The Threat of Political Phishing

International Symposium on Human Aspects of Information Security and Assurance Pub Date : 2008-07-01 DOI:10.2139/SSRN.1459790

Christopher Soghoian, Oliver Friedrichs, M. Jakobsson

{"title":"The Threat of Political Phishing","authors":"Christopher Soghoian, Oliver Friedrichs, M. Jakobsson","doi":"10.2139/SSRN.1459790","DOIUrl":null,"url":null,"abstract":"Internet based donations to political candidates are now a vital part of any successful campaign. Tens of millions of dollars are raised online each year, primarily in sub one hundred dollar amounts from individuals around the country. Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is OK to click the 'donate' button on an unsolicited email that arrives from a candidate. While not yet a major problem, fraudulent websites that masquerade as genuine campaign sites aiming to defraud donors are a significant threat on the not-so-distant horizon. These political phishing sites are easy to create, and extremely difficult for users to detect as not authentic. In this paper, we discuss threats against online campaign donation systems, and the unique factors which make this type of online commerce particularly vulnerable to fraud based attacks. We explore the threat that phishing attacks utilizing typo squatting and cousin domain names could pose to the 2008 presidential election. Finally, we propose a realistic and cost-effective solution to the problem.","PeriodicalId":206328,"journal":{"name":"International Symposium on Human Aspects of Information Security and Assurance","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Symposium on Human Aspects of Information Security and Assurance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/SSRN.1459790","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Internet based donations to political candidates are now a vital part of any successful campaign. Tens of millions of dollars are raised online each year, primarily in sub one hundred dollar amounts from individuals around the country. Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is OK to click the 'donate' button on an unsolicited email that arrives from a candidate. While not yet a major problem, fraudulent websites that masquerade as genuine campaign sites aiming to defraud donors are a significant threat on the not-so-distant horizon. These political phishing sites are easy to create, and extremely difficult for users to detect as not authentic. In this paper, we discuss threats against online campaign donation systems, and the unique factors which make this type of online commerce particularly vulnerable to fraud based attacks. We explore the threat that phishing attacks utilizing typo squatting and cousin domain names could pose to the 2008 presidential election. Finally, we propose a realistic and cost-effective solution to the problem.

查看原文本刊更多论文

政治网络钓鱼的威胁

现在，通过互联网向政治候选人捐款是任何成功竞选的重要组成部分。每年在网上筹集到数千万美元，主要来自全国各地的个人，金额在100美元以下。政客们自己的竞选捐款请求电子邮件不受联邦反垃圾邮件立法的约束，他们的竞选活动鼓励冒险行为，教导用户在收到来自候选人的不请自来的电子邮件时点击“捐赠”按钮是可以的。虽然这还不是一个大问题，但那些伪装成真正的竞选网站，旨在欺骗捐赠者的欺诈网站，在不久的将来就会成为一个重大威胁。这些政治钓鱼网站很容易创建，并且用户很难检测到其不真实。在本文中，我们讨论了针对在线竞选捐赠系统的威胁，以及使这种类型的在线商务特别容易受到基于欺诈的攻击的独特因素。我们探讨了网络钓鱼攻击利用错别字抢注和表兄弟域名可能对2008年总统选举造成的威胁。最后，我们提出了一个现实而经济的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Symposium on Human Aspects of Information Security and Assurance

自引率

0.00%

发文量