Election Security Spotlight – Common Cyber Hoax Scams

What it is:

Cyber hoax scams are attacks that exploit unsuspecting users to provide valuable information, such as login credentials or money. Attackers who orchestrate these hoax scams are generally financially motivated and will use various attack methods including phishing, pop-ups, phone calls, and social media. These methods generally have a sense of urgency, which rushes the user into making a quick uneducated click or decision. Common themes may include:

  • Romance scam – attackers gain a user’s trust and request personal information or money that may lead to blackmail or monetary loss.
  • 419 or “Nigerian prince” – users will receive an emotional message from someone claiming to be a government official, businessman, or a member of a foreign wealthy family asking for help.
  • Extortion or threat – a malicious actor may threaten to embarrass or physically harm a user or their family unless a ransom is paid.
  • Tech support – fraudulent actors use various methods to promote contacting a fake tech support line to remove malicious software from a system. Once a user contacts the fake support team they will attempt to exploit the user.
  • Tax fraud – a malicious actor will contact a user posing as an IRS agent requesting personal or financial information.
  • Major events – natural disasters, disease outbreaks, major sporting events, and elections have been used to exploit people affected by these events or to gather money under the pretenses of charity or political support.

Why does it matter:

Cyber hoax scams are incredibly common and adversely affect all industries and individuals. Election officials should be prepared for these common attacks even though they may not be specifically tailored towards the elections community. During major events, such as an election day, election officials may be at a higher risk of being targeted. Attackers know that election officials are actively watching for notifications regarding potential issues or requests for support, making them more vulnerable to accept and trust a scam.

Cyber hoax scam events generally end with the targeted organization losing money or personal information. Money obtained by malicious actors through cyber hoax scams may fund additional attacks or allow attackers new resources to design more sophisticated cyber hoax scams. If a scam is not successful in gaining money, the attackers may gain other valuable data such as social security numbers, login credentials, or credit card information that could be used to further additional targeted attacks. The attackers may also sell or post the stolen data on the dark web or paste sites.

Lastly, the public exposure of a successful scam could amplify impacts on government offices. There is a chance residents could lose trust in the office’s ability to secure information and provide services effectively. News of exploitation may also indicate the presence of additional weak points within an election office’s security defenses, which could lead to further malicious activity by other actors.

What you can do:

Election officials should train staff on methods to quickly identify possible scams, setup multi-factor authentication and other technical controls, and have appropriate response plans in place. When major events are expected, attempted cyber scams may be more common and officials should be on heightened alert to help spot them. If staff is trained properly, they are more likely to spot and avoid falling victim to scams. Election offices should also consider spam filters to block scam emails, firewalls configured with up-to-date indicator rules to prevent connections to compromised sites, and anti-spyware to prevent unwanted software on a system. Multi-factor authentication provides an added layer of security, making it more difficult for attackers to compromise accounts if credentials are stolen. Users should report all identified cyber hoax scams to the FBI’s Internet Crime Complaint Center (IC3), along with notifying other users in the organization and the election community.

The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact [email protected].