Phishing campaigns and malicious websites impersonating the Trump campaign

September 28, 2020

According to a Mimecast report, businesses now face growing risk from phishing email attacks that prey on people’s political opinions, mirroring the COVID-19 cybercrime surge that preyed on fear.

Cybercriminals are now working to leverage those political brands to attack U.S. organizations and their employees. Mimecast Threat Intelligence researchers have begun discovering new website registrations, for example, for Donald Trump but with the “n” in Donald replaced with an “ñ”—a Spanish character more associated with aged tequila (i.e., añejo) than with politics. That one-letter difference is almost undetectable unless you’re paying extremely close attention, says the report.

"Researchers have also discovered phishing email scams that lead to pages like the example shown below, asking Trump supporters to donate to Black Lives Matter. While that may be confusing — Trump and BLM are in opposition —t he fact is that any donated money would go to the cybercriminals behind the phishing scam, not the Trump campaign or BLM. And those cybercriminals would also obtain the victim’s credit card number and other personally identifiable information (PII). Moreover, the political brand — in this example, Trump — also becomes a victim because the money being siphoned off by cybercriminals was intended to support their political cause," says the report.

“It’s no surprise at all to see cybercriminals using the U.S. election as an opportunity to scam the public,” said Dr. Kiri Addison, Head of Data Science for Threat Intelligence & Overwatch, Mimecast. “We often see traditional, and already-known, attack methodologies modified to exploit current events that are taking place in an attempt to lure the vulnerable to provide personal details.”

Other examples include an abundance of brand impersonation sites offering free political items, from Trump flags to “Keep America Great Again” hats. “By offering something free, cybercriminals know that it’s likely unsuspecting victims will provide their personal details. If a criminal gets hold of your personal information, they can use it to impersonate you or even sell it on the dark web,” said Dr. Addison. “With many Americans, and people from other countries, invested in the American election and the Trump campaign, these scams have the potential to cause real damage. It’s important to understand that if something looks too good to be true, then it probably is.”

"The COVID-19 pandemic has made it even more important than ever to be vigilant, as according to our recent report, coronavirus has led to a 33% rise in opportunistic cybercrime. Despite continued warnings, our recent research found that 50% of people still open email attachments from unknown sources, which shows why cybercriminals continue using these methods. It is better to be safe than sorry and it is always possible to check the validity of an email from an official organization,” Dr. Addison added.

It’s important for every business’ cybersecurity professionals to help make employees aware of the risk posed by politically branded phishing emails from now through the November 2020 election—and beyond, depending on what happens immediately post-election, concludes the report.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.