Trustwave researchers have discovered massive databases with detailed information about U.S. voters and consumers offered for sale on several hacker forums, which include their political affiliation. The sellers of the U.S. voter database claim that it includes 186 million records, and if that is correct, that means it includes information about nearly all voters in the U.S. The information found in the voter database can be used to conduct effective social engineering scams and spread disinformation to potentially impact the elections, particularly in swing states. Trustwave
During voting season, being able to assemble an extensive database of the population of the United States of America\’s citizens is undoubtedly going to generate a lot of buzz on the dark web and make a lot of money for those who compiled the list when sold.
With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or vishing attacks.
Cybercriminals could generate spear phishing emails appearing to be sent from a particular political party\’s candidate with disconcerting information to dissuade a voter from voting for the other party\’s candidate.
With this information available to cybercriminals, there could be an immense number of phishing or social engineered emails sent to the American public. These emails will manipulate the user with fear or curiosity to take specific actions that he/she otherwise might not take and change his/her vote or click a link and be attacked by cybercriminals.
Individuals need to be wary of all communications that come through, whether by email or phone, especially in the current climate whereby election-themed phishing attacks are rising sharply. These may be attempts to spread disinformation which in itself is a terrifying prospect as it could have a real and lasting impact on the elections and the future of our democracy. On a more personal level, cybercriminals are likely to use this information to carry out other malicious activity such as phishing, which could lead to some of the most serious kinds of identity theft or malware distribution. Before giving out information to anyone, ask yourself does this business/person need to know this information – does it help them provide their business service? More than ever, voters and consumers will need to be vigilant – ensuring they verify the origins of any communication before clicking a link or falling for ‘fake news’.