The election may be coming to a close, but that doesn’t mean the disinformation will stop any time soon. Scammers and cybercriminals are still hunting for personal data and financial information using tricks like phishing sites and mass emails.
While votes are tabulated and certified, stay on the lookout for deceptive links and messages. They may use urgent-sounding language to fool you into clicking, and if you do, you could end up a fraud victim or worse. Tap or click here to see some of the most common Election Day scams.
These scams can’t steal your money or data if you avoid falling for them. Watch for these major red flags as election season starts winding down.
It doesn’t end with Nov. 3
The FBI and numerous security researchers are warning of online scam attempts in the wake of the 2020 election. These tactics mirror many of the ones seen over the past several weeks, but with a shift towards data theft over election outcomes.
Malwarebytes discovered the infamous Qbot banking Trojan was once again being spread by email scammers. The emails allege to have secret documents that show “what really happened” during the election and that you can only see the proof if you share your Windows login credentials.
The emails contain a malicious Excel attachment that asks you to unlock it with your Windows username and password. If you give it this info, it burrows into your computer and steals banking data and email snippets. Qbot will then use these email snippets to spread even more spam. Tap or click here for a quick rundown on how Qbot works.
Researchers from Zix are also reporting new election-themed sites that steal personal information. Scammers link you to these phishing pages with emails spoofed to look like they come from a government agency. The emails allege that there was a problem with your ballot, and you need to verify personal data to make sure it counts.
The emails will include a link that takes you to a phishing site designed to look like a real government webpage. The scammers then ask for data like your date of birth, Social Security number, banking information, and driver’s license data. All of this data can easily be used to commit identity theft.
This scam is especially tricky due to the domain the senders use: usa.gov. Real government agencies use .gov email domains, but eac[@]usa[.]gov is not an official government domain. The real domain is [@]eac[.]gov. In this case, poor grammar is the biggest red flag to look for.
What can I do to avoid getting tricked by these scams?
Close races like the 2020 election can naturally lead to uncertainty, which these scammers are trying to exploit. Instead of taking the content of these messages at face value, be on the lookout for signs that they aren’t what they claim to be.
- Avoid clicking politics-related links, if possible, and be cautious about any links sent to you via email. If someone familiar sends you a politically-themed link, verify with them that they actually sent it first. It could be part of a spam system like Qbot.
- Never share personal or financial information over the web. Any messages that ask you to confirm this kind of information should be deleted immediately.
- Delete any strange emails with attachments. If someone you know sends you an email with an attachment, confirm that they actually sent it first.
- Watch out for obvious spelling and grammar errors on emails or websites you visit.
- Avoid opening emails from unknown senders or visiting unfamiliar websites. You’re safer sticking to familiar corners of the web.
- Check the sender field of any email you receive carefully. Be on the lookout for eac[@]usa[.]gov email addresses like the kind shown above. This is a known scam domain.
If you think you’ve fallen for any of these tricks, don’t panic. You have several ways to protect your data and money from harm.
- Scan your computer with anti-malware software to make sure you don’t have a Trojan hiding anywhere. Tap or click here to see free scan options for your PC or Mac.
- Use two-factor authentication to protect your online bank accounts. Tap or click here to find out how to enable 2FA on your favorite sites.
- If you shared data like your Social Security number, consider freezing your credit. Tap or click here to see how to set up a credit freeze. You may also want to contact your bank or financial institution and warn them that you may be at risk for fraud.
- Report disinformation or criminal activity you encounter to your local FBI field office (www.fbi.gov/contact-us/field-offices) or to the FBI’s Internet Crime Complaint Center (www.ic3.gov).
These scams are designed to be hard to spot, so don’t be too hard on yourself if you were fooled. Now that you know what to look for, you can avoid getting blindsided by scammers. Please share this article with your friends and family to make sure they’re on the lookout, too.