It has been difficult to avoid the media attention surrounding the upcoming U.S. election and at least some level of political uncertainty surrounding the election process itself due to the pandemic. It was only a matter of time before cybercriminals attempted to exploit U.S. voter registration to spread attacks to unsuspecting individuals. We are now seeing phishing attacks doing that very thing. U.S. voters should take notice because in addition to this attack, there will almost certainly be other similar attacks as the U.S. election draws nearer.
Over the past several days we have been seeing phishing messages posing as the Election Assistance Commission and purporting to come from the domain [usa.gov]. The messages state that there is a problem with your voter registration and that your voter registration could not be confirmed.
These phishing attacks are being launched from SendGrid servers and utilize SendGrid links in the messages. SendGrid-based attacks have reached a fever pitch as of late as their platform has been abused heavily by attackers. Using SendGrid(or other services like it) lends some credibility to the message in the eyes of the intended recipient as well as some security controls.
These links redirect to one of several compromised WordPress sites. There the attackers are looking to gather personal data from the target. The page below is one of six pages designed to gather personal details:
The most likely outcome to falling victim to these attacks is full-fledged identity theft. With the attackers launching the entire attack through the abuse of, what are otherwise legitimate, third party services it’s difficult to attribute this attack to a specific group or geolocation. No matter who is behind it, one thing is certain… we will be seeing more like both from this group and likely some other groups as well. We must exercise added vigilance during these relatively tumultuous times. Of course, all of our Email Threat Protection customers are protected from this threat.