Days ahead of the US Presidential Election, spam groups are hurrying to strike the iron while it’s still hot and using voter registration-related lures to trick people into accessing fake government sites and give away their personal data, sometimes with the group being so bold to ask for banking and email passwords and even auto registration information.
These campaigns have been taking place since September and are still going on today, while the lures (email subject lines) are still relevant.
Spotted by email security firms KnowBe4 and Proofpoint, these campaigns are spoofing the identity of the US Election Assistance Commission (EAC), the US government agency responsible for managing voter registration guidelines.
Subject lines in this campaign are simple and play on the fear of US citizens that their voter registration request might have failed.
Using subject lines like “voter registration application details couldnt be confirmed” and “your county clerk couldnt confirm voter registration,” users are lured to web pages posing as government sites and asked to fill a voter registration form again.
According to Proofpoint, these sites are fake and are usually hosted on hacked WordPress sites. If users fail to notice the incorrect URL, they will eventually end up providing their personal details to a criminal group. Data usually collected via these forms includes:
NameDate of birthMail addressEmail addressSocial Security Number (SSN)Driver’s license information
Per KnowBe4 and Proofpoint, the spammers are using a basic template, and all of their emails usually lure users to a site that looks the same, like the one below.
But in a follow-up report published on Thursday, Proofpoint says it has seen this group modify its tactics in recent days.
With the pre-election window drawing to a close, the spam group has become bolder than in previous iterations of the same campaign. Besides asking for personally-identifiable information specific to voter registration forms, the group has now expanded its phishing site to include new fields that also ask for:
Bank nameBank account numberBank account routing numberBanking ID/usernameBanking account passwordEmail account passwordsVehicle Identification Number (VIN)
To allay fears, the spammers claim this extra information is needed so users can claim a “stimulus.”
Proofpoint says these spam and phishing campaigns are the work of a well-established group that has been involved in previous phishing campaigns this year. Previous campaigns used COVID-19 business grant-related lures.
It is unclear how successful these campaigns are, but the fact that they are still happening means that spam groups are getting the returns they’re seeking; otherwise, they wouldn’t bother.