Mailfrontier Inc.
This Web page looks legitimate, but it was actually sitting on a server in India and designed to steal personal information.
By Bob Sullivan Technology correspondent
updated 8/2/2004 7:11:43 PM ET 2004-08-02T23:11:43

In a world awash in fake e-mails designed to steal personal information, it was probably inevitable. This weekend, researchers discovered a near perfect imitation of a recent solicitation sent by the Kerry-Edwards campaign. The notice was a hoax, sending users off to a Web site controlled by a computer hacker.

The e-mail appears to come from John Kerry's brother, Cam.

"As John's brother, I have been by his side through tough fights," the e-mail begins. "While this campaign is one of the toughest, it is also the most important -- for our country, and for our world. I can tell you that when the going gets rough, there isn't anybody I want by my side more than my brother John."

The e-mail then calls on recipients to donate to the Kerry campaign, providing a link to a special Web page ostensibly designed to accept payments over the Internet. But the Web page was really based in India. And any "donation" made using it is probably lost forever.

Researchers assume that aside from stealing money, the hoax's intent was to lure supporters of the Democratic ticket into becoming victims of identity theft.

Debra DeShong, spokeswoman for the Kerry campaign, confirmed that the e-mail incident occurred, but said she had no information about how widespread the problem may be.

"We have been made aware of it. Our attorneys have the information and they are looking into it," she said.

The Web site designed to collect the stolen information was disabled on Sunday. And a clever tactic employed by the Kerry campaign's Webmaster also foiled the e-mail -- effectively hacking the hacker. 

The original version of the fake e-mail referenced a genuine image of Cam Kerry that was hosted on the legitimate campaign Web site. Over the weekend, that image was replaced by a statement from the Kerry campaign indicating the e-mail was a fraud. Because the fake e-mail used the Kerry campaign site as the source for its image, when users called up the e-mail, instead of Cam Kerry's face, they saw a notice saying "Do not donate using any link in this e-mail."

'Timing was perfect'
The e-mail was discovered on Saturday, said Andrew Klein, anti-fraud product manager at MailFrontier Inc. Klein said he warned the Kerry campaign and the Federal Trade Commission right away.

He also didn't know how many copies were sent out, but the message "is circulating," he said.

Klein speculated that the hoax likely met with some initial success, given that the e-mail trap was laid just as the Democratic convention was ending.

"The timing was perfect," Klein said.

Making matters worse: the e-mail was a slightly-edited version of a real e-mail sent by the Kerry campaign just two weeks ago. Essentially, only the donation link was changed to redirect donors' credit cards and other personal information into the hands of the thief.

"You could have gotten this one twice, once because you were member of the Democratic Party, and once from the criminal," Klein said.

That would have made the fake e-mail look all the more real, he said.

The e-mail wasn't without typical hacker misspellings, however. In the "from" line, ironically enough, the hacker misspelled president as "presidewd" and in the "subject" line, decision was spelled "decesion."

Look-alike, fake e-mails, also known as phishing e-mails, continues to cause real headaches for Internet users, who are continually more confused about what's real and what's fake in their inboxes. A recent study showed people misidentified fake e-mails as real about one-third of the time. Another study, released by Gartner, suggested that nearly $2 billion has been stolen from U.S. bank accounts, much of it via phishing, during the past 12 months.

© 2013 Reprints


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments