Threat Intelligence

    More than Meddling: Phishing Email Scams Exploit Political Brands

    Businesses now face growing risk from phishing email attacks that prey on people’s political opinions, mirroring the COVID-19 cybercrime surge that preyed on fear. 

    by Mike Azzara

    Key Points

    • Cybercriminals’ two favorite techniques are to exploit popular brands and current events relevant to large masses of people.
    • Those two fronts are colliding in the November 2020 U.S. election, creating a potential perfect storm for phishing email attacks.
    • Enterprise cybersecurity professionals should warn their employees to beware of politically motivated email offers.

    The prospect of foreign cybercriminals working to influence the outcome of the U.S. presidential election remains top-of-mind for many Americans. But the election season brings with it a nitty-grittier challenge for Americans and American businesses: email phishing attacks that exploit political brands in a more mundane—but still dangerous—effort to deploy malware or defraud a politician’s supporters.

    Cybercriminals have always leveraged current events to scam unsuspecting employees into clicking on links that deploy malware or lead to websites that try to steal personal credentials. During the first 100 days of the COVID-19 pandemic, Mimecast’s Threat Intelligence researchers observed a 33.5% increase in overall malicious activity, a 234% rise in registration of coronavirus-related website domains and subdomains, and—perhaps most dangerous—a 55% jump in the number of clicks on dangerous links in emails.

    With the 2020 election bringing polarized political positions to the fore and Americans’ emotions running hot, cybercriminals have again gone on the offensive.

    No Matter Your Politics, Phishing Emails Can Hurt You & Your Organization

    Keeping brands safe is a whole new game in the digital marketing era, and political brands like Donald Trump and Joe Biden are not exceptions. Cybercriminals’ strategy in leveraging known brands is to exploit the trust that loyal brand customers have developed in order to dupe them into giving up credentials, or deploying malware that can help such bad actors break into a corporate network.

    The more “of the moment” a brand, the likelier people are to click: During the early days of the COVID-19 pandemic, Netflix, Disney+, Amazon Prime Video and YouTube TV were among the most exploited brands because cybercriminals knew people were staying home more and watching more TV. Now, Americans are paying attention to the November election.

    While some cybercriminals are attempting to break into Trump and Biden campaign systems, others are working to leverage those political brands to attack U.S. organizations and their employees. Mimecast Threat Intelligence researchers have begun discovering new website registrations, for example, for Donald Trump but with the “n” in Donald replaced with an “ñ”—a Spanish character more associated with aged tequila (i.e., añejo) than with politics. That one-letter difference is almost undetectable unless you’re paying extremely close attention. Researchers have also discovered phishing email scams that lead to pages like the example shown below, asking Trump supporters to donate to Black Lives Matter. While that may be confusing—Trump and BLM are in opposition—the fact is that any donated money would go to the cybercriminals behind the phishing scam, not the Trump campaign or BLM. And those cybercriminals would also obtain the victim’s credit card number and other personally identifiable information (PII).




    Moreover, the political brand—in this example, Trump—also becomes a victim because the money being siphoned off by cybercriminals was intended to support their political cause.

    Free Flags & Hats with Political Slogans “Too Good to Be True”

    “It’s no surprise at all to see cybercriminals using the U.S. election as an opportunity to scam the public,” said Dr. Kiri Addison, Head of Data Science for Threat Intelligence & Overwatch, Mimecast. “We often see traditional, and already-known, attack methodologies modified to exploit current events that are taking place in an attempt to lure the vulnerable to provide personal details.”

    Other examples include an abundance of brand impersonation sites offering free political items, from Trump flags to “Keep America Great Again” hats, as shown in the two examples below. “By offering something free, cybercriminals know that it’s likely unsuspecting victims will provide their personal details,” said Dr. Addison. “With many Americans, and people from other countries, invested in the American election and the Trump campaign, these scams have the potential to cause real damage. It’s important to understand that if something looks too good to be true, then it probably is.”




    The Bottom Line

    Cybercriminals’ go-to approach is to exploit the brands that are making the most news—right in the “now”—to produce phishing email attacks that can more easily trick people into giving up credentials or money or other valuable information. It’s important for every business’ cybersecurity professionals to help make employees aware of the risk posed by politically branded phishing emails from now through the November 2020 election—and beyond, depending on what happens immediately post-election.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page