Blog Insights
Hacking Democracy: Tips on How to Stay Safe

March 26, 2019

Hacking is real, and many democracy-related organizations are targets.  

The Russian hacking group, commonly known as “Fancy Bear”, has recently been targeting European think tanks preceding upcoming EU elections. However, political organizations in the US have also been recent targets, as well as nonprofits, media groups, law enforcement agencies, federal contractors, the federal government and many other groups. Fancy Bear is the same group that hacked the Democratic National Committee in 2016 and has a long history of trying to hack democracy. Other hacking groups, both state-sponsored and otherwise, are also hacking individuals. Such groups often pick strategic targets and sometimes try to identify individuals in those organizations who might be most likely to fall for phishing attacks or spear phishing attacks, where an individual is targeted directly. Fancy Bear, for example, has used phishing emails that appeared to come from the US State Department. In such cases, if the user clicks a link in the email, or opens an attachment they downloaded, a backdoor allows hackers to access their computers and networks.  

How to Stay Safe

Phishing attacks have become very sophisticated. Teach yourself and your team on how to avoid becoming targets. Think twice before clicking on a link in an email or opening an email attachment. Spear phishing scams are customized to reach one specific individual, which make them harder to detect. Some key questions to address:
  • Does the email invoke urgency? This may indicate a phishing scam. An urgent request, an unpaid bill, an unexpected charge on eBay, or a locked account on Google should all get a second look.
  • Is the wording strange? Phishing scams often appear to come from someone important such as your boss, a client, a funder, the security team, the State Department, or other groups you would naturally trust.
  • Does the email address look correct? It may look exactly right, but still be a “spoof”.  In Gmail, click the arrow next to the sender’s name to see the details. This will show you the true sender email address (which may be different from what appears in the email itself).
  • Is it a trusted URL? Hover over a link before you click and look at the URL that shows up to see if goes to a known website and trusted URL. Often, phishing emails will show one URL but take you to another one. For example, however over this link to see where it actually goes: www.State.Gov.
  • Is this a trusted shortened URL? Don’t click on a shortened URL (such as bit.ly) as it may take you to a malicious site. You can use a tool such as checkshorturl.com to paste in the short URL and see where it will actually send you before you click on it.
Outside of email, be sure to use two-factor authentication on your email and other important websites. It is easy to set up and requires minimal additional work to help keep you much safer. In Gmail, for example, once you have completed two-factor authentication on a trusted computer, it will remember you going forward.

Written by

LinkedIn

Are you ready to create impact?

We'd love to connect and discuss your next project.