A new click trick highlights a top threat to election infrastructure. Learn the warning signs, and then take a fresh approach to planning for disruptions. ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
View in browser
ESX News Header

April 15, 2026

TLP:CLEAR

In This Issue:

  • Situation Room: A cyberattack is tricking users into installing malware themselves. Here’s what you need to know before it shows up.
  • Resource Library: Phishing is still a common way to become compromised. Phishing Threats: Essentials for Safeguarding Election Infrastructure provides the warning signs and habits to stop it.
  • Planning Desk: When an incident hits, improvising shouldn’t be the plan. This week’s step builds toward developing a response plan that can be applied to any disruption your office might face.
Header text: Situation Room

The "Fix This Now" Trick That Could Compromise Your Office

 

ClickFix is a social engineering technique that is catching even cautious users off guard. Unlike a traditional phishing attack, where the target clicks a malicious link or opens a dangerous attachment, ClickFix works by convincing the victim to do the damage themselves by following what appear to be completely reasonable instructions to fix a problem on their computer.

 

Here is how it works: 

  1. You visit a website, click a link in an email, or land on a page that suddenly displays what looks like a familiar error message from your browser or operating system. 
  2. The message says something has gone wrong and offers a simple fix: Just copy a command and paste it into a box on your computer, then press Enter. 
  3. If you do, malicious ... READ MORE HERE. 

 

The Situation Room focuses on real security incidents and threats in the news relevant to election security. To review previous issues, see the newsletter archive.

Header text: Resource Library

Safeguarding Against Phishing Threats

 

Phishing Threats: Essentials for Safeguarding Election Infrastructure is a guide produced by the Election Security Exchange that highlights key warning signs and offers practical steps to mitigate the threat posed by phishing and other commonly used cyber attack techniques. 

 

The guide urges awareness, caution, and simple habits that can significantly reduce the risk of election officials falling prey to common phishing attacks. It covers:

    • Common phishing methods with variations that attackers are using to gain access.
    • Recognizing red flags to look for in a phishing email, such as an unknown sender or a generic greeting.
    • Methods to mitigate risk of falling victim to a phishing attempt. 

    Consider distributing the guide to your staff, or, if you’re a state official, to your local jurisdictions. Following up with a test phishing campaign can be a good way to assess whether staff and local officials are improving their ability to spot phishing attempts before taking the bait.

     

    Additional Resources

    • For an in-depth review of preventive actions election officials can take to mitigate the threat posed by phishing, see CISA’s Actions to Counter Email-Based Attacks on Election Related Entities.
    • To explore how Artificial Intelligence is changing the phishing landscape in real time, see the National Cybersecurity Alliance’s interactive web-based tool AI and the Future of Phishing.

    The Resource Library section of the newsletter spotlights election security resources. All highlighted resources are available online in the Resource Library.

    Header text: Planning Desk

    Week E-29: Respond Smarter with All-Hazards Planning  

     

    Election security and resilience demands preparedness, and that includes understanding your responsibilities during an incident and taking action with confidence. Having an Incident Response Plan that defines those roles and steps can significantly limit the damage of and improve your recovery from a cyber, operational, or physical incident.

     

    The incident response process boils down to four phases:

      1. Preparation: Have a plan in place. Define who is in charge, and identify roles and responsibilities. No one can build an effective response plan in the middle of an emergency.

      2. Detection and Analysis: Determine if an incident has occurred and what type (cyber, operational, or physical), and assess its ability to impact your operations.

      3. Containment, Eradication, and Recovery: Stop the effects to prevent further damage, understand what caused the incident, clean up the cause, and then restore functions. While incredibly important for cyber events, this can apply to operational and physical events as well.
      4. Post-Incident Activity: Improve security with a lessons-learned review after full recovery from an incident.

      In the coming weeks, we’ll break down these phases into manageable, easy-to-understand steps. Today is the first step: 

       

      Rethink your approach to incident response planning.

       

      Your plan should explain how to handle any kind of emergency, no matter what causes it. However, instead of being overwhelmed with creating a different set of steps for every possible incident, take the all-hazards approach. It prepares you to deal with ... READ MORE HERE.

       

      The Planning Desk is a running timeline of key election security tasks. You can find prior editions in the newsletter archive.

      Header text: Election Security News

      We include news on cyber, operational, and physical security alongside election-specific headlines because potential risks to elections often emerge from trends shaping the broader security landscape, and we’d rather you see them coming.

      • How a Russian propaganda unit is targeting Hungary's elections | Euronews (April 10, 2026) // International
      • Orban's opponents targeted by AI-driven disinformation ahead of Hungary's elections | France 24 (April 10, 2026) // International
      • Preparing for the Real Risks of Election Interference | Governing (April 9, 2026) // National
      • Survey Finds Election Officials Remain Concerned About Safety, Lack of Government Support | Brennan Center for Justice (April 14, 2026) // National
      • Winona County cyberattack is part of a trend as local governments are increasingly targeted | MPR News (April 9, 2026) // Minnesota

      Want to get daily updates on election news? Subscribe to electionline.

       
      LinkedIn
      YouTube
      Email
      Website

      Copyright © 2026 Election Security Exchange. All rights reserved. TLP:CLEAR

       

      You are receiving this email because you subscribed to the Election Security Exchange Newsletter.

       

      Find this useful? Pass it along and invite other election teams to subscribe.
      Subscribe

      Election Security Exchange

      712 H Street NE, Suite 2456

      Washington, DC, 20002, United States

      Unsubscribe Manage Preferences