It’s hard to imagine, as we look forward to another week of potential swimming weather in New York, that the general election is only a few weeks away. As we discussed in our Crowdstrike IT outage post, every new event is a hidden opportunity for scammers to use as phishing bait. The coming election and all the activity around it, of course, is no different.
Krebs recently reported on an incompetent “get out the vote” campaign that raised some alarms for looking like phishing. Multiple media outlets reported on text messages informing recipients they weren’t registered to vote, directing them to websites like all-vote.com and votewin.org. These messages and sites raised suspicions due to their unsolicited nature, recent domain registrations, and requests for personal information. Some recipients, including a Canadian seventh-grader, knew the information was incorrect as they were already registered or ineligible to vote.
Investigation revealed that the campaign was run by Movement Labs, a San Francisco-based political consulting firm. Their goal was to increase voter registration among underrepresented groups. However, voter engagement experts criticized the approach, stating it violates best practices by potentially providing inaccurate information about voter registration status. Debra Cleaver, founder of VoteAmerica, emphasized that one should never tell someone what their voter file says, as these files are often unreliable or outdated.
While Movement Labs’ founder Yoni Landau defended the campaign’s intentions, experts argue that the end result of such incompetence could be increased chaos, reduced voter turnout, and long-term harm to democracy. It’s unfortunate, but the road to perdition is often paved with the best of intentions.
So what can you do as a result? The same general rules apply for election related emails as gift cards, sudden lottery winnings and unclaimed UPS packages. When getting an unsolicited email, beware, and check a few things before even thinking of taking that email seriously:
- Urgent or threatening language: Legitimate voting communications rarely use pressure tactics.
- Generic greetings: Official emails often use your name, not “Dear Voter” or similar.
- Requests for personal information: Be cautious of emails asking for sensitive data like Social Security numbers.
- Suspicious links or attachments: Hover over links to check their true destination before clicking.
- Unofficial email domains: Legitimate emails usually come from .gov addresses.
- Poor grammar or spelling: Official communications are typically well-written, though lately with LLMs this is a rarer issue.
- Inconsistent information: If the email contradicts what you know about your registration, be skeptical.
- Unusual sender: Verify the sender is an official election authority for your area.
- Unexpected attachments: Official bodies rarely send attachments in routine communications.
The deception techniques for phishing scams haven’t evolved much and remain pretty consistent. Take a look at our phishing simulator page for a review of the six most common techniques. If you’re truly concerned about your registration status, use vote.gov for legitimate voter registration and updates.
