Why would someone hack a Sioux Falls mayoral candidate's accounts?
Sioux Falls mayoral candidate Jolene Loetscher has filed a criminal complaint that's currently under investigation by the Minnehaha County Sheriff's Office and the South Division of Criminal Investigation.
She said she's been getting hacked for months, but it just got personal.
Rob Honomichl, an instructor at Dakota State University's Beacom College of Computer and Cybersciences said, it used to be really easy to distinguish a phishing email by poor grammar and misspellings, but now, hackers have upped their game.
"They're [the emails are] clean and they're coming from people's accounts that are legitimate," Honomichl said.
Loetscher said her campaign email, social media and even bank accounts were compromised. She said it was obvious because the email server had alerted her to repeated attempts to log in, her social media had posts deleted and someone had repeatedly attempted to get into her bank account with the wrong password.
"On the bank accounts, it was clearly an attempt to put in passwords and lock us out," Loetscher said.
Honomichl said it's very plausible a candidate running for elected office could accidentally open what's called a "spearphishing" email. It's a phishing attempted tailored to you by tricking you into supplying your own information on a website that looks legitimate and not realizing the site is untrustworthy.
"I had one example where I got what looked like an Apple receipt and it went to a different account then what I had my Apple ID on," Honomichl said. "When you clicked on the link, it took me to what looked like a Wells Fargo login, so if I had typed in my Wells Fargo login, it would've been compromised."
And election hacking isn't new.
"You look at different organizations where not just one person is running the account," Honomichl said.
"[You get an email, 'So and so has shared this Google Doc with you, click here to look at it.' They click on it, they log in with that Google Account, it pushes them through it," Honomichl said. "And now they [the hackers] have that Google log in and password."
But what is someone looking for when hacking an account of someone running for office?
"I think, anything they can find right?" I mean, anything is an advantage," Honomichl said.
Honomichl said because most people use the same password for several accounts, a successful "spearphishing" attempt opens up the opportunity for the hacker to get into multiple accounts. He recommends changing your passwords frequently and using one that's longer than 16 characters because they're harder to guess.
Honomichl also recommends checking whether your accounts or passwords are targets of a hack. He checks his on "Have I Been Pwned."
We've put a link to the site under "Related Links." "Have I Been Pwned" allows you to see which websites you've logged into with your email account that have been compromised and lets you see how often your passwords have been hacked.