Big Data

The junk mail campaign: spamming and phishing with Trump

Work at home! Make millions online! Big data analysis shows that 2016 is the most junk mail-ridden election of all time, and "get rich like Trump" tops the spam charts.

trumpspam.jpg

Image: Proofpoint

If election media coverage doesn't kill you, the junk mail and spam in your mailbox just might. A new study about email marketing shows the 2016 election might be the most spam-ridden campaign of all time. Why more unsolicited noise year? Blame Trump. Or at least, blame Trump's ability to generate outrage, ire, and clicks. Lots and lots of clicks.

Spam messages often contain "lures," emotionally charged trigger language and images that provide incentive for users to click. Lures are often used in phishing attacks that deploy email that mimics genuine websites and services, then tricks users into revealing login credentials or drops malware on a local machine. Due to their large scale, enterprise companies are often targets for lure-based phishing scams.

SEE: Internet and Email usage policy (Tech Pro Research)

Trump, it turns out, is a great lure. To be clear, the study conducted by security firm Proofpoint surveyed spam messages during the post-primary period of the campaign that had appropriated Trump's name, not legitimate mail sent from the campaign or any of its affiliates.

"We protect customers from advanced threats found in more than 600 million emails, hundreds of millions of social media posts, and across more than 150 million malware samples." explained Patrick Wheeler, Director of Product Marketing at Proofpoint. "Our global intelligence encompasses more than 300 billion data points and monitors more than 7 billion unique URLs every day."

election-spam03.png

Image: Proofpoint

Trump is a spam-magnet, and appeared nearly 169 times as often in spam messages that use Hillary Clinton's name. By June, Trump-themed lures jumped to 270 times the amount of Clinton-themed lures, and 34 times more than lures that used Trump and Clinton were used together as bait.

In the run up to the Republican and Democratic national conventions in July, Trump lures remained more than 170 times more common than Clinton lures. Additionally, Trump-related spam volume increased, and the gap between Trump- and Clinton-related spam became more pronounced.

Election Tech

Visualizing the Russian cyberattack

Cybersecurity experts explain how the data breach happened, and Twitter chatter reveals what competing social media factions are saying about the election hack.

The political poll login tactic seems to surface every election year. The lure informs recipients that their opinion about campaign issues is needed, then presents a Google- or Yahoo-like login. Because the message is sent to specific mail providers, users often log in quickly, assuming they're logging in to Gmail or a similar trusted service. Fortunately or unfortunately, this tactic, said the report, is used less this cycle. The most popular spam lure terms are currently "work-at-home and "get-rich like Trump."

Spam, apparently, is truly American. In May, security firm and antivirus developer Kaspersky reported an uptick in malicious spam and phishing during the same period as the Proofpoint study. The United States, the Kaspersky report said, was the largest originator of junk mail and responsible for generating more than 12% of all spam. Before Trump, "terrorism" was the lure de jour.

"This is a contentious election," a Proofpoint spokesperson stated in a release, "so we expected high volumes of election-related spam as threat actors capitalize on public attention. What we didn't expect was the very lopsided use of lures related to a single candidate." Through November, it seems, spammers will continue phishing for Trump.

Read more

About Dan Patterson

Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.

Editor's Picks

Free Newsletters, In your Inbox