Archives for November 2017

7 Ways to Keep Your Campaign Safe from an Email Phishing Attack

Cyber security is an issue of critical importance to political campaigns at all levels in the wake of the hackings of the 2016 election. Both the Republican and Democratic parties have faced challenges and are making significant investments to help prevent hacking in the 2018 election cycle. Some of the most significant recent cyber security failures in politics were a result of an email phishing attack. These include the hacking of the Hilary Clinton Campaign’s Chief of Staff John Podesta’s emails during the 2016 election and the hacking of the Marcon campaign before the French Presidential Election.

While we’ve written about the importance of political campaigns securing their websites and provided tips for how to keep social media accounts safe, we think it important to provide tips on how to avoid an email phishing attack to your campaign.

What is phishing? Phishing involves the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal and organizational information — such as account numbers for banking, credit card and donation platform accounts and the key login IDs and passwords you use when accessing these accounts. When hackers go on phishing expeditions, they lure their targets into a false sense of security by hijacking the familiar, trusted logos of established, legitimate companies such as Google, Facebook and Apple. A typical phishing scam starts with a fraudster sending out millions of emails that appear to come from a high-profile company in the hopes of getting folks to inadvertently click.  In some cases they are specifically targeting your campaign. Phishing is one of the most popular methods of attack for cyber criminals. There has been a tenfold increase in phishing campaigns over the past decade reported to the Anti-Phishing Working Group (APWG).

Here are some tips for how to avoid email phishing attacks:

Learn Common Traits of Phishing Emails: There are some common content traits to phishing emails that can help you in recognizing them. Many are poorly written and contain spelling errors. Phishing emails often use spammy words such as “free’, ‘profits’, ‘no fees’ to promote offers. Many contain urgent in the subject line and  threaten the loss of an existing account. These emails often have no personalization field for the recipient and contain no email signature for the sender. Finally, phishing emails often contain fake logos and poor structure. Be weary of logos of poor quality or an email message whose header and footer content looks different from the usual content you receive from a company.

Pick Up the Phone to Verify:  If you receive a request for personal or financial information over email do not respond. Pick up the phone and call the company yourself using a number in your rolodex, not the one the email provides. Hackers use pressure tactics and prey on people’s fears by noting the urgency of the matter. If you have reason to believe that a company needs personal information about you right away, pick up the phone and confirm it. As a general rule, you should never share personal or financially sensitive information over the internet.

Do Not Click : Do not click on the link provided in an email provided by a company requesting personal or financial information. Type the URL into your web browser yourself or use a bookmark you previously created. Hackers can mask the true destination of a URL, even though a URL may look real in an email.

Verify a Site’s Security: Before ever submitting any personal or financial information to a website make sure the site’s URL begins with “https” and there is a closed lock icon near the address bar. Check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines may show certain links which may lead users to a phishing webpage which offers low cost products. If the user makes purchases at such a website, the credit card details will be accessed by cyber criminals. Be wary of pop-ups. Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts.

Keep Your Browser Up to Date: Security patches are released for popular browsers in response to security loopholes that phishers and other hackers discover. When an update for your browser is available, download and install it.

Keep Anti-virus Software Updated: Use antivirus software and be sure to keep your software up to date and enable spam filters. Antivirus software guards against known technology workarounds and loopholes. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update the programs regularly as these updates are made to counter new scams. Firewall protection stops access to malicious files by blocking the attacks. Antivirus software scans every file which comes through the internet to your computer and prevents damage to your system.

Periodically Check Your Accounts: Be sure that you are reviewing campaign banking, credit card and donation platform accounts daily to check for irregularities in your online transactions.

Need more help?

Contact us here or via Facebook Messenger. Or sign up for our newsletter to get the latest tips here.