Modern field guide to security and privacy

The election is over but spammers aren't conceding

During the presidential campaign, experts spotted an explosion in malicious email spam attempting to trick recipients into downloading harmful files or revealing personal data. And the spammers aren't going away.

|
Mike Segar/Reuters
President-elect Donald Trump with as Vice President-elect Mike Pence at their election night rally in Manhattan.

The subject lines were enticing: "Trump – I uncovered a secret" or "Has Trump gone too far? The shocking statement you won't see on the news."

Political emails with click-bait subject lines overloaded inboxes during the contentious presidential campaign – and many were too irresistible not to open. But all too often, messages were full of fake news and contained ploys designed to infect recipients' computers with harmful software or steal personal and financial information.

And while the campaigns have ended, the spammers haven't quit. Amid protests following Republican Donald Trump's victory, and much of the ongoing internet uproar over the election, cybersecurity experts continue to spot malicious email messages that promise to reveal "the 'shocking' truth about election rigging in the United States" or, erroneously, assert "elections outcome could be revised."

Digital fraudsters and foreign hackers played a big part in driving the conversation about both Mr. Trump and his opponent Hillary Clinton ahead of Election Day, from leaking stolen Democratic National Committee emails to spreading fake news. And while much of this played out on social media and the broader internet, attackers also targeted inboxes with an uptick in email assaults known as "phishing" campaigns.

"They really took advantage of people's interest in current events," said Steven Adair, founder of the cybersecurity firm Volexity. "This one being such a polarizing, interesting, tip-of-the tongue thing meant it was something that people would definitely take a look at."

In a report last week, Volexity said it discovered a previously known spam operation targeting nonprofits, think tanks, and other high-value targets with political phishing campaigns in the days after the election. Mr. Adair said that the group behind those attacks has been active for some time, but its efforts after the election has been much more widespread than previous spam campaigns.

Since Trump was an incredibly popular – and polarizing – news topic and the subject of countless articles, Facebook posts, and tweets, he was the obvious choice for the subject of spam emails during the campaign, said experts.

In fact, most of the spam that researchers detected during the campaign involved Trump, according to analysis from the cybersecurity firm Proofpoint. But as Election Day approached, many spammers began including both Trump and Mrs. Clinton in emails. In one, for instance, Proofpoint researchers said the message asked recipients to sign into Gmail accounts on a malicious site, which would allow the spammers to collect their login credentials.

"The most important thing to remember is that cybercriminals follow the money," said Patrick Wheeler, the director of product marketing at Proofpoint. "To do this, to try to trick people, they're going to use the lures that are most likely to get a potential victim to read an email, click a link, or download an app."

Spam is always most effective when it's timely, said Shalabh Mohan, the vice president of products and marketing at Area 1 Security, a cybersecurity firm, which spotted an uptick in phishing immediately after Election Day with subject lines referencing "election rigging," "elections fraud," and other post-election lures with similar themes.

"With any of these phishing attacks, the lure typically is something that is topical and of interest to the end user. What we find consistently across our network is elements that speak to what's happening at that given point of time, what’s in the zeitgeist," he said. "When it was the Olympics we saw a whole host of messages with that as bait, when it was March Madness we saw a whole host of messages with that as bait. So with elections, it was just natural for that to happen."

Cybersecurity experts say the public should be wary of political emails – or any messages for that matter – that promise to reveal salacious details, encourage recipients to click links, ask for personal information, or come from unknown sources. And, they say, never download suspicious files.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to The election is over but spammers aren't conceding
Read this article in
https://www.csmonitor.com/World/Passcode/2016/1114/The-election-is-over-but-spammers-aren-t-conceding
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe