On 4 June 2020, Google reported that advanced cyber threat actors targeted the presidential campaigns of United States presidential candidates, Donald Trump and Joe Biden. Phishing emails reportedly targeted the candidates and their campaign staffers in attempts to gain access to their email accounts. Although Google reported no signs of compromise in either sets of attacks, these attacks highlight the potential cyber threats faced by political parties and candidates during election campaigns.
Such cyber threats during election campaigns are not new. Similar incidents involving phishing email attacks were also observed in the US 2016 elections, where malicious emails and webpages masquerading as Google were used to trick Democratic National Committee staffers into revealing their Google credentials to malicious actors. As a result, victims of these attacks had their personal emails and documents stolen, and these were subsequently posted online to influence the election campaign. Other than the US, political parties and candidates in countries such as France, Indonesia and Cambodia have also reported malicious cyber activities during their election periods.
These incidents are part of a global trend of phishing attacks aimed at interfering in elections. Similar attacks could also happen during the Singapore General Elections to target political parties and candidates, including party members. Political parties and candidates that fall victim to such phishing attacks risk having their information stolen or leaked online. If the accounts are taken over by malicious threat actors, this could disrupt the political party and candidates’ ability to reach out to the voters as well. The reputation of political parties and candidates, as well as voters’ confidence, could be adversely affected.
Political parties and candidates are responsible for your own cybersecurity. You may wish to keep abreast of such cyber risks and threats and other foreign electoral influence campaigns and take the necessary precautionary measures to secure your online presence. As the phishing attacks may also target members of the political parties, all party members should practise good cyber hygiene measures, including being vigilant to phishing emails, and monitoring for unusual activities in their devices or accounts. For more information, please refer to the Advisory to Political Parties on Cybersecurity Risks and Precautionary Measures found at https://www.eld.gov.sg/candidate_parliamentary_handbook.html.