The FBI issued a warning last month for Americans to stay on the lookout for fake voting websites and emails that were set up by cybercriminals to spread misinformation and confuse people around the US presidential election.
While the FBI didn't disclose specific fake websites, cybersecurity researchers have identified examples of the scam in action — and scam sightings have continued as votes are being counted.
Some fake sites aim to mislead voters to influence the election, while others used interest around voting and the election to steal people's passwords. They imitated official election sites but use slightly altered spellings, like changing one letter in the word "election" to trick people into trusting them.
Other versions of the scam used similar tactics to send people emails from spoofed addresses that appear to come from election officials, baiting them with emails that purport to contain information about voting in order to get people to click on malicious links.
Some emails have been sent in the wake of the election, BleepingComputer reported, claiming to include file attachments with information about "election interference." Recipients are told they need to log into a secure page to see the files, unwittingly handing over their login credentials to scammers.
Fake websites are run by scammers and "foreign actors," according to the FBI's announcement, but the agency did not specify which entities may be behind the sites.
In one scam identified by cybersecurity firm Zix, criminals used email listserv tools to send thousands of people emails posing as voting officials and encouraged recipients to register to vote. From there, victims were linked to a website designed to look like a voter registration form that tricked them into disclosing personal information.
Two other scams identified by security firms Proofpoint and KnowBe4 used fake email addresses to tell people that there was an error with their voter registration, or issues with mail-in ballots in order to collect people's data like date of birth, social security number, banking information, and driver's license data.
The tactics are an example of phishing scams in which hackers pose as trusted sources to get people to hand over their information. People lost more than $57.8 million in 2019 as the result of phishing, according to the FBI, with over 114,000 victims targeted in the US.
To avoid falling victim to scams, the FBI recommends that people double-check the source of voting information with the Election Assistance Commission and avoid downloading documents sent from unfamiliar email addresses.