Planning to donate money online to a candidate during the 2008 United States presidential election? Before you click the "donate" button, make sure the site you visit is not a fake.
Online presidential campaign Web sites could be the next breeding ground for phishing scams and other fraud, according to Craig Spiezle, director of Security & Safety Product Management at Microsoft.
Spiezle and others presented information about the possibility of widespread political phishing at the Anti-Phishing Working Group's general meeting and eCrime Researchers Summit. Spiezle provided examples of spoofed and forged e-mail messages purporting to come from leading presidential candidates campaigns and U.S. government agencies, including the IRS. The e-mail messages attempt to drive people to phishing sites that are designed to steal credit card data and load malicious software onto unprotected computers.
In a panel discussion at the summit, Christopher Soghoian and Markus Jakobsson warned that "Campaigns encourage risky behavior by teaching users that it is okay to click the 'donate' button on an unsolicited e-mail that arrives from a candidate." For more information, see their white paper The Threat of Political Phishing.
To help prevent phishing scams, you should use caution when you click links in e-mail messages. Check the "from" address of any e-mail message you receive that directs you to a fundraising site. If you know the URL of the Web site where you want to donate and you're sure that it's the official site of the candidate, type the URL directly into your Web browser. It also helps to use a Web browser such as Internet Explorer 7, which comes with phishing protection.
For more tips, visit Recognize phishing scams and fraudulent e-mails.