Phishing for election donations

A few days ago, the presidential candidates announced how much they raised in third-quarter donations.

The numbers, as expected, were pretty spectacular. Democratic Sen. Hillary Clinton raised some $27 million, while GOP front-runner Rudy Giuliani banked nearly $10 million.

So how does this all relate to information security? Well, it's pretty simple really. Thieves follow the money - and there obviously is quite the cash cow to exploit in the political fund-raising world, especially considering the internet is the primary outlet for small donators wanting to contribute.

Indiana University Professor Markus Jakobsson and his talented grad student Christopher Soghoian lay out the risk in a new white paper "The Threat of Political Phishing."

The pair argue in the 13-page report that this security threat should only grow as fraudsters (easily) create phishing websites that appear like the real thing. Also, detecting if you've been scammed is more difficult when giving to a candidate than, say, buying merchandise from an online retailer because you are not expecting to receive anything with a political donataion.

But what's most interesting, according to the white paper, is that perhaps the candidates themselves are the source of the problem.

"Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is OK to click the 'donate' button on an unsolicited email that arrives from a candidate," the white paper says.

Soghoian and Jakobsson have a lot of interesting thoughts in the white paper. It's a good read, if for no other reason than to hear again how our public leaders largely are out of touch with IT security best practices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.