Phishing Attack Steals Donations from Trump Voters Using Fake Websites


A phishing campaign targeting Donald Trump’s supporters has been launched involving fake donation websites. The campaign’s origins are still under investigation, with some activity tracing back to China. Discover how to protect your personal information, and avoid this scam.

The upcoming US presidential elections are a key target for threat actors due to the global spotlight and local public involvement, particularly following the attack on Republican nominee and former president, Donald Trump. While Trump’s popularity has significantly increased after the attack, threat actors also exploit the incident for crypto scams and extract credentials through phishing campaigns.

According to the latest findings by Israeli cybersecurity firm Veriti, Trump supporters and voters have become prime targets of a phishing campaign active since May 21, 2024. The researchers report that, unlike typical phishing scams, these scammers are soliciting cryptocurrency donations. They are exploiting the “novelty and perceived security of cryptocurrencies” to lure users into a secure and anonymous donation process.

The campaign involves fake websites posing as Trump’s official donation platform. These sites mimic legitimate donation pages using the WinRed service, familiar branding, and messaging to lure supporters into making donations.

For your information, WinRed is the official fundraising platform of the Republican Party in the United States. Veriti has identified the following malicious domain addresses used in a scam:

  • winred./online
  • winred./today
  • donaldjtrump./top

The scam is relatively easy to detect due to its use of cryptocurrency and deviation from the official donation process. Trump’s legitimate campaign donations utilize the WinRed platform, featuring official links like those for the Trump National Committee and Support Mike Johnson for Congress.

Additionally, the fraudulent donation websites are visually identical and share the same cryptocurrency wallets and updated donor lists, indicating a coordinated phishing effort.

Veriti’s research shows that the campaign is still active, with the latest victim connecting to one of the sites on July 22. Currently, there have been minimal cryptocurrency transactions except for a few hundred dollars recorded to an Ethereum wallet two weeks ago and a significant Ethereum transaction occurred in June, indicating limited success.

One of the fake domains used in the phishing scam (left) – Original Trump donation domain (right)

The campaign’s origins are still under investigation, with some activity tracing back to China but no conclusive evidence linking a specific hacking group. The potential for damage is high, necessitating understanding and mitigation.

To protect yourself from such scams, double-check website URLs, and research the organization’s legitimacy. Look for reviews and testimonials from reputable sources. Be cautious of urgent appeals and suspicious links. Scammers often use emotional tactics to pressure victims into donating. Lastly, be cautious of unsolicited emails and unknown senders.

  1. Trump campaign website defaced with “site seizure” notice
  2. Fake Trump’s scandal video campaign spreading QNode RAT
  3. Researcher logs into Trump’s Twitter with password MAGA2020
  4. Federal Agency that maintains secure COMM for Trump HACKED
  5. 2 arrested for Hacking DC Security Cams Before Trump Inauguration





Source link