Start of Presidential Campaign Season Spawns New Online Fraud

    August 4, 2004

Surfcontrol Warns Voters Against “Political Phishing” Scam that Seeks to Defraud Contributors to John Kerry

The start of the presidential campaign election season has given rise to a new form of online fraud and SurfControl (London:SRF), the world leader in enterprise Web and e-mail filtering, today warned computer users to beware of e-mails and Web sites that appear to be soliciting campaign contributions but are actually vehicles for the theft of confidential data.

Only three days after the close of the Democratic National Convention, SurfControl’s global content team uncovered two new e-mail scams soliciting campaign contributions for the Kerry-Edwards Campaign. Both emails carried the subject line: “President John Kerry, please vote and contribute.”

The e-mails appeared to be from the John Kerry for President campaign, but SurfControl’s team found that the online solicitation carried many of the characteristics of common “phishing” attacks. Unsuspecting recipients receiving the e-mail would click through to a Web site accepting “donations.”

– The online donation forms were hosted at suspicious URLs. In this case, the donation links take users to, a site registered in India, and, a site registered to an individual in New Braunfels, Texas.

– The donation links are no longer active. This is common among phishing attacks, as many fraudulent sites will switch between hosts to avoid detection.

– The solicitations aim to confuse potential victims and include graphic images consistent with the legitimate Website.

“These Web sites are gone already, but we expect to see a lot more of this electronic election fraud,” said Susan Larson, vice president of global content at SurfControl. “Phishers and other scam artists are masters of leveraging timely events to exploit the unwary. People excited by a new candidate are more likely to volunteer confidential information like e-mail addresses and credit card numbers. These are increasingly sophisticated crimes that require a sophisticated defense.”

Larson said voters should exercise a healthy dose of skepticism and a little scrutiny when receiving solicitations, and become familiar with federal campaign laws that say neither candidate may raise or spend private campaign contributions after accepting their party’s nomination. In this case, since the e-mail was dated August 1 after the close of the Democratic convention, recipients familiar with the law would suspect a fake. Also, people should examine precisely who is sending the solicitation in the “from” line of the e-mail. If you suspect a fraud, contact the campaign directly at

Phishing involves a spammer sending fraudulent e-mail that purports to be from a trusted company, like PayPal. The fraudster poses as a customer service or security official and directs the recipient to a phony Web site where confidential information is requested, such as a Social Security number.

The Kerry-Edwards campaign is in good company. Recent phishing attacks have spoofed popular finance and e-commerce sites, as well as the FBI, the FDIC and a branch of the U.S. Treasury Department. SurfControl suggests that companies take the following steps to help protect employees from phishing:

– Educate users that under no circumstances should they volunteer confidential information in response to an unsolicited e-mail. If they are worried that the message may be legitimate, advise them to contact the company or organization directly.

– Advise users to never follow any link in an unsolicited or suspicious e-mail. The simple visit to a Web site could trigger multiple IT threats, including viruses or even a Trojan horse program allowing the spammer to control the computer remotely.

– Have a clear Acceptable Use Policy, which thoroughly expresses the organization’s position on what kind of Web content is acceptable in the workplace.

– Ensure that all anti-virus and operating system software is up to date.

– Monitor Internet and spam security resources, such as SurfControl’s Network Risk alerts.