Con artists 'phish' for campaign donors
When that e-mail asks for a political contribution, make sure it's your candidate who's getting the money.
Researchers for SurfControl, a company that offers e-mail filtering software, say they found two examples of suspect e-mails last weekend, both purporting to be from Democrat John Kerry's campaign.
Like other common "phishing" schemes, which involve e-mail requests that seem to be from trusted sources such as eBay or Citibank, the Kerry messages asked potential donors to go to an outside Web site to give money. Those Web sites, one registered in India, the other in Texas, were not affiliated with the Kerry campaign.
"We expect to see a lot more of this electronic election fraud," said Susan Larson, vice president of global content at SurfControl. "Phishers and other scam artists are masters of leveraging timely events to exploit the unwary."
Phishing, or fraudulent e-mail solicitation, has been a growing problem over the past several years, even as consumers have become more wary of ordinary e-mail marketing pitches. A recent study by SurfControl rival MailFrontier found that 28 percent of people couldn't distinguish scam e-mails from genuine e-mail messages.
SurfControl warned potential political donors to make sure they trusted the site taking their money. Kerry's true Web domain is www.johnkerry.com, they noted. President Bush's site is www.georgebush.com.
The false Kerry e-mails identified by SurfControl pointed donors to http://testhost.yahoogoogle.biz/JohnKerry/contribute.html and http://www.johnkerry_edwards.org. Both have since gone dark.