• by Ray Schultz , July 28, 2020

State and local election officials are unprepared for email phishing attacks as Election Day approaches, according to Phishing Election Administrators, a study by Area 1 Security. 

Of the administrators analyzed, 53.24% have rudimentary or non-standard security technologies in place. 

Another 18.14% have basic controls to prevent phishing. And only 18.61% have advanced anti-phishing controls. 

Perhaps worse, 5.42% rely on personal email accounts like Yahoo, Hotmail and AOL to operate, and some independently manage their own custom infrastructure that include versions of Exim targeted by cyber actors linked to the Russian military for interfering in past U.S. elections. 

Most state and local election administrators “are not very close to ensuring a safe election,” states Oren J. Falkowitz, co-founder of Area 1 Security. 

Falkowitz adds, “This challenge is going to be exacerbated the longer it takes for them to get the resources and expertise needed to make changes."

Area 1 urges election administrators to:

• End use of Exim email servers.
• Move to a cloud email infrastructure. 
• End use of personal email technologies for election duties.

Area 1 analyzed 10,000 U.S. state and local election administrators' email phishing vulnerabilities.