(Credit: Selcuk Acar/Anadolu via Getty Images)
A new forecast from security firm Check Point features renewed concerns about familiar election threats ahead of the midterms: phishing, impersonation, influence activity, AI-enabled content abuse, and opportunistic disruption.
Those attack techniques have persisted because they work with little effort from the attacker. As author Danielle Hess observes: “The current threat environment favors operations that are inexpensive, scalable, and capable of producing outsized political or psychological impact.”
These risks fall into two categories: those for individual users and those for populations at large. The former–mostly phishing emails targeted with information gathered from data breaches–should not involve much work to stop. Multi-factor authentication makes phishing attacks harder to pull off; upgrading to passkey authentication should make them impossible, and neither is a recent advance. Yet here we are, with the hack of FBI Director Kash Patel’s personal Gmail account barely weeks out of the headlines.
“We're giving very similar advice, but it’s always due to a new event,” said Aaron Rose, security architect manager at Check Point, in a conversation during a conference that the Tel Aviv-headquartered firm hosted in Washington last week. “In this moment, it's specifically around election security.”
Rose noted that compromises of credentials at partisan sites could power precisely targeted spear-phishing attacks against people of interest. The report highlights breaches of about 9,500 at the Democratic fundraising platform ActBlue and 6,500 at the Republican platform WinRed.
"Hey Aaron, we thank you for all of these contributions,” Rose imagined one opening line. “Unfortunately, your most recent payment was declined.”
If the target was foolish enough to reuse passwords, credential thefts like these could enable the compromise of more important accounts.
“Overall, the most significant 2026 risks center on the trusted accounts, platforms, services, and information channels that election-related organizations rely on to operate and maintain public trust, with election-adjacent systems presenting the more immediate source of operational exposure,” the report warns.
Ransomware and DDoS (distributed denial of service) attacks could also help take some of those resources offline at important moments. But the report does not assess “widespread destructive activity against vote counting or election result processing.”
That's because voting in the US generally involves an auditable paper trail, with hand-marked ballots counted on offline machines. It is not an efficient system, as I’ve learned from being a poll worker since 2020, but that inefficiency makes it difficult to subvert at a workable scale.
The government’s Cybersecurity & Infrastructure Security Agency (CISA) devoted serious resources to election security in the 2020, 2022, and 2024 elections, but the Trump administration quickly disbanded CISA’s vote-integrity efforts and slashed its budget and workforce. Rose said CISA had done useful work, adding, “Perhaps we'll see a little more federal involvement in election security.”
Exploiting Social and Political Divisions
The balance of the Check Point report emphasizes the potential for influence operations to leave a wider wake in society and calls out attempts by three hostile countries: Russia, China, and Iran. While Check Point sees China dialing its efforts back slightly to focus on “understanding, amplifying, and exploiting existing social and political divisions,” its report accuses Russian operatives of working “to amplify distrust, deepen polarization, and increase narrative confusion during politically sensitive periods” and says Iranian actors have used multiple tactics to “create confusion and amplify distrust surrounding election activity.”
The report notes that AI eases this subversive work; as Rose observed, "Anybody can create fake content."
It does not, however, name two of the louder voices undermining trust in American elections: Elon Musk and President Trump. The billionaire owner of X regularly posts evidence-free accusations of vast amounts of illegal voting, while the president Musk helped put back in office keeps lying that he won the 2020 election that multiple audits have confirmed he lost.
Asked about that, Rose said information campaigns can inflict more damage than attacks on physical infrastructure. “It's eroding the trust that people have in the system,” he said. “If you want to attack a country, go after its foundations.” But he declined an invitation to assess Trump’s own statements: “Can't comment on him directly.”