Beware of presidential phishing expeditions
- By William Jackson
- Aug 04, 2004
Just when you thought a political campaign couldn't get any worse, online crooks have come up with a new phishing scheme, soliciting contributions for an ersatz presidential campaign fund.
SurfControl Plc., British Web and e-mail filtering company,
has identified a pair of e-mail messages purporting to be from the John Kerry presidential campaign and asking recipients to 'please vote and contribute.'
Users who clicked through to a URL that appears to be 'www.johnkerry-edwards.org/contribute.htm' would find an official-looking site where they could enter credit card information.
'It is very legitimate looking,' said Susan Larson, vice president of global content at SurfControl.
SurfControl runs a center in Sydney, Australia, for evaluating e-mail content, gathering samples from a worldwide network of honeypot accounts. The pair of e-mails showed up Monday morning, Sydney time (Sunday evening on the U.S. West Coast). The phony sites, whose real URLs are registered in India and in New Braunfels, Texas, were out of service soon after the e-mails were discovered.
'These sites don't stay up very long,' Larson said. 'I can't say how widely spread it was, but we talked to the Kerry campaign that day and they had heard of it.'
Phishing is the use of phony e-mails to trick recipients into providing personal or financial information. Traditionally, the e-mails have counterfeited financial services sites or high-profile e-commerce sites such as eBay or PayPal. But in recent months they have branched out to include federal sites such as the FBI and Federal Deposit Insurance Corp.
Current events are now offering a new avenue. The Kerry campaign scheme takes advantage of recent publicity from the Democratic National Convention.
To add insult to injury, the Kerry campaign is not allowed to raise private money following the candidate's acceptance of the party's nomination last week.
The subject line for each e-mail was, 'President John Kerry, please vote and contribute.' The message in one purports to be from Kerry's brother, the other is a more general message saying 'just a few dollars can make the difference on election day.'
Neither phish has been repeated since the original Websites shut down, but repeat expeditions with new sites are common, Larson said.
As phishers become increasingly sophisticated in counterfeiting Websites and corporate logos in official-looking e-mail, the best defense against phishing is to never provide personal information in response to an unsolicited e-mail, Larson said.
William Jackson is a Maryland-based freelance writer.