previous arrow
next arrow
Slider

Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote

 Published: November 9, 2020  Created: October 28, 2020

By Hank Schless

With the election just a week away, cybercriminals are ramping up mobile attacks on citizens under the guise of campaign communications. The line between our personal and professional lives is blurring in an unprecedented fashion as we approach the 2020 presidential election. From Oracle and Walmart’s plans to invest in TikTok to a bug in Joe Biden’s campaign app that exposed millions of voter files – the role mobile technology will play in elections moving forward is critical.

The election is only a week away, and there has been much discussion about how absentee and early voting will impact the outcome. But even before ballots started to hit the postal service, the spread of misinformation was already well underway, leaving confused Americans in its wake.

Human error is inevitable, even among the most well-educated users. And while 2020 has brought many challenges, perhaps the most critical from a social perspective is how we have intertwined mobile devices into our daily lives. Unfortunately, the reality of today’s threat landscape is that successful spearphishing attacks no longer rely exclusively on emails. So, what does this have to do with the election?

Attacks aimed at disrupting the election are usually run subtly, by using campaigns to bait victims into phishing scams. Recently, the presidential campaigns have tried to reach voters directly by sending SMS messages that ask if they’ve registered to vote or if they’re planning on supporting a candidate. Threat actors can easily mimic this strategy and include a malicious link in the message. We’ve seen a similar tactic used in an ongoing mobile phishing campaign that sends a message purporting to be a missed package delivery with a link to a fake claim page that is a mobile phishing attack.

There are now endless ways for attackers to socially engineer you to tap on a malicious link – from messaging apps and social-media platforms to dating apps. It also doesn’t help that mobile devices have smaller screens and a simplified user experience, which makes it hard to figure out what’s fake and what’s real.

This September, at least three TikTok profiles promoted multiple fraudulent mobile apps that generated nearly half a million dollars in total profit. Reportedly, these accounts socially engineered their followers into downloading malicious apps. While far less targeted than the social-engineering attacks we typically think of, the processes and goals are identical.

We have to remember that attackers are business people too. They target victims, and use methods they think will deliver the largest return. One of the big opportunities in 2020 is the U.S. presidential election, and the targets are mobile users. Tablets and smartphones have become an integral part of the way we work and play – and voting-season activity is no different. Political campaigns use them as vehicles to interact with voters. The public gets their information from their mobile devices. There have even been attempts to conduct local elections and primaries with mobile apps.

Attacks aimed at disrupting the election are usually run subtly, by using campaigns to bait victims into phishing scams. Recently, the presidential campaigns have tried to reach voters directly by sending SMS messages that ask if they’ve registered to vote or if they’re planning on supporting a candidate. Threat actors can easily mimic this strategy and include a malicious link in the message. We’ve seen a similar tactic used in an ongoing mobile phishing campaign that sends a message purporting to be a missed package delivery with a link to a fake claim page that is a mobile phishing attack.

There are now endless ways for attackers to socially engineer you to tap on a malicious link – from messaging apps and social-media platforms to dating apps. It also doesn’t help that mobile devices have smaller screens and a simplified user experience, which makes it hard to figure out what’s fake and what’s real.

This September, at least three TikTok profiles promoted multiple fraudulent mobile apps that generated nearly half a million dollars in total profit. Reportedly, these accounts socially engineered their followers into downloading malicious apps. While far less targeted than the social-engineering attacks we typically think of, the processes and goals are identical.

We have to remember that attackers are business people too. They target victims, and use methods they think will deliver the largest return. One of the big opportunities in 2020 is the U.S. presidential election, and the targets are mobile users. Tablets and smartphones have become an integral part of the way we work and play – and voting-season activity is no different. Political campaigns use them as vehicles to interact with voters. The public gets their information from their mobile devices. There have even been attempts to conduct local elections and primaries with mobile apps.


https://threatpost.com/mobile-devices-vote-election-security/160648/


No Thoughts on Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote

Leave A Comment