That Political 'Call to Action' Might Actually Be a Scam

I'm just a humble immigrant, but as a mere (legal!) guest in the U.S., I can't help but notice that the country is rather, shall we say, politically divided these days (sorry if pointing that out seems rude). It seems international scammers have also noticed—and are taking advantage in subtle ways.

Recently, investor Fred Benenson blogged about a sophisticated phishing campaign targeting SendGrid users. Phishers sent emails claiming the company was going to add a large "Support ICE" button at the bottom of every outgoing email unless users opted out. The emails also featured a large blue button promising to help you disable the message, which, when clicked, naturally led to a fake version of SendGrid that would allow the scammers to steal login information.

As scams go, it's not a bad play: Phishing emails work best when they induce a sense of panic—that way you're less likely to think critically about them, and just act. It's not hard to imagine this particular email being effective, given the political climate right now. Say you're running a fair trade coffee company—you wouldn't want a giant "Support ICE" button below your signature at this moment in history.

But the trick didn't just target left-wing organizations: Variations on the theme claimed the company was going to add pro-LGBT+ and Black Lives Matter banners as well. The differing political messages aren't really the point of the scam, you see—the point is to get business owners to panic about projecting the "wrong" values so that they will click the link and give away their login information. Scammers rely on psychological tricks to rope in their victims, all of them designed to get you to stop thinking rationally. Exploiting America's political divide seems to be an excellent way to do that.

Political phishing schemes are nothing new

This is just the latest example of a scam that uses politics as a tool. Back in 2020, a fake Black Lives Matter voting campaign spread malware by pretending to be from a county official looking for feedback on the then-exploding political movement. People on both side of the partisan divide ended up clicking through and getting infected.

And then there are the campaigns where people pretend to be politicians and beg for donations: Back in 2024 Lifehacker reported on a rash of political donation scams that popped up during the presidential election cycle. That trend is still growing, according to Stacey Wood, a fraud expert writing for Psychology Today. "What is especially challenging for consumers and voters is that legitimate campaign operatives use many of the same common persuasion techniques employed by scammers," she writes.

All of which is to say that international scammers have equal access to American media outlets, are aware of our political divides, and are effective at using them to exploit your emotions in order to steal your money.

How to spot a political phishing scam

What can you do to protect yourself? First, be aware of the tricks that scammers use, and always approach your email inbox with skepticism. Before you click any link from an unfamiliar sender or in an unsolicited email, hover over it to see if it's going to a website that looks legit. Even better: Avoid clicking links altogether, and head to the website for a given service directly by typing it into your browser.

Remember, it's easier to fall for a scam than you think, so it pays to be skeptical, especially when you encounter a call to action designed to get you to react in a panic.

View the full article