How the Mail-In Voting Controversy Creates Opportunity for Identify Theft and Cyber Attacks These faceless criminals took advantage of fear, uncertainty and doubt when the pandemic hit, and they're doing it again as the election nears.

By Matthew Moynahan

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

RyanJLane | Getty Images

Mail-in voting has seen renewed controversy as it's become an impromptu battleground for political responses to Covid-19. Some insist that voting in person will expose voters to the virus, while others focus instead on the potential for fraud and ballot-tampering. Politics aside, the tension and confusion have created the perfect recipe of fear, uncertainty and doubt (FUD) that cyber attackers crave, allowing them to take advantage of private citizens whose online judgment is clouded by emotion.

It's a pretty easy scenario to imagine: A potential voter types in a quick Google search to try and find out what the mail-in voting rules for their county are. Their state hasn't made the move to a dot-gov domain name (which involves some level of validation that it's a legitimate site) and instead hosts its election information on a dot-com site. In this case, it would be easy for a cyber attacker to typosquat and have a similar-sounding URL that features misleading information or, even worse, redirects to a malicious site where it collects user information or downloads malware onto their computer. There were spikes in fake Covid-related websites, and this is already starting to recoccur with regards to mail-in voting sites.

In fact, the Department of Homeland Security recently released a bulletin to state and local governments that cautioned, "The FBI between March and June 2020 identified suspicious typosquatting of U.S. state and federal election domains, according to recent FBI reporting from a collaborative source." These sites had URLs that were very close to legitimate government sites but weren't actually legitimate sites. It's disturbing to think that spreading misinformation and confusion can be so simple, but it absolutely is. The FUD that surrounds mail-in voting creates a perfect opportunity for bad actors to prey on the emotional decision-making that many find themselves guilty of when researching a hot-button issue like mail-in voting.

Related: How Should Entrepreneurs Prepare for an Election Disaster?

Working from home creates many possibilities — for attackers

There's no doubt that employees now make up an enterprise's network perimeter, and this vastly increased attack surface area has created an irresistible target of opportunity for bad actors. They don't have to try to penetrate corporate bastions of security anymore; now getting access to one corporate device is as simple as cracking a home network with a password like "password" (if it's even secured at all).

Corporations need to ensure their employees are aware of potential threats before they happen, not after. Predicting that a hot button issue like mail-in voting could be a good subject for an effective spearphishing campaign doesn't require a crystal ball. An employee who is at least aware of this is better prepared than an employee who has no idea. Cyber attackers are undoubtedly innovative, but simple phishing, instead of complex hacking attacks, continues to be the most common way for attackers to gain access to secured corporate resources. Couple this with the advanced techniques that attackers have developed, like using encrypted messaging apps or faking legitimate voice calls, and the vulnerabilities are guaranteed.

Employees working from home are more susceptible to a variety of attacks than when they're protected by the office network. Firewalls can't block typosquatting URLs when the computer isn't even on the network, and host-based firewalls are only effective when they are patched consistently. This all underscores why election season is a situation fraught with potential vulnerabilities and risks.

Related: 4 Major Cybersecurity Risks of Working From Home

Using election confusion to get people to "take the bait"

The number of ways cyber attackers can prey on people is truly astonishing. Sophisticated attacks are already quite easy to fall for, even for those on their guard against cybercrime. A person who's concerned about mail-in voting and is experiencing an emotional response to the issue will inevitably find that their guard is lowered. They may be more likely to click a link when they would otherwise have known better. There is already evidence of phone scams trying to get people's social security numbers by telling them that they're registering to vote.

Nation-states and cyber campaigns

Attackers aren't just lone-wolf hackers, sitting in their parents' basement eating Cheetos and stealing people's identities. U.S. counterintelligence officials have already confirmed that Russia, China and Iran have an interest in who wins the election, and they likely already have active cyber campaigns to achieve their preferred outcomes. Although it's difficult to actually affect voting, they can easily affect public opinions, perceptions and trust in the democratic processes in the U.S. by posting fraudulent information online. This loss of trust will make people less discerning in the links they click or the software they download.

There's really no way to be absolutely sure that the websites we visit are legitimate. Even sites from reputable sources are filled with bias and misleading information. Add foreign cyber adversaries to the mix and any controversial topic is sure to draw a host of illegitimate copycat websites. A cyber attacker with a nation-state's resources is capable of even more sophisticated attacks on individuals.

Related: Coronavirus: Cyber Threats On the Rise Amid Outbreak

Not a question of if, but when

The speed at which pre-election controversies can spread on the internet creates an environment in which cybercriminals thrive. All of the confusion, political spin and misinformation that surrounds the issue of mail-in voting can help cyber attackers gain access to their potential victims by targeting a person through analytics and social engineering. Corporations and their employees will likely remain prime targets for attackers. It's not a question of if this will happen, but when — and the security industry needs to be prepared accordingly.

Matthew Moynahan

CEO of Forcepoint

Matt Moynahan is the chief executive officer for Forcepoint. He joined in 2016, bringing more than 20 years of security, cloud services, and technology industry leadership, ranging from product development to sales to general management.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Related Topics

Starting a Business

This Retiree's Leisurely Side Hustle Makes $66,000 a Year and, 'You Don't Even Need to Go to High School to Do It'

Barbara Hill wanted a flexible, part-time job that would transition well into retirement. Now she mentors younger people who are making over $200,000 a year. Here's her insider's guide to getting started.

Business News

Who Owns The Rights to Your AI-Generated Content? Not, It's Not You. Uncover The Scary Truth That Puts AI Users At Risk.

The realization that copyright laws do not protect AI-generated material might come as a shock to many.


The Miley Cyrus Approach To Marketing — Why It's a Radically Different Method For Achieving Brand Impact

In case you missed it, Miley Cyrus recently won her first Grammy. In her acceptance speech, she told a story that is a great learning lesson for business owners and marketers alike, especially those who find themselves burned out and exhausted in this current environment.

Business News

HP Wants You to 'Never Own A Printer Again,' Launches Rental Subscription

In February, HP's CEO Enrique Lores stated that making printing a subscription service was the company's "long-term objective."

Business News

Elon Musk Sues ChatGPT-Maker OpenAI, Accuses the Company of Working to 'Maximize Profits For Microsoft, Rather Than For the Benefit of Humanity'

Musk claims that OpenAI's partnership with Microsoft threatens its original mission as outlined in a founder's agreement.

Business News

IKEA Price Increases Are Going Viral — Here's How Much Your Favorite Couch Costs Now: 'Inflation Is Crazy'

A video with a customer complaining about "inflation" and "corporate greed" has racked up over 1.3 million views on TikTok.