This simple scam is exposing politicians to hackers | Cyber Security
An email-based cyberattack is one of the simplest methods of hacking an election.
In a typical phishing ploy, a hacker sends victims an email that tricks them into clicking a link. The link opens a page masquerading as an ordinary login page, like those for Gmail, Twitter, or Facebook, and fools victims into entering their credentials.
“When a victim does that,” says famed hacker turned security consultant Kevin Mitnick, “their computer ends up being compromised and malware is installed so the bad guy has control.”
This little scam could have a huge impact. According to a Senate intelligence committee report about cyberattacks that took place during the 2016 presidential election, hackers working for Russia targeted Hillary Clinton’s campaign with email-based phishing ploys. By tricking campaign chairman John Podesta into clicking an email link that appeared to be from Google, the cyberattackers infiltrated Podesta’s email and pilfered sensitive data.
The US intelligence community warns that Russian hacking didn’t stop with the 2016 election. In the run-up to the 2018 midterms, Facebook, Microsoft and Google have all detected and removed hackers who were trying to use the tech platforms to launch phishing campaigns.
Phishing attacks aren’t limited to nation-states, and campaigns remain vulnerable. And they’re not the only ones. Such attacks are “very commonly used by criminals, hacktivists and other types of hackers to compromise you as a consumer or to compromise businesses,” says Mitnick.
For more on phishing scams and how they may affect the upcoming midterm elections, read the full story on CBS News.
Campaign 2018: Election Hacking is a weekly series from CBS News and CNET about cyberthreats and vulnerabilities during the 2018 midterm election.
Learn more:
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Cambridge Analytica: Everything you need to know about Facebook’s data mining scandal.