Why are voters good targets for cybercriminals — and how can they stay cyber safe during elections

Elections, like other mass events, offer broad opportunities for threat actors to target consumers and businesses. Governments need to be prepared.

With nearly one billion people eligible to vote over a 44-day period, the ongoing election in India has been dubbed the largest ever, and the second-longest, election in world history. Given that cybercriminals tend to abuse important large-scale events for scams and malware and threat distribution, it is unsurprising that warnings about disinformation, AI-generated deepfakes and possible interference with the Indian electoral process have emerged in recent weeks.

But the government and political parties are not the only targets. There are hundreds of millions of Indians who have to cast their ballots, read political news, and discuss hot topics online. And performing these tasks makes their activity in the online environment predictable and potentially susceptible to cyberattack. 

This blog will show you some of the tactics and techniques used to deliver potential threats, along with real-life examples (some of them described by ESET research). As you will see, some of these cyberattacks and scams can be easily spotted by vigilant people right away, but others are more sophisticated — and therefore more dangerous.

In any case, it is always good to have a reliable cybersecurity solution that, ideally, prevents attacks before they do any harm. As a global leader in cybersecurity, ESET protects governments, businesses, and even regular Joes like us with tailored solutions that are easy to use, so people can safely navigate election fever without constantly worrying about being scammed, attacked by malware, or exposed to even more complex threats. 

Every time a large-scale event takes place, there is a high chance that scammers will try to profit off of it. Some examples include fake tickets being sold before important football matches, tax-related phishing emails come during tax periods, and fraudulent copycat online shops emerging before holidays and festivals.

The same applies to elections. Here are some potential threats:

Phishing – A phishing attack impersonates a relevant person or authority to lure victims into revealing their sensitive data or giving money.

For example, some Indian citizens were targeted by a phishing attack known as “BJP Free Recharge Yojana” just ahead of the 2024 election. Phishing messages spread on social media and WhatsApp claiming that one of the two major Indian political parties, Bharatiya Janata Party and the Indian National Congress, was offering free mobile credit recharge (top-up) worth 239 Indian rupees ($2.87) so that more people could vote in the 2024 general elections. Users were redirected to a phishing web page designed to harvest victims’ personal data.

During the election period, a similar cyberthreat came in the form of fraudulent calls for donations or fake election surveys promising a gift card or some other incentive, but in reality, going after victims’ personal information or banking information.

Advanced phishing – Advanced phishing campaigns that use social engineering, AI, and various detection-evasion techniques are on the rise and have also been spotted by ESET researchers. Recently, they published a blog about an advanced phishing campaign that uses carefully crafted messages and malicious attachments protected by AceCryptor, a cryptor-as-a-service malware designed to hide other malware from cybersecurity tools. 

Indian media also reported about advanced phishing attempts targeting employees of various Indian central ministries in 2021. Phishing emails were mounted through compromised government-domain email IDs. The aim of the campaign was to obtain victims’ credentials that could be employed in further attacks. 

Spam emails – Mass spreading of unsolicited emails may be used for phishing campaigns or spreading disinformation. In February 2024, ESET researchers described one such politically motivated campaign in Ukraine. Going by the name Operation Texonto, the campaign combined spam messages trying to demoralize the local population and phishing messages impersonating an IT department and asking for users’ credentials.

Watering hole attacks – Watering holes, also known as strategic web compromise, abuse websites that are likely to be visited by targets of interest, thus opening the door to the infestation of a website visitor’s machine.

In the context of elections, cybercriminals could choose news websites as their target. For example, in 2021, ESET researchers discovered compromise of the Middle East Eye,  a London-based digital news site covering the region. The website contained a malicious script, but its final payload remains unknown.

Botnets and DDoS attacks – A botnet is a network of computers that have been compromised with malware. It can consist of thousands or even millions of enslaved units tasked to perform various malicious actions without the users’ knowledge. These tasks include, but are not limited to, spreading spam or launching distributed denial of service (DDoS) attacks (i.e., the bombardment of a website with so much traffic that it either slows down or crashes completely).

Threat actors commonly use DDoS attacks to disrupt government or news sites, especially during elections. One of the recent notable incidents in India happened during the 2023 G20 Summit. The Summit’s website then faced a DDoS attack with 1.6 million superfluous requests per minute.

Ahead of any elections, governments need to prepare and protect critical infrastructure. Here are some attack vectors that government and local officials need to consider, based on the U.S. Cybersecurity and Infrastructure Security Agency (CISA) toolkit, EU Compendium on Elections Cybersecurity and Resilience, and UK Guidance for organizations coordinating elections. The U.S., along with many other countries, has also been forced to defend free and fair elections from disruption both online and at the polls.

Voter information: Threat actors may try to compromise or manipulate electronic poll books and voter registration databases. For example, ransomware and wiperware can have a material impact on the conduction of elections by rendering voters’ registration data unavailable.

Online voting systems for citizens living abroad: Disruption of online voting systems may prevent registered voters abroad from casting their votes.

Websites: Threat actors often target state and local websites with DDoS, phishing, and ransomware attacks. They may also try to alter content of public-facing websites, which are, for example, displaying information about running parties or recent polls.

Email systems: Threat actors may target the email accounts of government officials or political figures. The preferred method of gaining access to such accounts is phishing.

Networks: Using phishing or malware, threat actors may try to infiltrate state and local networks that election offices rely on to execute regular business functions.

Insiders: Some individuals may seek to exploit their accesses for unauthorized purposes within government or local offices.

Media: Mass media and social media are often the targets of hybrid threats, such as disinformation and cognitive warfare (which seeks to influence decision making, attitudes, and behaviors). Many of these attacks may go unnoticed because threat actors use salami tactics, a strategy in which a series of small actions are taken to achieve a larger goal, with each individual step small enough to go unnoticed or be dismissed as insignificant.

If you are further interested in the topic of governments managing election cybersecurity, check out this blog.

Considering that elections can be abused by cyber attackers targeting regular citizens, news outlets, businesses, and governments, the threat landscape that needs to be protected is quite huge.

An important consideration is the fact that many of these threats — such as scams, phishing, and watering hole attacks — may be encountered while using mobile devices. In particular, mobile users are becoming increasingly susceptible to phishing attacks.

Defending against such a broad spectrum of attacks requires comprehensive solutions — ones that remain sufficiently easy to use for home administrators and users simply trying to enjoy everyday life but are also powerful enough for IT security managers responsible for the defense of businesse.

Elections are crucial events for democratic societies, and because they involve so many people, they can be abused by cybercriminals. Citizens, businesses, and governments need to stay vigilant and fortify themselves with a reliable cyber security solution to ensure that voters’ voices are heard without disruption or interference.

Despite the vastness of the threat landscape, ESET has developed effective protections against all kinds of threats. Over its more than 30 years in the market, ESET has risen to become a global leader in the digital security industry, offering AI-native prevention-first technology and employing industry-acclaimed threat researchers. With this level of expertise, ESET is able to protect all kinds of users, from common households to international enterprises.