Table of Contents
As foreign and domestic actors find new ways to spread disinformation ahead of the 2020 election, people should be extra cautious when election-related emails swoosh into their inboxes.
Earlier this week, voters in Florida, Pennsylvania and other states received threatening emails claiming to be from the far-right, authoritarian group Proud Boys. The lie that voters would be attacked for going to the polls was part of a disinformation campaign, said John Ratcliffe, director of National Intelligence.
Disinformation is false information spread with the intent to misdirect people about what is happening around them.
Start the day smarter. Get all the news you need in your inbox each morning.
In a news conference Wednesday, Ratcliffe said Iranian hackers were behind the attack. Iran used voter profiles in the attack, which can include voters’ names and addresses. Russia also has obtained voter profile data, he said.
Voter registration lists are kept as public information, though what information is given and who it is given to changes from state to state. In Michigan anyone can request voter data. This allows them to see names, addresses and birth years for all registered voters in the state.
More: Fact-checking last night’s presidential debate, Joe Biden vs. Donald Trump
More: Our Election Night promise: Accuracy will come first
In a 2018 article by the Pew Research Center, two of Pew’s researchers explained how commercial organizations can then take this data and match it with data from outside sources, such as consumer data vendors, credit bureaus and political organizations. These datasets are marketed as a rich and comprehensive record for nearly every American adult, according to Pew.
At the start of October, the FBI warned voters to stay alert for “spoofed election-related internet domains and emails accounts during the 2020 election year.” The FBI said it wanted the public to be alert for attempts to undermine people’s confidence in the upcoming election. A bipartisan Senate report showed Russia’s efforts to spread disinformation in 2016, and while authorities say both foreign and domestic actors are trying to interfere in 2020, those attacks may be different than four years ago.
In security matters people talk about the “cat-and-mouse game,” said Paul Resnick, director of the Center for Social Media Responsibility at the University of Michigan School of Information. The center studies the positive and negative consequences of how easy it is to publicly communicate through social media. One of its projects is the “Iffy Quotient,” which measures how media platforms are managing the flow of misinformation. Misinformation is a more general term that includes information spread without the intent to mislead someone; sometimes the person spreading it believes it to be true.
Attack and defense strategies are always evolving. An attack is detected, defense against that type of attack gets better, and attackers switch to something else, Resnick said.
If this year’s “something else” is disinformation delivered straight to people’s inboxes, staying alert is a good way to stay safe, Resnick said.
“If you’re thinking, ‘This might be a phishing attack,’” Resnick said. “You’re already halfway to safety.”
One version of email deception is creating a website with an altered version of a legitimate website domain. The FBI used the example spelling “election” as “electon”, or using “.org” instead of “.gov.” When people get an email related to the election, they should “critically evaluate” the email address, according to the FBI release.
Spoofing an email address is a strategy commonly used when someone wants the target to respond with information, such as a credit card number, Resnick said. But if the goal is to spread disinformation by appearing to be a legitimate source, faking an email address is as easy as sending a fake letter.
While some email services will automatically fill in who a message is from, some don’t, Resnick said. People can then write whatever they want in the “from” field.
Check the address
In Michigan, some election officials don’t use a standardized government email. Peter Larson, 51, lives in Bridgewater Township in Southeast Michigan. Ahead of the August primary, his clerk sent him a ballot by email.
“Bridgewater Township is a tiny, tiny township in Washtenaw County,” Larson said. “And their email is just a Yahoo account, which is crazy.”
Larson thought the emailed ballot had something to do with it being a smaller election.
But when he got the same email for the November election, he questioned it. He saw people getting ballots in Ann Arbor with security envelopes and a place to sign on the back. All he had was an email attachment, with no envelope and no instructions to sign his name anywhere. He wasn’t sure how the clerk would know it was his ballot.
After Larson spoke with the clerk’s office, he was able to confirm the ballot was sent by that office. The clerk explained Larson had requested an easy ballot, or accessible ballot, by mistake. Voters with disabilities that prevent them from being able to read printed words can request electronic ballots, which are sent by email. The office sent him a standard ballot instead and included a note apologizing for the confusion. Larson didn’t blame the township, but the process concerned him.
Anybody could come up with a fake address and send a fake ballot with incorrect instructions to ensure a ballot didn’t get counted, Larson said.
To double check your county clerk’s contact information, you can go here and search by either your county’s name or your address. To report misinformation to the Michigan Secretary of State’s office, email [email protected]
Don’t be a cyber detective
The best thing people can do if they doubt the validity of an email is to get an independent verification of the information, much in the way Larson did, Resnick said. Go find out more about the organization that sent it, or go find another source and see if it has the same information, he said.
“That’s probably a timeless countermeasure that will always be, probably, effective,” Resnick said.
The other “timeless” advice Resnick offers: The more surprising and alarming something is, the more likely it is to be fake.
Ashley Nerbovig covers mis- and disinformation for the Detroit Free Press. Contact her at [email protected] This project was produced with support from a grant from the American Press Institute.
This article originally appeared on Detroit Free Press: Watch out for email and website spoofs this election season