U.S. Voters In Attackers Crosshairs

It has been difficult to avoid the media attention surrounding the upcoming U.S. election and at least some level of political uncertainty surrounding the election process itself due to the pandemic. It was only a matter of time before cybercriminals attempted to exploit U.S. voter registration to spread attacks to unsuspecting individuals. We are now seeing phishing attacks doing that very thing. U.S. voters should take notice because in addition to this attack, there will almost certainly be other similar attacks as the U.S. election draws nearer.

Over the past several days we have been seeing phishing messages posing as the Election Assistance Commission and purporting to come from the domain [usa.gov]. The messages state that there is a problem with your voter registration and that your voter registration could not be confirmed.

These phishing attacks are being launched from SendGrid servers and utilize SendGrid links in the messages. SendGrid-based attacks have reached a fever pitch as of late as their platform has been abused heavily by attackers. Using SendGrid(or other services like it) lends some credibility to the message in the eyes of the intended recipient as well as some security controls. 

These links redirect to one of several compromised WordPress sites. There the attackers are looking to gather personal data from the target. The page below is one of six pages designed to gather personal details:

Zix-AppRiver email threat protection customers are protected from this cyber attack and others like it. With advanced link protection, attachment sandboxing, message retraction, quarantine, and a full dashboard of awareness, confidently secure your inboxes and keep your network from being a major vulnerability for your business.

For more on the latest threats, check out our Mid-Year Threat Report.