Over the past month, Symantec has blocked almost 8 million spam emails relating to the US presidential election. The volume of spam has increased steadily during that period, reflecting rising interest in the election as the November 8 polling day draws near.
The trend reflects one of the tactics most commonly used by spam groups. Emails concerning current events are more likely to get the attention of recipients, so are more likely to be opened.
Figure 1. US election spam volume by day
The vast majority of election spam blocked by Symantec is traditional spam—unwanted and unsolicited emails. Some concern the election, others simply use the names of the candidates in the subject line to lure recipients into opening them. However, within this wave of election spam, there is a smaller but significant number of emails with malicious attachments. If opened, the attachments could download and install malware on to the recipient’s computer.
Two of the spam emails discovered by Symantec reference Republican nominee Donald Trump and contain the subject lines ‘Donald Trump’s Secret Letter’ and ‘Donald Trump Reavealed’ (sic). Both have .zip files attached, with one claiming it reveals Trump’s “secret emails”, while the other purports to reveal a photo of Trump groping a teenage girl. However, these attachments actually contain malware.
Figure 2. Example spam email using the US election as a lure for opening a malicious attachment
Democratic nominee Hillary Clinton has also seen her name used in spam over the course of the campaign. An email campaign discovered by Symantec in August claimed to show a video of Clinton with an ISIS leader, but the attachment was, in fact, a malicious Java file that infected recipients with a remote access Trojan.
Figure 3. Blocked emails containing malicious attachments
The number of malware-bearing emails has spiked periodically over the past four weeks. However, the overall trend is moving upwards, indicating that attack groups are increasingly leveraging the election as we move closer to the polling date.
Figure 4. Malicious attachments by type
Given the already-growing volume of malicious emails attempting to capitalize on the US presidential election, it’s reasonable to assume that attackers will up their efforts over the next three weeks as the election campaign goes into overdrive. Exercise caution with any emails you receive, particularly if they come from an unfamiliar source or contain sensationalist subject lines.
A full protection stack helps to defend against these attacks, including Symantec Email Security.cloud, which can block email-borne threats, and Symantec Endpoint Security, which can block malware on the endpoint. For consumers, Norton Security will protect your computer from malware.
Tips for protecting yourself from email-borne threats
- Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Always keep your security software up to date to protect yourself against any new variants of malware.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly-discovered security vulnerabilities that could be exploited by attackers.
- Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.