Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns

Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention.   

The Wisconsin Republican party’s war chest is lighter by $2.3 million after scammers posing as MAGA-hat vendors were able to spoof invoices in what appears to be a basic business email compromise (BEC) attack. It’s just the latest in a litany of attacks related to the upcoming election, and it showcases a big problem area when it comes to cybersecurity, researchers said.

In a BEC attack, a fraudster impersonates a trusted party to try and trick a business into making payments or wiring money. In a typical BEC attack, criminals will do their research to make their communications seem credible, according to Agari’s recent deep dive on the state of BEC attacks.

“Cybercriminals, using a sophisticated phishing attack, stole funds intended for the re-election of President Trump, altered invoices and committed wire fraud,” Wisconsin state party Chair Andrew Hitt said in a statement announcing the incident. “These criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime.”

Researchers disagreed with the “sophisticated” claim: “While this scam may look sophisticated, this is fairly simple and reflects the vulnerability of any organization that has not digitized their spend management processes,” Alex Saric, CMO of Ivalua said. “Invoicing is an area ripe for fraudsters and cybercriminals, who know employees may not always question their validity, particularly if they look convincing.”

That tracks with Hitt’s explanation about the scammers’ familiarity with party operations. These financially motivated criminals will often sit and monitor inboxes they’ve compromised for quite some time. In this instance they were able to get enough insight into the Wisconsin GOP’s day-to-day dealings that they could doctor MAGA-hat invoices, according to reports. They used the names of existing vendors to the party and made the invoices look close enough to the real thing to get them paid.

The Wisconsin GOP said that no proprietary information was compromised in the attack, and that the state party still has enough cash on hand to keep the operation going.

“While a large sum of money was stolen, our operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3rd,” Hitt added.

Cybercrime Isn’t Partisan

The Wisconsin GOP isn’t alone. According to Agari’s most recent count, BEC attacks make up 40 percent of all cybercrime losses, impacting more than 177 countries across the world.

But as the election approaches and campaign activity amps up to its most furious pace in the final days before the election, political operations will be a particularly juicy target for cybercriminals, warned Ken Liao, vice president of cybersecurity strategy and Abnormal Security.

“Political candidates, their staffs and the organizations they work with will always be targets for malicious actors,” Liao said. “Email-based attacks — and more specifically attacks perpetrating invoice fraud  — are one of the more common methods used by hackers to gain access to sensitive information. As we get closer to the election, attackers will count on the fact that staffers will be busier and stretched thin, making it easier to induce a security lapse.”

Which requires political staff and elections officials to be more diligent than normal (especially when things around them are anything but normal). It’s not a simple ask — which is precisely what malicious actors are banking on to help fuel their scams, Liao added.

“All it takes is one errant click from a single member of a campaign staff,” he said. “It’s particularly important for employees to be vigilant and ensure that anything they open or click on is from a trusted source. At the same time, employers need to have detection capabilities that can automatically identify signals coming from email traffic that poses a threat.”

Campaign operations have also largely gone mobile, adding another layer of exposure to attacks, according to Hack Schless, who works in security solutions at Lookout.

“Campaign workers communicate directly with reporters and coordinate with other staffers over messaging apps and SMS,” Schless said. “They also need to run their candidates’ social-media accounts. SMS, social media, and third-party messaging platforms are three of the most popular platforms threat actors use to socially-engineer targets into falling for phishing attempts. It’s gone so far as the DNC warning campaign workers against social engineering through dating apps in a statement issued earlier this year.”

The goal of these attempts is to trick staffers into giving up their credentials, Schless added.

“They want to gain access to the campaign’s infrastructure to steal data or resources normally accessed by that individual,” he said. “The attacker can carry out their campaign through SMS, email, iMessage, social media platforms, third-party messaging apps and more.”

Recent Election-Related Attacks

All of this is against the backdrop of no shortage of attacks on the election this year.

For instance, Iranian actors posing as the hate group “Proud Boys” launched email campaigns against registered Democrats with threatening messages to “vote for Trump or else,” using stolen voter-registration data.

Last week Georgia’s database of voter signatures was impacted by a ransomware attack on Hall County, Ga.

And just days ago the Trump Campaign website was defaced with a cryptocurrency scam, briefly displaying a message from scammers claiming to have “strictly classified information.”

The added fog of highly charged, partisan politics only serves to help criminals, Tom Pendergast, chief learning officer at MediaPro said.

“We must remember as this story unfolds that this is not a partisan issue,” he noted. “Now, it may be partisan in that the cybercriminals behind this attack may prefer one party over the other (though it’s not clear which party is advantaged here). And we can be sure it will get twisted to partisan ends.”

He adds any attacks on our elections need to be met with a unified American front.

“However, the way we respond to it should NOT be partisan,” Pendergast continued. “Making voting and email and digital transactions and the internet safe for everyone should be an issue we can all get behind. No one gains from cybercrime and no one gains from election fraud, if what we ultimately care about is a stable democracy.”

Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020. Save your spot for this FREE webinar on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.




Suggested articles