In a concerning development, recent research conducted by the Veriti research team uncovered a phishing campaign targeting supporters of Donald Trump’s 2024 campaign. The scheme, active since May 31 – the day of Trump’s trial verdict, leverages cryptocurrency as a means to solicit donations fraudulently. This blog delves into the intricacies of the campaign, highlighting key findings and the implications of this cyber threat.
The Campaign Overview
The phishing operation masquerades as an official donation platform for the Trump campaign, claiming to accept various cryptocurrencies. The phishers have created several domains all designed to mimic legitimate donation pages using the WinRed service. These sites employ familiar branding and messaging to lure unsuspecting supporters into making donations.
One notable aspect of this campaign is its use of a specific set of cryptocurrency wallets, which is uncommon in typical phishing scams. The attackers appear to be capitalizing on the novelty and perceived security of cryptocurrencies, enticing users with the promise of a secure, anonymous donation method.
The three donation websites we have uncovered are not only visually identical but also share the same cryptocurrency wallets. Interestingly, the ‘updated list of donors’ displayed on each site is an exact match, further indicating a coordinated phishing effort.
It’s important to note that the legitimate process for donating to Trump’s campaign typically involves using the WinRed platform. For example, donations can be made through official links such as Trump National Committee and Support Mike Johnson for Congress on WinRed. The use of cryptocurrency and unofficial websites by the phishers deviates from these standard procedures.
Uncovering the Details
Our investigation revealed that the campaign is indeed active, with the most recent victim connecting to one of the phishing sites as recently as July 22. Interestingly, the research indicates that while the phishing sites have been operational since late May, there was a notable Ethereum transaction at the end of June, suggesting some level of financial engagement.
To date, there have been minimal cryptocurrency transactions linked to these phishing sites. For instance, the Bitcoin wallet associated with the scam (bc1q6deggsvzt9jdz3d85t5tu34fwafs92nfhz20ke) has not received any funds. However, one “in” transaction of a few hundred dollars was recorded to the Ethereum wallet (0x55C0715cCDa19370702ffA62d8C2E7235684584d) two weeks ago. You can see the full transaction history of this wallet on Etherscan. However, the research team is monitoring the situation closely, given the potential for more significant victimization as the campaign continues.
The method of distribution appears to involve phishing emails, with users reaching the fraudulent sites via links embedded in these messages. This tactic is not uncommon in phishing campaigns, but the specific use of a high-profile figure like Trump and the focus on cryptocurrency is noteworthy.
Analyzing the Impact and Looking Forward
While the exact number of victims remains unclear, it appears that the campaign may not have had widespread success yet. However, the potential for damage remains high, especially as the phishing campaign leverages the heightened political climate.
The origins of the campaign are still under investigation. Although some activity traces back to China, there is no conclusive evidence linking a specific hacking group to this operation. This lack of clarity only adds to the urgency of understanding and mitigating the threat.
The Uncommon Use of Cryptocurrency in Phishing
What sets this phishing campaign apart is its reliance on cryptocurrency donations, which is atypical for such scams. Generally, phishing schemes avoid cryptocurrencies due to their relative novelty and the complexities involved in managing and converting digital assets. The choice to use cryptocurrency may reflect an attempt to appeal to tech-savvy individuals or to exploit the perceived anonymity and security associated with digital currencies.
In conclusion, while the phishing campaign targeting Trump’s supporters is currently active, the extent of its impact remains limited. However, the campaign’s unique aspects, such as the use of cryptocurrency and the targeting of a specific public figure, highlight evolving tactics in the world of cybercrime. As the situation develops, continuous monitoring and public awareness will be crucial in preventing further victimization.
.
The research team at Veriti will continue to track this campaign, providing updates as more information becomes available. As always, individuals are advised to exercise caution and verify the legitimacy of any donation requests, particularly those involving cryptocurrency.
