Election Assistance Commission (EAC), the agency that takes care of voter registration guidelines. The group is making the subject lines relevant to obtain more leads on their fake emails.
Theyโre found to be writing as โvoter registration application details couldnโt be confirmedโ and โyour county clerk couldnโt confirm voter registrationโ in the fields, and directing them to fake web pages to fill out the details as a new voter registration form. These webpages are said to be hosted on hacked WordPress sites.
The fake forms include the voterโs Date of birth, Mail and e-mail address, Social Security Number (SSN), and Driverโs license information. While this seems normal, Proofpointโs updated report says the group has upgraded to ask even more details. They noted that forms are asking additional questions like the banking details.
These especially include the Bank name, Bank account number, Bank account routing number, Banking ID/username, Banking account password, Email account passwords, and the Vehicle Identification Number (VIN). These askings were reasoned for passing on the โstimulus.โ