Avanan doesn’t conduct polls and has no deeper insight into who will win the US presidency in 2020 than anyone else, but we do have a lot of data on phishing emails. Using this data, Avanan took a look to find which presidential candidate’s name is most likely to be used in a phishing campaign. To conduct this analysis, Avanan looked at 1.3 billion email, across a thousand of our US-based customers, selecting only the phishing attacks that mentioned the names of 2020 presidential candidates.
The data is not reflection of any candidate’s campaign or their security preparedness. It seems to be most strongly correlated with the candidate’s news-worthiness and the end-user’s tendency to open the message–out of love or hate.
Because there is currently only one Republican running next year, we will look at the Democratic roster first.
Here’s what was happening in October:
It is interesting that Michael Bloomberg’s name had started to be used in phishing campaigns even though he had not yet officially announced.. This is likely due to his status as a public figure/well known billionaire. The names of known billionaires such as Elon Musk and Bill Gates are frequently employed to lend credibility to phishing campaigns.
In November:
The number of phishing emails using each candidate’s name doubled from the month before. The three highest polling candidates were very close in the number of phishing campaigns with their names attached. The number of phishing emails referencing Michael Bloomberg increased by the highest percentage (250%) likely off the news of his candidacy.
Phishing emails utilizing presidential candidates doubled again, now becoming a noticeable percent of malicious email. For the first time Pete Buttigieg cracks the phishing top four, this may be due to the increased name recognition he gained as a result of the “wine cave” virality. Another interesting note is the drop in mentions of Bernie Sanders when it came to phishing emails. Maybe his followers were becoming wise to the spoofs or the campaign itself could have improved its DMARC settings to crack down on impersonations.
Phishing attacks containing “Joe Biden” nearly doubled once again (+75%). Meanwhile other candidates only increased incrementally. This is not surprising as January produced a lot of news stories about Joe Biden in relation to the impeachment hearings increasing his relevancy as a public figure. It is likely that many of the phishing emails using his name during the month of January were targeting both Biden supporters and Trump supporters with different messaging surrounding the candidate.
Phishing emails using the names of Democratic candidates has mostly increased over time. As the primary election nears, more people are paying attention and more people are clicking emails they think are from candidates they are considering supporting. This makes the opportunity for successful phishing attacks better every day.However, as phishing attacks rely on both name recognition and emotion, the most obvious name to use is that of the current president. Looking at the totals over the past four months of the all the Democratic candidates combined when compared to the total number of phishing utilizing President Trump’s name this point becomes even clearer.
As you conduct your research, sign up for updates, make donations, and take other participatory actions in our nation’s Democratic process, do not forget to take proper precautions to protect yourself from email based threats. All of the emails we looked at were sent to our customers (corporate email addresses) and it is reasonable to assume that the numbers may be even higher for personal accounts. Remain vigilant and trust no one.