Experts have predicted that the “2016 Presidential Election year will launch a slew of new lures and malware intended to defraud and deceive contributors, candidates, and campaign methods.” In both 2008 and 2012 elections, hackers targeted presidential candidates via campaign computers and databases with the intention to steal data and policy information.
The 2016 primaries are just around the corner, and the online activity revolving around the election this year is expected to be a promising target for cybercriminals. A look at past elections have helped security experts determine where voters should beware of cyber-attacks.
Databases Containing Sensitive Information
CSO Online has already reported on two database errors that divulged confidential information about millions of voters. Some records disclosed target demographic and personal information beyond public record that voters would not otherwise share publicly. When databases like these are not protected properly, CSO warns that, “Information could be used to construct a targeted phishing campaign. [During an election year,] a targeted list based on politics might have a higher level of success.”
Phishing Emails
A voter is a voter, whether at home or in the office, and as cybercriminals refine emails over time, voters become easy “phish” to catch through an election scam. In 2008, phishing emails contained malware primarily in headlines. In 2012, scams went beyond the headlines and took a place as malicious links inside an email. Nearly 50% of users click on phishing links within the first hour of receiving an email. Campaign email blasts about events or encouraging activism can make users vulnerable to this type of attack. In 2016, voters should be aware that even the most professional-looking emails may be malicious and trying to harvest sensitive information.
Untrustworthy Websites and Social Media Networks
Candidates’ and issues-related websites and social media present a large, built-in following for hacktivists in need of an audience. Campaign websites and social media networks are two of the most lucrative targets for cybercriminals because they are used as a primary resource for election news. Cybersecurity experts warn against the possibility of stolen money and credentials through campaign websites because campaign websites are now being used “more as tools to raise money,” often via credit card. Only use websites secured by a SSL Certificate to ensure your information is encrypted during transit. A visible padlock icon will be displayed in the browser address bar when the site you are visiting uses a SSL Certificate.
Large Events
According to Sandra Jontz at AFCEA, attackers frequently see large events as an opportunity to launch cyber-attacks on a curious population. A hypothetical scenario: About 24 to 48 hours before a Primary, a hacker could spread fake news about a candidate by hacking into their Twitter account and reporting something like he/she has dropped out of the election. Before the news gets out that it was a hoax, voters have already been to the polls to vote for someone else. Large events for this year’s election begin at the Iowa Caucus on February 1, 2016 and continue sporadically until Election Day on November 8, 2016. Large events include: primaries and caucuses, party conventions, presidential debates, and, of course, Election Day.
There has been a 176% increase in the number of cyberattacks since 2010. Hackers are growing more confident and creative, wreaking havoc on targeted companies and individuals. Using secure online techniques is crucial particularly during an election year and its corresponding events.