Security News > 2022 > March > FBI warns election officials of credential phishing attacks
"As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials."
On 5 October 2021, unidentified cyber actors targeted US election officials in at least nine states, and representatives of the National Association of Secretaries of State, with phishing emails.
On 18 October 2021, cyber actors used two email addresses, purportedly from US businesses, to send phishing emails to county election employees.
On 19 October 2021, cyber actors used an email address, purportedly from a US business, to send a phishing email containing fake invoices to an election official.
The US federal law enforcement agency believes the threat actors behind this phishing campaign will likely continue or increase attacks against US election officials with new phishing emails as the 2022 midterm elections are closing in.
Network defenders are advised to educate email users such as the election officials targeted in these attacks on how to identify phishing, social engineering, and spoofing attempts and always confirm requests for sensitive info-including credentials-through secondary channels.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)