SMS Phishing Attempts Are Riding the Presidential Election Wave

SMS-based outreach has become a standard in the political playbook, with candidates and their supporters soliciting financial support, opinions, and votes through texting with increasing frequency and sophistication. In the course of protecting enterprise endpoints, Symantec, a division of Broadcom (NASDAQ: AVGO), has turned up evidence of an increasingly prevalent scam tactic in the run-up to the U.S. presidential election: SMS phishing attempts using bait with campaign, voting, and political themes.

Symantec Endpoint Protection Mobile (SEP Mobile) shields users from SMS phishing attempts by checking URLs found in text messages against the threat intelligence in Symantec WebPulse, part of the Symantec Global Intelligence Network (GIN), and alerting users when the links are suspect.

We took a look at the links contained in SMS messages sent to mobile devices located in the United States between the first week in August and late October 2020 and found a sharp increase during that period in the percentage of election-themed messages containing phishing URLs.

Over the last three months, we observed the number of election-associated text messages containing links to websites double. Of these messages, we saw the number bringing the user to a scam/phishing/or attack-associated website increase from 1 in 5 (18.3%) to almost half (48.6%).

These attacks have been observed in all regions of the United States, and target the full range of the political spectrum.

Mitigation

SMS phishing presents a risk to all smartphone users. In addition to relying on protection like Symantec Endpoint Protection Mobile, it’s a good idea to follow these recommendations:

• Be suspicious of texts that contain a call to action, such as a link or a request for you to call or text a phone number.
• Be suspicious of messages that include anything suspicious or out of character, including misspelled words or improper grammar.
• If you are unsure if a text has come from a legitimate organization, such as a bank or a hospital, for instance, look up their number using directory assistance or other trusted source and call them to check whether they have tried to contact you.