Cybersecurity experts in 2008 warned that phishers' next target could be online political contributions.
Online contributions have become a major funding source for political campaigns. Late last year, for example, Republican presidential candidate Ron Paul raised a record $4.3 million online in just one day. Each of the race's top contenders—Barack Obama, Hillary Clinton, John McCain, and Mitt Romney— solicit online donations from web savvy contributors.
The trend, however, has led researchers to consider donors' vulnerability to phishing. The finding: they are highly vulnerable, although there is no evidence phishers have taken advantage of this opportunity yet.
According to one political phishing researcher Chris Soghoian of CNET.com, online contributions are susceptible to fraud because campaigns don't even acknowledge the danger, let alone take steps to prevent it.
Soghoian says there are four primary reasons online political donors make good marks.
- There is no consistent domain naming scheme across campaigns. "[U]sers have no way of knowing if they should go to Hillaryclinton.com or Hillary.com ,Rudygiuliani.com or Joinrudy2008.com ," writes Soghoian. If Hillary.com was a fradulent Web address, its operator, not the Clinton campaign, would receive money from victim "donors." (Fake domain names mimicking real domain names are known as typo domain names.)
- Politicians are not bound by anti-spamming laws. Unlike retailers, politicians can send out thousands of unsolicited emails.
- Politicians encourage users to donate to their campaigns by clicking on links within emails. "While online banks have gone to great lengths to educate their users about the dangers of clicking on links in e-mails," Soghoian writes, "the campaigns all encourage this dangerous behavior.
- The nature of online contributions makes it harder to discover fraud occurred. If a customer buys a product from Amazon.com, he or she would become suspicious when the package never arrived. After a call to Amazon.com to see what's taking so long, the customer would discover something shady happened. Because an online contributor doesn't expect a physical product to show up at their doorstep, it's easier for the fraud to go undetected for longer periods of time.
(Click here to continue reading "The Potential Dangers of Online Contributions," from January 2008)
photo by Rusty Darbonne/flickr