Teaching people to be skeptical of what they see online is a major part of what we do here at Cyber Safe Workforce. When people are cyber-aware, they can protect their identity, their money, and even their vote. Today, Election Day in the U.S., let’s take a look at an email scam targeting voters. On October 21, 2020, the FBI accused two nation states (Iran and Russia) of intrusions into U.S. voter registration databases, and that Iran, specifically, had been linked to a suspicious email campaign targeting voters in Florida and other swing states. Threatening emails were sent to thousands of American voters, directing them to vote for Trump or “we will come for you.” The emails purported to be from a right-wing group named “Proud Boys” and even used a domain containing “Proud Boys” to appear legitimate. The sender claimed to have the recipient’s voter registration data and asked them to switch their party affiliation.

As this email campaign appeared to fall under voter intimidation, it quickly got the attention of federal agencies. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Iran had obtained voter registration data in at least one state and the FBI and Director of National Intelligence announced that this email campaign originated from Iranian intelligence in an effort to “incite social unrest.” And it appears their efforts were successful in that endeavor, even if no votes or voter registrations were changed.

Think Before You Interact

This scam follows a model we’ve seen before: A target receives an email that claims to have compromising material on them. A current or old password (likely found in a public database of compromised passwords) is included to make the email appear legitimate and victims may be asked to pay a fee to keep compromising material under wraps. Variations of this scam are used time and time again because they work on unsuspecting targets.

Anytime you receive a piece of communication (email, text, direct message), it’s important to evaluate it carefully before taking action. With disinformation at an all-time high, we simply can’t take things at face value online, particularly requests for personal or sensitive information. Be skeptical. Remember the sender name field in an email can be changed easily and even the sender’s email field can also be spoofed or lookalike addresses can be used.

This email scam, in particular, is meant to press buttons and cause an emotional reaction. If you receive an email that appears to be a threat or extortion attempt, be mindful that it may be a scam to scare you into acting quickly and handing over money, access, or information. In the above scenario, people rightly reported it to the authorities because of its affiliation with elections.

Remember that if an email makes you feel scared or threatened, hit the brakes and look closely at the sender information before taking action. Verify the request independently or seek a second opinion if needed.