The FBI is warning US election and other state and local government officials about invoicethemed phishing emails that could be used to harvest officials’ login credentials. If successful, this activity may provide cyber actors with sustained, undetected access to a victim’s systems.
As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials.
These emails shared similar attachment files, used compromised email addresses, and were sent close in time, suggesting a concerted effort to target US election officials.
Source: U.S. Federal Bureau of Investigation Cyber Division