As the 2024 U.S. presidential election draws near with discussions, debates, and last-minute messaging intensifying, so too are online scams and phishing attacks—posing serious risks to voters, campaign staff, and the electoral process itself. And with more than 350,000 flagged domains targeting voters, and a 514% increase in election-specific scam sites since March 2024, the stakes have never been higher. Before the votes are cast, the Bolster team has researched and compiled Cyber Threats to Democracy, a special report on phishing and online scams targeting the 2024 election.
Through this guide – and the rest of the blog below – we examine the rise of these cyber threats, discuss their impact on voters and democratic institutions, and provide key strategies to stay protected during this critical period.
Why Election Time Is Ripe for Scams
First, why now?
Simply, election season creates the perfect storm for cybercriminals. The heightened political climate, increased online activity, and emotionally-charged atmosphere causes voters to either let their guards down and/or jump more freely into areas where they feel their voice can be heard.
Such an exciting yet uncertain atmosphere leaves many susceptible to manipulation, with attackers taking advantage of the urgency surrounding elections to create fake websites, solicit fraudulent donations, and spread misinformation.
The volume of communications, including campaign emails, requests, and voter registration notices makes it difficult for individuals to distinguish legitimate messages from scams. Not to mention that voter trust in digital platforms is often higher during this time, as individuals engage more actively with less caution about the sources of information.
This fertile ground for cyberattack allows threat actors to prey on unsuspecting victims.
Election-Related Scams
The types of scams targeting voters and election staff are varied, and understanding these schemes can help you, loved ones, and coworkers from falling victim.
Phishing Emails
Scammers might impersonate election officials, candidates, or campaign staff, launching email phishing campaigns and messages designed to trick voters into sharing personal information or donating to fake platforms.
These emails often use urgent language, claiming time-sensitive actions are required, such as confirming voter registration or making last-minute donations.
Such an email could look as harmless as this:
URGENT: Confirm Your Voter Registration NOW
Dear Jane,
We noticed an issue with your voter registration that MUST be resolved immediately to ensure you can vote in the upcoming election.
Please click the link below to confirm your registration details before November 1, 2024:
[Fake, yet harmful link]
Failure to act now could result in your removal from the voter roll. Don’t lose your chance to make your voice heard!
If you believe this is a mistake, please contact us immediately at [fake support email].
Best regards,
Election Support Team
[Fake Organization]
Fake Donation Requests
Fraudulent and spoofed websites might also be used, which mimic legitimate campaigns in order to solicit donations. Not only do these scams steal money, but they can also violate campaign finance laws, causing legal repercussions for both the victims and legitimate campaigns.
One such example took place in 2016: “The political nonprofit launched by Sen. Bernie Sanders in 2016 lost nearly a quarter-million dollars to an email scam that year, according to new tax documents obtained by POLITICO.”
Misinformation Campaigns
Social media platforms are hotbeds for the deliberate spread of false information about voting procedures or election results. Scammers engage in social media impersonation to create fake social media profiles mimicking candidates or election officials, using these profiles to manipulate public opinion and sow confusion.
Twitter’s transparency report revealed that over 50,000 Russia-linked accounts were active during the 2016 election.
Voter Registration Scams
Similar to the phishing scams mentioned above, fraudsters will pretend to be voter registration services, tricking individuals into handing over personal information. This information can be used for identity theft or to disenfranchise voters by removing them from voter rolls.
For instance, as noted in our guide, there have been specific data breaches from Cuyahoga Country in Cleveland, OH, the Virginia Department of Elections, and the state portal in Minnesota.
The Role of Generative AI in Election Scams
As times change, so does technology and the sophistication of attacks. As a result, the 2024 election introduces a new and more dangerous player to the cyber battlefield: generative AI.
Generative AI refers to machine learning models that can produce human-like text, images, and even voice. Cybercriminals are increasingly leveraging this technology to craft convincing phishing messages, deepfake videos, and fraudulent websites. These AI-generated materials are more advanced, harder to detect, and can be scaled rapidly.
For example, a generative AI model can take details from a voter’s social media profile and create highly personalized phishing emails. These messages might reference specific political interests or recent online activity, making them more believable and significantly increasing the likelihood that a victim will click on a malicious link or divulge personal information.
Multi-Vector Phishing: A New Frontier in Election Scams
One of the most dangerous tactics we’ve seen in recent elections is multi-vector phishing. This approach uses several communication channels – such as email, text messages, social media, and even phone calls – to reach potential victims. The combination of vectors creates a layered attack that increases the chances of success.
For instance, a voter might receive a text message asking them to confirm their voter registration by clicking on a link. This leads to a phishing website that looks identical to their local election office. After entering their personal details, the attackers then use that information to send a follow-up email, making the entire scam feel more legitimate.
The Anti-Phishing Working Group (APWG) reported over 1 million phishing attacks in the first quarter of 2023 alone, showing just how effective these tactics have become.
Practical Recommendations to Stay Safe
It is no longer enough to simply know about the attacks happening around you (or those scams pointed directly at you) as they unfold. Fully protecting yourself and your organization during the 2024 election requires a proactive approach to get ahead of threats before they arrive.
Here are several recommendations, with real-world examples to highlight their importance.
Implement a Multi-Layered Security Approach
Scenario: A political campaign receives a series of phishing emails targeting its staff. The emails use sophisticated language and branding that closely mimics official government communications.
Protection: A multi-layered security system that includes firewalls, email filters, and intrusion detection would catch this scam before it reaches staff inboxes. On top of that, multi-factor authentication adds an extra layer of security, making it much harder for attackers to gain unauthorized access even if they obtain a password.
Learn more about MFA bypass techniques cybercriminals might employ
Use AI-Powered Threat Detection
Scenario: A cybersecurity firm using AI-powered tools detects a sudden spike in phishing attacks aimed at election volunteers.
Protection: The AI flags the malicious activity in real-time, allowing the firm to block the attacks before they compromise sensitive voter data.
Focus on Early Threat Detection
Scenario: A state election office installs early threat detection software that monitors unusual login attempts.
Protection: The system detects an unauthorized attempt to access the voter registration database and locks the account before any damage is done.
Report Suspicious Activity
Scenario: After noticing a suspicious message on social media claiming to be from a local election official, a voter reports the account. The platform quickly takes it down, preventing further spread of misinformation.
Use Tools Like Checkphish
Scenario: A voter is uncertain about a website asking for their personal information.
Protection: They use an email link checker like Checkphish to verify the site and discover it’s a phishing attempt, saving their sensitive information from falling into the wrong hands.
Stay Ahead of the Threats
As we approach Election Day, the urgency to stay vigilant against these evolving threats cannot be overstated. Download our comprehensive guide to dive deeper into how you can protect yourself, your organization, and the democratic process during this critical time. Equip yourself with the knowledge and tools necessary to outsmart cybercriminals and safeguard the 2024 election.
