Scammers using fake PAC emails to steal from voters

Ever since the 2016 election, the overall issue of hacking has remained a theme in the headlines.  Now cyber-criminals are deploying a new tactic built around website spoofing of political action committee (PAC) domains in an effort to steal financial data from victims using methods that include banking trojans.  

According to one recent report, an email from a political action committee that was purported to support Joe Biden requested that recipients click on a tab in the message to ensure that they were registered to vote.

One potential victim of the scam, Harvard University graduate student Maya James, would come to find out that the soliciting PAC did not exist after conducting a basic Google search on the phony organization.

"There was not a trace of them," James told the Associated Press.  It was a very inconspicuous email, but I noticed it used very emotional language, and that set off alarm bells."  After deleting the message, James posted social media warnings of the scheme.

Another phishing campaign discovered weeks ago targeted supporters of President Donald Trump with a banking trojan.  The emailed messages referred to campaign issues and events, and victims who unfortunately took the bait were infected with Emotet malware.  Attackers distributed what was designed to look like a legitimate PAC email blast, with authentic-sounding content throughout the text of the message.  The message also included working links that opened web pages belonging to the impersonated PAC.

The malware's downloader is delivered via a Word document, which is attached to the email.  Hackers attempted to leverage Trump's decision to temporarily withhold funding from the World Health Organization (WHO), pending the outcome of an investigation into the global health agency's response to the coronavirus pandemic. 

Another one of the emails was sent with the subject "Fwd: Breaking: President Trump suspends funding to WHO" and called for recipients who agreed with the suspension of WHO funding to click on a button marked "Stand with Trump."  The hackers also used Display Name Spoofing to hide the sender's true email address. 

While the sender email addresses that were used to spread the WHO-themed spear-phishing messages varied, all came from legitimate accounts that had been compromised by hackers.  This tactic allows attackers to pass through email authentication protocols. 

Using hijacked email addresses would also make it difficult for victims to accept that hackers were duping them.  Compromised email accounts of several small businesses around the world were also used in each wave of this campaign and tricked victims with the same stolen Political Action Committee email content.

Hackers have also taken to posing as fundraisers and pollsters as well as launching phony voter registration drives this election cycle, with the sole purpose of obtaining personal information of unsuspecting victims.

Despite warnings from the FBI, the CISA, and many cyber-security experts throughout the year, many Americans have already fallen victim to election-themed criminal hijinks. 

The fact that these attacks have not been limited to victims of any particular political persuasion proves that despite the best efforts of Democrats, who have long painted themselves as the sole victims of election-related hacking, all Americans need to be aware and vigilant as the days wind down toward decision day.

Julio Rivera is a business and political strategist, the editorial director for Reactionary Times, and a political commentator and columnist.  His writing, which is focused on cyber-security and politics, has been published by websites including The Hill, Breitbart, Real Clear Politics, Newsmax, American Thinker, Townhall, The Washington Times, and BizPacReview.