The International Symposium on Human Aspects of Information Security & Assurance, 2008
18 Pages Posted: 23 Aug 2009 Last revised: 13 Jul 2014
Date Written: July 1, 2008
Internet based donations to political candidates are now a vital part of any successful campaign. Tens of millions of dollars are raised online each year, primarily in sub one hundred dollar amounts from individuals around the country. Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is OK to click the 'donate' button on an unsolicited email that arrives from a candidate. While not yet a major problem, fraudulent websites that masquerade as genuine campaign sites aiming to defraud donors are a significant threat on the not-so-distant horizon. These political phishing sites are easy to create, and extremely difficult for users to detect as not authentic. In this paper, we discuss threats against online campaign donation systems, and the unique factors which make this type of online commerce particularly vulnerable to fraud based attacks. We explore the threat that phishing attacks utilizing typo squatting and cousin domain names could pose to the 2008 presidential election. Finally, we propose a realistic and cost-effective solution to the problem.
Suggested Citation: Suggested Citation
Friedrichs, Oliver and Jakobsson, Markus and Soghoian, Christopher, The Threat of Political Phishing (July 1, 2008). The International Symposium on Human Aspects of Information Security & Assurance, 2008. Available at SSRN: https://ssrn.com/abstract=1459790 or http://dx.doi.org/10.2139/ssrn.1459790