Cyber threats have become a growing concern among citizens. Despite the existence of new sophisticated cyberattacks that require advanced security, others such as phishing, based on deception, not only disappear, but have grown in the number of cases this year. Hackers pose as different organizations: banking, educational centers or public administrations. And within the framework of the general elections, with the ignorance of certain mechanisms, and the rise of voting by mail, citizens could become easy targets for this fraud.
Cybercriminals use legitimate entities, such as government agencies or political parties, to trick citizens into stealing sensitive information, such as passwords, credit card numbers, or personal data. There is a history of phishing cyberattacks in other countries during electoral periods where, a priori, the culture and security mechanisms are robust. During the 2016 US general election, hackers conducted spear-phishing campaigns targeting political figures and election commission workers. Or in the case of the French general elections in 2017, Emmanuel Macron was the victim of a phishing attack shortly before the elections, managing to leak a large number of emails and campaign documents from him.
The causation, therefore, of both crises in cybersecure States, demonstrates the importance of addressing these threats proactively, since phishing cyberattacks or others of this nature can erode the confidence of the population in the electoral system. For this reason, it is crucial to establish robust security systems that identify potential fraud, educate the public on how to avoid phishing scams, and have a rapid response system in place to report and handle any security incidents that may arise. Especially in the 23J Elections, whose increase in voting by mail adds an additional layer of concern in terms of confidence.
While voting by mail is a convenient and secure option, its effective implementation depends on a strong identification and authentication system. Therefore, the question of credibility in any of the organizations and channels of communication -regardless of being digital or not- with the public, is essential in terms of trust.
Likewise, the individual responsibility of citizens plays an important role in protecting against cybercriminals. Citizens must verify the authenticity of any communication related to the general elections, and report any indication of suspicious activity to the authorities. It is therefore essential that they are informed about phishing tactics and other cybersecurity risks, being careful when checking the origin of emails, avoiding clicking on suspicious links and using strong and unique passwords for each personal account on web portals.
the public administrations themselves also have a crucial role in protecting against phishing and other cyber attacks.
On the other hand, the public administrations themselves also have a crucial role in protecting against phishing and other cyber attacks. It is essential that they adequately inform citizens about the operation of the vote-by-mail system, offering information campaigns so that citizens are familiar with the necessary paperwork and procedures. In addition, they must implement robust security measures, such as risk analysis systems, to identify possible fraud and have security incident response plans in place to quickly mitigate any threat.
Both citizens and public administrations have shared responsibilities in protecting against phishing and other cyber attacks. Therefore, adopting proactive measures, such as education, the implementation of robust security systems and a rapid response to incidents, are the guarantors of integrity and trust in the electoral process. Cybersecurity must be a priority at all stages of the electoral process, and only through collaboration between citizens and public administrations will we be able to effectively mitigate the risks of phishing and protect our democracy.
