The 2016 presidential election is finally behind us and the U.S. has chosen new leadership. President-elect Donald Trump will be sworn into office on Friday, January 20, 2017.
This campaign cycle lasted for nearly a year-and-a-half and had plenty of bumps in the road along the way. One of the more shocking storylines was U.S. officials accusing the Russian government of trying to disrupt the U.S. election process. Now that the election is over, there are new allegations coming out against the same hacking group.
The security firm, Volexity, says the same group that hacked the Democratic National Committee (DNC) and leaked its emails is at it again. Volexity calls the hacking group "The Dukes" and claims it is sending malware-laced emails. The group is targeting non-government organizations and think tanks across Washington.
Researchers believe The Dukes are trying to steal more email archives so they can be made public. Volexity says some of the malicious emails are designed to look like they were forwarded by the Clinton Foundation. One of them reads, "Follow this secure paper to find out what really happened during elections."
These types of attacks began months ago, with the most active period being in August. However, they are still happening, even after Election Day. The most recent emails were sent just hours after Donald Trump was announced as the presumptive winner. These are phishing attacks trying to get victims to click on malicious links inside the emails.
Steven Adair of Volexity says, "Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis into the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election's outcome being revised or rigged. The last attack claimed to be a link to a PDF download on 'Why American Elections Are Flawed.' Volexity believes a group it refers to as The Dukes (aka APT29 or Cozy Bear) is responsible for post-election attack activity."
As with all phishing scams, if you click on the malicious, link your gadget will be infected with malware.
How to avoid phishing scams
Here are some things you can do to avoid being a victim of phishing scams:
- Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Do an online search - If you get a notification about something like the "Ugly List," you should do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.
- Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.