(CNN)Democratic campaigns were warned late last year that cybercriminals were seeking to steal their funds by posing online as staff and election vendors, CNN has learned.
In one case, scammers posing as a campaign chair said in an email to a staffer: “I need you to execute a payment.” Other messages asked staff to sign phony online invoices and asked for accounting information, according to warnings sent by the Democratic National Committee and seen by CNN.
The DNC did not disclose what campaigns had been targeted. A DNC spokesperson said that it did not have evidence that any of the attacks it was aware of were successful
Many organizations are targeted in this way every day. Just last month, a Texas school district lost $2.3 million in a phishing scam.
But while this is not unique to Democratic campaigns, the warnings served as a reminder to Democrats that they can be the target of criminals as well as the more publicized threat from state-backed hackers, such as the Russians who hacked the DNC in 2016.
Bob Lord, the DNC’s chief security officer, confirmed to CNN that while financial scams are nothing new, the DNC had warned presidential campaigns and the wider Democratic community about recent variations where scammers have gone to great lengths to appear as legitimate vendors.
Lord said organizations should confirm invoice information sent online over the phone directly with vendors.
In 2018, former Tennessee Gov. Phil Bredesen’s Senate campaign told the FBI it feared it had been hacked after it “received multiple emails that appeared to be from the campaign’s media buyer” which included specific details about a planned media buy and “urged the campaign to wire funds to an international bank account.”
Speaking about this type of cybercrime generally, Kimberly Goody, senior manager of cybercrime analysis at the cybersecurity firm FireEye, told CNN that scammers use a variety of techniques to impersonate people requesting fraudulent money transfers.
While these type of scams are not always technically sophisticated, they can involve a degree of information gathering wherein the scammers study organizations to make their requests appear more legitimate. For instance, the scammers may learn which staff member might have the ability to authorize a payment.
In some cases, scammers might register a lookalike web address to make their emails more convincing. Goody pointed to her own company, FireEye; a scammer might replace the “I” with a lowercase “L.”
Goody warned that people reading emails on cell phones may be more vulnerable because phones do not generally show full email addresses, so people may not notice a suspicious email address. These practices are often referred to as “business email compromise,” a scam the FBI has warned organizations about in the past.
“Any organization in any part of the country is at risk of being targeted by these scams,” Goody said.
Last September, the Department of Justice announced 281 people had been arrested in a worldwide effort to disrupt this type of cybercrime. Seventy-four arrests were made in the US.