Introduction

With the widespread adoption of digital usage, many activities that were traditionally conducted in person have shifted to the digital space or transformed into a hybrid format. Election campaigning is one such example, with election candidates conducting campaign activities online to expand their reach to the electorate. Some examples include the use of social media to hold online rallies or leveraging Zoom to host Q&A sessions.

However, this shift to the digital space provides cyber threat actors with more opportunities to conduct cyber-attacks against unsuspecting victims. This advisory provides voters with information on potential cyber threats and the measures that can be taken to mitigate or reduce the risk of falling victim.

Potential Cyber Threats

During an election, threat actors may take advantage of election fervour and incorporate election-based themes in their attacks to increase their chances of success. Some of these potential cyber threats include:

Phishing

Threat actors may compromise the social media accounts of election candidates and political parties or create fake social media accounts to launch phishing attacks. Threat actors could also create websites that mimic the content of official campaign websites to carry out social engineering attacks. During such attacks, unsuspecting victims may inadvertently provide sensitive information or perform financial transactions at the behest of the threat actor impersonating the election candidate or political party as a gesture of support.

Malware Distribution/Infection

Threat actors may attempt to trick voters or members of public into downloading malware masquerading as legitimate software widely used during the election campaign. Such software may include video conferencing applications (apps) that election candidates and political parties use to conduct their campaign activities online. When downloaded and installed onto the victim’s device, the malware could potentially lead to unauthorised access, data breaches or other malicious activities.

Cyber Hygiene Measures for Voters

To better defend against such cyber threats, voters and members of public should adopt the following cyber hygiene measures:

Download Software from Official Sources

Download apps only from official sources and pay attention to the security permissions required by the app and/or its privacy policy. Be particularly wary of apps that request for unnecessary permissions on your device that may not be necessary for the app to function.

Be Vigilant Against Phishing Attempts

Be vigilant when receiving emails and messages, particularly those asking for sensitive information or requests for financial payments. This stance should not change even if the purported sender of the email or message is from an election candidate or political party. To check if the email or message is authentic, voters and members of public should:

• Closely examine the URL link(s), if any, to check that the website is legitimate before clicking on the link.
• Refrain from clicking on URL links in unsolicited emails and messages.
• Always verify the authenticity of the information with official websites or sources.
• Never disclose any sensitive or financial information.

It is crucial for voters and other members of the public to exercise discernment when encountering information requests on social media platforms, messaging platforms and websites during the election period. By being vigilant and critically assessing the information received, you can safeguard yourself from potential monetary losses and protect your devices from malware infection.