November 14, 2016
During the presidential campaign, experts spotted an explosion in malicious email spam attempting to trick recipients into downloading harmful files or revealing personal data. And the spammers aren't going away.
The subject lines were enticing: "Trump – I uncovered a secret" or "Has Trump gone too far? The shocking statement you won't see on the news."
Political emails with click-bait subject lines overloaded inboxes during the contentious presidential campaign – and many were too irresistible not to open. But all too often, messages were full of fake news and contained ploys designed to infect recipients' computers with harmful software or steal personal and financial information.
And while the campaigns have ended, the spammers haven't quit. Amid protests following Republican Donald Trump's victory, and much of the ongoing internet uproar over the election, cybersecurity experts continue to spot malicious email messages that promise to reveal "the 'shocking' truth about election rigging in the United States" or, erroneously, assert "elections outcome could be revised."
Digital fraudsters and foreign hackers played a big part in driving the conversation about both Mr. Trump and his opponent Hillary Clinton ahead of Election Day, from leaking stolen Democratic National Committee emails to spreading fake news. And while much of this played out on social media and the broader internet, attackers also targeted inboxes with an uptick in email assaults known as "phishing" campaigns.
"They really took advantage of people's interest in current events," said Steven Adair, founder of the cybersecurity firm Volexity. "This one being such a polarizing, interesting, tip-of-the tongue thing meant it was something that people would definitely take a look at."
In a report last week, Volexity said it discovered a previously known spam operation targeting nonprofits, think tanks, and other high-value targets with political phishing campaigns in the days after the election. Mr. Adair said that the group behind those attacks has been active for some time, but its efforts after the election has been much more widespread than previous spam campaigns.
Since Trump was an incredibly popular – and polarizing – news topic and the subject of countless articles, Facebook posts, and tweets, he was the obvious choice for the subject of spam emails during the campaign, said experts.
In fact, most of the spam that researchers detected during the campaign involved Trump, according to analysis from the cybersecurity firm Proofpoint. But as Election Day approached, many spammers began including both Trump and Mrs. Clinton in emails. In one, for instance, Proofpoint researchers said the message asked recipients to sign into Gmail accounts on a malicious site, which would allow the spammers to collect their login credentials.
"The most important thing to remember is that cybercriminals follow the money," said Patrick Wheeler, the director of product marketing at Proofpoint. "To do this, to try to trick people, they're going to use the lures that are most likely to get a potential victim to read an email, click a link, or download an app."
Spam is always most effective when it's timely, said Shalabh Mohan, the vice president of products and marketing at Area 1 Security, a cybersecurity firm, which spotted an uptick in phishing immediately after Election Day with subject lines referencing "election rigging," "elections fraud," and other post-election lures with similar themes.
"With any of these phishing attacks, the lure typically is something that is topical and of interest to the end user. What we find consistently across our network is elements that speak to what's happening at that given point of time, what’s in the zeitgeist," he said. "When it was the Olympics we saw a whole host of messages with that as bait, when it was March Madness we saw a whole host of messages with that as bait. So with elections, it was just natural for that to happen."
Cybersecurity experts say the public should be wary of political emails – or any messages for that matter – that promise to reveal salacious details, encourage recipients to click links, ask for personal information, or come from unknown sources. And, they say, never download suspicious files.