The UK government’s voter registration website is causing confusion again, according to Ax Sharma at BleepingComputer. The site, hosted at a “.com” address, often makes users wonder if they’re being scammed.
“Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if these have changed,” Sharma says. “To do so, residents are asked to visit HouseholdResponse.com, a domain that looks anything but official and has too often confused people, who mistake it for a scam. What's worse is, failure to respond to this notice by visiting the website can, at least in theory, lead to a criminal penalty—a fine of up to £1,000, according to the Electoral Commission website. This can spark a sense of urgency and anxiety among people, and is a weakness that scammers could exploit.”
The legitimate notices “state the name and address of the resident who may be eligible to vote, along with a 2-part security code that needs to be entered on the Household Response website for authentication.”
“Governments around the world frequently contract third-party software vendors to provide web portals and domains for their services—such as for collecting parking fines,” Sharma writes. “But, too often, the choice of non-government domains can make a web portal hard to distinguish from illicit websites set up by threat actors. When receiving correspondence via text, email, or postal mail that claims to be from the government, first ensure that the website or the phone number you are being directed to is endorsed by your local government authorities or council by visiting the council's official website directly.”
New-school security awareness training can give your employees a healthy sense of suspicion so they can verify whether something is a scam.