• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Feds Warn of Phishing Attacks on US Elections

Feds Warn of Phishing Attacks on US Elections

2020-09-11 by Michelle Dvorak

CISA Election Phishing

US Election Cyber Attacks Traced to Russia, China, Iran

The US Department of Homeland security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a bulletin about increasing cyber attacks targeting entities connected to the US Presidential elections. CISA released CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities. Threat actors are targeting political parties, campaign workers and volunteers, think tanks, civic organizations, any associated individual, and of course the candidates themselves.

“Recent reporting shows 32 percent of breaches involve phishing attacks, and 78 percent of cyber-espionage incidents are enabled by phishing,” says CISA. The election hackers use phishing emails as their primary tactic. These malicious emails attempt to trick the victim into acting before scrutinizing the email and without thinking before they act.

Yesterday, Microsoft Corp (MSFT.O) warned Presidential candidate Joe Biden’s campaign advisory firm, SKDKnickerbocker, that the firm had been the target of two months of phishing attacks.

Phishing Emails Tempt Victims into Taking Any of These Actions:

  1. Click on a link that leads to a credential harvesting web page or pop-up window
  2. Open an email attachment that automatically downloads malware to the victim’s computer
  3. Click on a link that simply verifies that the attacker has your valid email account

Once a threat after has a valid email account, they work to harvest the victim’s password and gain access. My email account is compromised it can be used to reset passwords to any other account that’s connected to it. for example if a hacker is able to get into your work email account and you have all your bank statements sent to that email account, the hacker issue a password reset and gain access to your bank account.

Types of Password Attacks

Knowing that many people reuse the same username and password combinations across multiple online accounts, hackers attempt to break into emails or corporate accounts reusing passwords found on the dark web.

  • During brute force password attacks, threat actors use computer scripts to attempt username and password combinations against an online account.  already have stolen a username / email address used by an individual. In addition, they have harvested other passwords the target uses on other websites.
  • Password spray attacks are a variant of brute force attacks. The threat actor uses a list of common passwords and automated computer scripts to attempt thousands of password combinations to break into an online account. People often use weak passwords that are easy to remember, like “password123” or their favorite sports team. That’s why it’s important to use a unique password for every online account. The script may try a set of credentials and move to the next user’s account to avoid detection.
  • In a credential stuffing attack, the threat actor uses list of stolen emails, usernames, and passwords to break into one web application. This attack is also automated. The goal is to get lucky and compromise an account that has privileged or admin access.

CISA recommends using a password manager app for all employees and requiring its use for all online accounts. Password managers are apps that automatically generate secure and random passwords. Password Keeper is a quality app that works across most devices and browsers.

Since it can be difficult to remember a unique password for each online account, password manager apps store them for you and sync them across all of your devices. When you need to login online, the app verifies that the website is legitimate and enters the password for you.

Password managers won’t work on a website that is associated with malware, spoofed domains, or other suspicious web pages.

How to Secure Email Accounts

  1. Require two-factor authentication (2FA) or multi-factor authentication (MFA) for all email accounts
  2. Use an authenticator app (like Google authenticator) for MFA if the email account supports it
  3. Only use SMS text and email-based MFA f there is no other option
  4. If your email service does not offer 2FA or MFA, change providers to email service with better security. We use AWeber
  5. Use biometric login to protect computers and phones. If your device does not support fingerprint or facial scan login, consider upgrading to a device that has biometric login.
  6. Block email beyond a certain size and emails with attachments that exceed a certain size
  7. Deploy an email filter solution that blocks emails based on headers and malicious content
  • Consider implementing warning banners to alert users about emails (particularly those with links and attachments) that originate from outside the organization

A password manager will help users create, store, and remember unique and hard-to-guess passwords for every online account.

CISA Recommends all organizations protect online accounts from phishing attacks by:

Register your organization for a password breach monitoring service. A security monitoring service can warn an organization or individuals of identity theft data breaches and password compromises.

  • Use provider-offered protections, if utilizing cloud email
  • Secure user accounts on high-value services
  • Implement email authentication
  • Secure email gateway capabilities

Hackers use login credentials stolen in previous data breaches. Personal information taken from eCommerce websites loyalty programs, bank accounts, credit files, and other retailers is sold on the dark web. Hackers use this information to break into more valuable accounts. A monitoring service can alert you anytime your username or email shows up on the dark web for sale or is involved in a data breach.

Filed Under: News Tagged With: US Election Hack

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version