President Donald Trump and Senator Bernie Sanders are the lead subjects among political-themed malware traps set by cybercriminals, both in spam emails and misleading web domains.
Researchers from security firm Proofpoint (via ThreatPost) tracked which 2020 political candidates' brands are used the most by malicious actors since the start of this year. They found an obvious correlation between the prominence of each candidate and the amount of suspicious clickbait surrounding their names.
- Protect your tech with the best antivirus software now
- Breaking: T-Mobile customers hit by data breach
The researchers have monitored the volume of politically-themed Unsolicited Commercial Email (UCE), or illicit junk mail from shady sources, since 2016. They began exploring ties to brand popularity, but what they’ve seen during the 2020 primary season highlights the clear choice by cybercriminals to bait victims with the biggest names of election season.
Trump was the most-used subject of UCE from January and February 2020. Political UCE used his likeness 68% of the time. Bernie Sanders’ name followed with 8%.
Proofpoint did not disclose what kind of harm the UCE can cause in the report. The company simply refers to them as lures, but it’s reasonable to believe the messages creating phishing or malware traps in which unlucky users provide personal credentials or install hostile software.
The firm also provided data it found about suspicious web domain registrations tied to the names of presidential candidates. Fraudulent sites with “Trump” in the URL made up about half of the total domains analyzed. As with UCE, “Sanders” followed Trump and made up about a third.
Again, there’s no color as to what harm these shady sites can cause, but we’d bet it’s not pretty. Cybercriminals tend to have a good pulse on what current events make good clickbait, and there’s no reason they wouldn’t use that for personal gain.
If your inbox is littered with political candidate spam, it’s best to block the sender and trash the message. You can usually recognize if an email is bogus from the sender address. Look for typos, weird letter combinations — pretty much anything unofficial.
And if still you’re unsure, don't click. Whatever information you need about candidate’s policies or latest news can be found on their verified campaign sites and social media.