2020 General Election Results to Directly Impact Tech Industry


Datto owner

… malicious actors seek to disrupt the election by spreading misinformation on election day, such as false instructions on where to vote, fake notices that the polls have closed early, or intimidating messages warning people to stay home,” he said. “In fact, the FBI reported on a similar intimidation scheme, using emails impersonating a white supremacist group, just a couple of weeks ago. It would be equally easy for bad actors to send emails impersonating a state’s secretary of state or a local elections official. And such emails would be even more convincing to recipients given the authority of the apparent sender.”

In other cases, emails might impersonate a trusted news source, García-Tobar said. It may pose as an official news story calling the election for one candidate or another. These emails, if distributed widely, could sow confusion by casting doubt on the outcome.

DMARC Needed for All Domains

The report makes a strong case for a widely used industry standard called domain-based message authentication, reporting and conformance (DMARC). It prevents attacks in which malicious third parties try to send harmful email using a counterfeit address.

Valimail's Alexander García-Tobar

Valimail’s Alexander García-Tobar

“There have been several significant reported examples of impersonation-based phishing, as there were in both 2016 and 2018,” García-Tobar said. “It’s hard to tell whether the rate has increased, however, since most domains involved in the election are not configured with DMARC. And therefore the domain owners have no awareness of impersonation that may be happening using their domains.”

Valimail is calling on federal and state officials to prioritize DMARC for all domains involved in elections. The federal government has already done this for federal agency domains. Valimail manages DMARC for organizations globally.

“Impersonation could easily continue to be a factor in the coming days and weeks, particularly if the results of the election are in doubt or contested,” García-Tobar said. “The same techniques that an attacker might use on election day would also work to sow doubt, confusion and misinformation in the days and weeks following the official election date.”

Pages: Previous 1 2

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 141953