In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Second International Conference on Human Aspects of Information Security & Assurance (HAISA 2008)
Title: The Threat of Political Phishing
Author(s): Christopher Soghoian, Oliver Friedrichs, Markus Jakobsson
Keywords: phishing, social engineering, trust, e-commerce, political contributions
Abstract: Internet based donations to political candidates are now a vital part of any successful campaign. Tens of millions of dollars are raised online each year, primarily in sub one-hundred dollar amounts from individuals around the country. Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is OK to click the "donate" button on an unsolicited email that arrives from a candidate. While not yet a major problem, fraudulent websites that masquerade as genuine campaign sites aiming to defraud donors are a significant threat on the not-so-distant horizon. These political phishing sites are easy to create, and extremely difficult for users to detect as not authentic. In this paper, we discuss threats against online campaign donation systems, and the unique factors which make this type of online commerce particularly vulnerable to fraud based attacks. We explore the threat that phishing attacks utilizing typo squatting and cousin domain names could pose to the 2007 presidential election. Finally, we propose a realistic and cost-effective solution to the problem.
Download count: 3083
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.