The Threat of Political Phishing

Internet based donations to political candidates are now a vital part of any successful campaign. Tens of millions of dollars are raised each year, primarily in sub one-hundred dollar amounts from individuals around the country. Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is ok to click the “donate” button on an unsolicited email that arrives from a candidate. While not yet a major problem, fraudulent websites that masquerade as genuine campaign sites aiming to defraud donors are a significant threat on the not-so-distant horizon. These political phishing sites are easy to create, and extremely difficult for users to detect as not authentic. This paper will discuss threats against online campaign donation systems, and discuss the unique factors which make this type of online commerce particularly vulnerable to fraud based attacks. Finally, we propose a realistic and cost-effective solution to the problem. 1 The Importance of Online Campaign Donations Over the past few years, online campaign donations have increasingly become a significant portion of the overall campaign fundraising process. Hillary Clinton’s presidential campaign raised over eight million dollars online during the third quarter of 2007, more than one year before the 2008 presidential election [23]. During the 2004 election, John Kerry set the single-day online campaign donation record, raising over three million dollars on June 3