Trump wins by wide margin as top lure for spam campaigns
Attackers hit pay dirt when sending email that uses GOP candidate’s name
By Byron Acohido, ThirdCertainty
The poll results are in from elite spam gangs as to which presidential candidate they view as the top attraction to get consumers to open annoying—and potentially malicious—email.
And the winner, by a landslide … Donald Trump.
Researchers at messaging security vendor Proofpoint have been tracking election-themed email spam that ranges from promotions for sketchy products and services to outright phishing scams designed to steal account user names and passwords.
Related video: Identity theft is a fact of life
Republican Trump is, by far, spammers’ go-to pitchman appearing in 169 times as many suspect emails as Democratic candidate Hillary Clinton.
“This is a contentious election, so we expected high volumes of election-related spam as threat actors capitalize on public attention,” says Patrick Wheeler, Proofpoint’s director of threat intelligence. “What we didn’t expect was the very lopsided use of lures related to a single candidate.”
Proofpoint scanned subject lines in spam messages detected across its customer base in June and July. Overall, Trump appeared 270 times more often in June than Clinton alone, and 34 times as often as either Clinton or both candidates. There were two particularly large campaigns in June featuring Trump-related lures.
The trend also was noticeable in July when Trump-themed lures appeared 67 times more often than Clinton-themed lures. Across both months, Trump-themed lures were almost 170 times as common as those featuring only Clinton and 33 times as common as lures featuring both candidates, Wheeler says.
Setting the bait
The Trump spam followed two general themes:
- Surprising election news by or about Trump: These usually had a fake sending alias of a major news organization like CNN or Fox News. Names and sometimes branding for both liberal and conservative news outlets were used in these lures.
- “Get rich / smart like Trump”: These sometimes included subtitles such as “Wall Street is outraged” and similar messages with fake sending aliases that appeared to come from consumer finance publications like CNN Money.
Proofpoint also observed phishing email crafted to entice recipients to log into Gmail to “verify their identity” to participate in a voter poll. However, election-related phishing campaigns, so far, have been the exception. More common are promotions for work-from-home schemes and similar marketing pitches, Wheeler reports.
Historically, spikes and shifts in spam campaigns have followed a predictable pattern. Spammers typically stay prepared to pounce on a big news event, such as the death of a celebrity, major holidays, big sporting events or catastrophic weather events.
Botnets carry out dirty work
As the news hits headlines and airwaves, massive waves of spam gush forth. This is made possible by botnets, hundreds of thousands of infected home and workplace PCs controlled by a single operator. Use of the botnets for spamming purposes is typically under a lease arrangement to spamming specialists, who handle marketing collateral and online sales.
Garden-variety spam usually hits in the initial wave of spam tied to a news event. They can include pitches for noncertified pharmaceutical drugs, herbal remedies, replica designer goods, worthless anti-virus subscriptions, and various get-rich-quick schemes.
If the news event has shelf life—as the presidential election certainly does—crime gangs who specialize in spreading malicious software in order to infect, and take full control of, victims’ machines usually come looking to lease spamming botnets.
For instance, immediately after the death of Michael Jackson in 2009, the Waledac gang began deploying thousands of bots to spam out millions of emails with web links purportedly leading to news about Jackson. But the links actually redirected recipients to websites affiliated with GlavMed that sold sexual-performance drugs and painkillers.
A few hours later, another major botnet gang, known as Rustock, also blasted out Jackson-themed spam for GlavMed’s online shopping sites.
Then, about a week after Jackson’s death, criminals out to steal sensitive data and hijack online financial accounts began to move in. A major botnet gang called Pushdo launched a large-scale spamming campaign with enticing messages including: “Who killed Michael Jackson? Visit X-Files to see the answer.” A web link followed.
Clicking on it triggered what’s known as a “drive-by download.” The attacking bot scanned for security holes in popular applications such as Internet Explorer, QuickTime and Adobe Acrobat Reader. Upon finding one, it swiftly took deep control of the recipient’s machine.
Not over yet
No one should be surprised if a similar acceleration to more damaging Trump-themed spam ramps up heading into the November election.
“Regardless of the specific subjects and lures spam actors use, individuals and organizations need to exercise particular caution in opening and interacting with election-related mail they receive,” Wheeler advises. “ Many of these messages are merely annoying. But others can be malicious, relying on our curiosity about the elections to lead us to phishing pages, compromised websites and more.”
More election and spam related stories:
What you should know about battling botnets
Novel raises question of whether election could be hacked
How hackers could influence the presidential election