Phishing attacks target election workers

CyberScoop reports that Arizona and Pennsylvania county election officers have been facing a deluge of phishing attacks ahead of their primaries in August, indicating extensive cybersecurity threats against election officials prior to the midterm polls. Malicious emails aimed at Arizona county election officials increased by more than threefold between the first and third quarter of 2022, with phishing activity peaking around the state's primary on Aug. 2, while malicious emails targeted at those in Pennsylvania rose by 382% between the last quarter of 2021 and the first quarter of 2022, before increasing by another 169% during the second quarter, according to a Trellix report. Phishing attacks were found to either be notifications regarding soon-to-expire email passwords that redirect to a phishing site collecting recipients' credentials, or email thread hijacking involving a county election worker and a ballot distribution and collector contractor. "Ultimately, this phishing scheme plays on the election workers professional and moral commitment to help a trusted contractor struggling to register people to vote," researchers added. OSET Institute Board Member Eddie Perez noted that prevalent disinformation has exacerbated the impact of elections-targeted phishing since 2020.