Cybersecurity researchers say two developments involving the Trump 2024 presidential fund-raising campaign have left the door open for fraudsters to strike fast and smart. According to a new report from Netcraft, the important dates were May 21, when the Trump campaign said it would accept donations using cryptocurrency and May 31, when Trump was convicted of 34 felony charges in the Stormy Daniels hush money case. A huge surge in donations has resulted in a new wave of convincing scams from criminals looking to profit from the publicity.
Fast And Smart Scammers Target Trump 2024 Campaign
The Netcraft report, Trumped Up Crypto Scams – Criminals Deploy Trump Donation Scams, published June 18, warns that cybercriminals had already registered multiple online domains the day before the Trump 2024 crypto donations announcement. Rob Duncan, Netcraft’s head of research and author of the report, said the fastest-acting of these fraudsters created a site that “mirrored almost exactly the Trump campaign page in content and design” but was hosted at donalbjtrump.com which doesn’t strike me as overly smart, to be honest. That said, a simple letter substitution in a URL has historically been enough to fool plenty of people, truth be told.
What is smart, Duncan said, is that the scammers are actively monitoring every move in the Trump campaign story and “making strategic adjustments to improve the scam.” For example, the site mentioned above started with content including a message from Trump accusing opponents of a witch hunt and asking for donations. However, following the May 31 trial verdict, the content was changed to adopt the ’Never Surrender’ campaign narrative. The real Trump campaign raised over $50 million in a single 24-hour period after the guilty verdicts. While Netcraft doesn’t say how much the fraudsters made, it’s likely to be significant if even a small percentage of Trump supporters were taken in.
Cybercriminals are using several methods to facilitate crypto payments, replacing the legitimate Coinbase route used by the Trump 2024 campaign. According to the report, these include “phishing pages impersonating Coingate and crypto payment flows using Plisio and Oxapay.”
Another scam example, which can be filed under if it sounds too good to be true, depending upon your political persuasion, is an offer to win dinner with Trump for $2,000 at Mar-a-lago. Again, copying the genuine campaign site layout as far as donation options are concerned, the fraudulent site adds a competition element, with those donating at least $2,000 having the chance to win the dinner date prize.
Talking To The Scammers Confirms AI Usage
The Netcraft security researchers were able to hold a direct, one-to-one conversation via proprietary peer-to-peer messaging reconnaissance with a threat actor running a Trump National Committee phishing scam. During the conversation, Duncan said, different points of actionable threat intelligence were disclosed. What was, perhaps, most concerning was that the scammer confirmed that fraudsters are indeed “leveling up and using AI to create better, faster, and more believable scams.”
This can make detection harder as far as the ordinary user or victim is concerned, as the spelling and grammar errors that often riddle such phishing scams are removed when AI is involved. “These messages break from convention as they are very well structured, use proper English and grammar, contain nuanced language unique to the Trump campaign, Duncan warned.
Credit: Source link