Beware of a new phishing campaign using fake voter registration forms

Fake voter registration forms used to collect user data, banking, and email passwords

According to cybersecurity experts, hackers are trying to use fake voter registration forms in order to get sensitive information.

Hacker groups decided to use the US Presidential Election to their benefit. Since September, phishing groups are exploiting fake voter registration forms to trick users into giving away their personal information. They are capable of luring out even email and banking passwords. It is expected that this phishing^[1] method will be used until the end of the election.

Cybersecurity firms – Proofpoint^[2] and KnowBe4 – were the first to notice such criminal behavior. According to them, these phishing groups are trying to impersonate the US Election Assistance Commission (EAC), the US agency responsible for the management of voter registration guidelines.

As typical for most phishing campaigns,^[3] criminals are trying to intimidate users to get their personal data. This time, hackers are lying about unsuccessful voter registration requests. They are sending emails with subject lines like “your county clerk couldn't confirm voter registration”, “voter registration application details couldn't be confirmed”, or similar.

Cybercriminals are bolder than before

If the user decides to open the fake e-mail, he finds a link to the webpage posing as the US government website where the user should fill a voter registration form. KnowBe4 explained,^[4] that although the email itself claims to have been sent by the US Election Assistance Commission, the URL in the e-mail redirects users to a web page that looks like ServiceArizona^[5] – official site of the Arizona government. Unfortunately, since the fake website even has the same images, many users may not realize that it is a sham.

According to cybersecurity experts, hackers are using the same basic template for their e-mails and websites, so all sites look the same. Usually, by using these false registration forms, cybercriminals are trying to collect personal data like:

• name;
• e-mail address;
• date of birth;
• mail address;
• driver's license information;
• Social Security Number (SSN).

However, the recent report^[6] of the Proofpoint team shows that hackers are bolder than before. They are demanding additional sensitive information:

• bank name;
• number of the bank account;
• bank account routing number;
• banking account password;
• banking username/ID;
• Vehicle Identification Number (VIN);
• email account password.

In order to get this data cybercriminals are lying that additional information is needed so users can claim a “stimulus”, possibly related to COVID-19. Proofpoint explained:^[6]

This phishing site is particularly interesting because it cycles through several themes within the same form––verification of voter information and claiming a “stimulus”––and collects a variety of information that isn’t always congruent with those themes. The driver’s license and vehicle license number are out of place on voter registration or stimulus claim pages.

You should think twice before entering any personal information on the internet

Experts from Proofpoint say a well-established cybercrime group is hiding behind these campaigns. They think that the same group has been involved in previous COVID-19-related phishing campaigns this year too. According to specialists, with all the information collected, hackers can take over bank accounts, start more attacks, etc.

Although it is still unclear how successful these phishing campaigns are, all users should be extra careful on the internet. Cybersecurity experts warn that it is unwise and even extremely dangerous to provide important information through questionable URLs received by emails. No real company or government will send letters asking for your bank logins or other sensitive information.