Spam groups are stealing user data through fake voter registration forms in US before the elections

author_img IANS Published :  26th October 2020 02:12 PM   |   Published :   |  26th October 2020 02:12 PM

Spam groups are using voter registration-related lures to trick people into accessing fake government sites and give away their personal data, banking and email passwords, just days ahead of the US presidential election.

These campaigns have been taking place since September and are still going on today, while the lures (email subject lines) are still relevant, reports ZDNet.

Spotted by email security firms KnowBe4 and Proofpoint, these campaigns are spoofing the identity of the US Election Assistance Commission (EAC), the US government agency responsible for managing voter registration guidelines.

According to the reports, subject lines in this campaign are simple and play on the fear of US citizens that their voter registration request might have failed.

Using subject lines like "voter registration application details couldn't be confirmed" and "your county clerk couldn't confirm voter registration," users are lured to web pages posing as government sites and asked to fill a voter registration form again.

According to Proofpoint, these sites are fake and are usually hosted on hacked WordPress sites. If users fail to notice the incorrect URL, they will eventually end up providing their personal details to a criminal group.

Per KnowBe4 and Proofpoint, the spammers are using a basic template, and all of their emails usually lure users to a site that looks the same, like the one below.

But in a follow-up report published on Thursday, Proofpoint said it has seen this group modify its tactics in recent days.

Proofpoint says these spam and phishing campaigns are the work of a well-established group that has been involved in previous phishing campaigns this year.

Previous campaigns used Covid-19 business grant-related lures.

"It is unclear how successful these campaigns are, but the fact that they are still happening means that spam groups are getting the returns they're seeking," ZDNet reported.


*Edited from an IANS report