Voter registration scam can steal your personal info — what to do

(Image credit: Shutterstock)

Online crooks, Russian spies or maybe both are using fake voter-registration emails to cajole personal details such as names, addresses, dates of birth and Social Security numbers out of American voters eager to take part in the upcoming U.S. general election.

That's the word from KnowBe4, a firm that provides awareness training against phishing attacks and other security issues.

"Your Arizona voter's registration application submited has been reviewed by your County Clerk and some few details couldnt be comfirmed," reads a sample email included inn a KnowBe4 blog posting. "Please recomfirm details to allow for processing which may take up to two days to reflect in the system."

That's followed by a helpful link stating "You may reconfirm application here."

Lindsey O'Donnell at Threatpost pointed out that the lousy spelling, grammar and punctuation ought to be a tip-off that this is a phishing email. But sometimes that just helps phishers weed out the smart people.

The email looks like it's coming from the U.S. Election Assistance Commission, a real federal agency set up to help states administer elections in the wake of the 2000 Florida hanging-chad debacle. 

Yet the link goes to a fake version of Service Arizona, the official website of the Arizona motor vehicle department, which does have a voter-registration section.

The fake site asks for everything an identity thief would need to steal your identity: your name, mailing address, date of birth and Social Security number, plus your email address and driver's-license information. (The real Service Arizona site asks only for the last four digits of your SSN.)

How to avoid this phishing scam

Needless to say, if you get a similar email that seems to come from the U.S. Election Assistance Commission or a related agency, be very careful. Call the agency in question to confirm it's real instead of clicking on the embedded link. 

If you do click on the link, check the website address, and don't carry out this business on a phone or tablet. And don't ever give out your full Social Security number to anyone who asks — only your employer and the IRS needs to know that.

Oddly enough, KnowBe4's Eric Howes wrote, the email sample was submitted by a KnowBe4 user in Kenosha, Wisconsin, "a locality that has been in the news recently due to widely reported civil unrest in the area."

Like Arizona, Wisconsin is a "battleground" state that the presidential candidates are fighting to win. That fact led Howes to speculate that this might not just be a mere phishing email.

"Given the election angle," he wrote, "we cannot ignore the possibility that this phish may be part of an attempt by parties unknown to intervene in the election, either by seeding confusion and chaos in the election process or engaging in some form of election fraud."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.