Voters are bombarded with political emails this fall. But it is those who are “undecided” about how to detect a phishing scam who stand to most lose before November 6th.
Phishing emails, intended to trick consumers by driving them to websites where they enter credit card and other confidential information, continue to be lucrative for cyber criminals around the world. According to security company RSA, for the first half of 2012, estimated worldwide losses from phishing attacks alone amounted to more than $687 million. Attack numbers averaged 32,581 per month — a 19 percent jump compared to the second half of 2011.
During the Presidential election season, scammers can’t wait to cast their nets. With campaign contributions becoming most critical this final week, fundraising emails are being sent with double the frequency. For instance, in the first three weeks of October, Obama for sent out over 50 different emails to all of its supporters asking for donations. The sheer volume of emails make voters more vulnerable and more susceptible to scams.
The Better Business Bureau (BBB) is calling on all voters to be aware of the number of scams that are likely to continue leading up to the Presidential election. According to the BBB, “Scammers use incentives based on what they think voters want to hear. Hot topics such as health care, economic recovery and unemployment, are alluring topics this election season.”
“Website reviewers” on SiteJapper recently discovered two scam sites called DemocraticNationalCommittee.org and RepublicanNationalCommittee.org. They are fraudulent donation sites made to appear as if they were created by the Democratic and Republican parties. Once visitors click on the “donate” link, they are taken directly to a PayPal account “not connected with any Federal elections.”
So, how can you avoid being a victim of phishing as we lead up to Election Day?
First, it’s important to know the signs of fraud and be able to identify the difference between a legitimate email or website from a fraudulent one. Here are three ways to identify a potentially counterfeit email or website:
Scrutinize Email Subject Lines
Watch out for scare tactics and threats. Successful phishing email subject lines are security related and suggest suspicious activity with your account to prompt you to click on a link. If you have a user account on a Presidential candidate’s site through which you make donations, be skeptical of emails entitled “account suspended” or “information compromised” or “account accessed by third party.”
Be even more suspicious if you receive an email with this subject line on a Friday or Monday. According to Websense, Fridays and Mondays are the top phishing days of the week.
Triple Check URLs
If you receive an email from an unknown sender, resist clicking on any links. However, if you think the sender is legitimate, you should first review the URL without even clicking on it. For those who don’t already know, you can hover over the link and you should see the URL in the status bar (usually on the bottom of screen). Review the name of the site before you click on it.
Once you do click on a link in an email, you can double check the URL again in the address bar. Look closely at it before you enter any private information or credit card details. Examples of fake URLs are an “@” symbol in the middle of the address or typos or spelling mistakes. It’s also a good idea to look for typos within the actual website to which you’re taken. Because phishing sites need to go up very quickly (97 percent are taken down in 48 hours by organizations protecting their brand), the scammers spend little time proofing content, so sites are usually rife with typos and errors.
If you do not trust the URL, and you know where you’d like to go, then it’s a good idea to simply type the correct web address into the address bar directly.
Green Means Go
Once you’re on a campaign donation site, look again to the address bar for clues. A properly authenticated site will have a green address bar (or a green padlock icon) and https (vs. http) preceding the site name in the URL. These three indicators signify a safe and legitimate site that has undergone a rigorous authentication test. It is fortunately not easy for scammers to fake these trust marks.
Counterfeit activity not only diverts coveted donations from legitimate campaigns, but can damage voter trust. To protect yourself, do not provide your social security number, banking information, or credit card number if you come across any of the above fraud indicators. If you’ve been a subscriber of a particular campaign email list for some time it’s still a good idea to go through the checks anyway.
Dan Whetzel is the Director of Global Intelligence Operations at Melbourne IT, a position he previously held while at Verisign. Dan works with organizations to develop multifaceted defenses to potential threats, creating a hardened target and casting light upon vulnerabilities. As a member of the Anti-Phishing Working Group, he is well versed in issues and trends surrounding anti-phishing, anti-spam, identity theft, counterfeiting and brand protection.
Obama website image via Shutterstock.com