Avanan doesn’t conduct polls and has no deeper insight into who will win the US presidency in 2020 than anyone else, but we do have a lot of data on phishing emails. Using this data, Avanan took a look to find which presidential candidate’s name is most likely to be used in a phishing campaign. To conduct this analysis, Avanan looked at 1.3 billion email, across a thousand of our US-based customers, selecting only the phishing attacks that mentioned the names of 2020 presidential candidates.

The data is not reflection of any candidate’s campaign or their security preparedness. It seems to be most strongly correlated with the candidate’s news-worthiness and the end-user’s tendency to open the message–out of love or hate.

Because there is currently only one Republican running next year, we will look at the Democratic roster first.

October 2019

 

Here’s what was happening in October:

  • The fourth Democratic primary debate was October 15th
    • A dozen candidates took the stage. According to CNN’s analysis the big winners of the night were Bernie Sanders, Amy Klobuchar, Pete Buttigieg, and Andrew Yang.
  • Polls had Joe Biden in the lead
    • Most polls had Joe Biden in the lead followed by Elizabeth Warren then Bernie Sanders. It would still be another month until Michael Bloomberg would officially announce his candidacy.

Phishing Analysis

It is interesting that Michael Bloomberg’s name had started to be used in phishing campaigns even though he had not yet officially announced.. This is likely due to his status as a public figure/well known billionaire. The names of known billionaires such as Elon Musk and Bill Gates are frequently employed to lend credibility to phishing campaigns.

November 2019

 

In November:

  • The Democratic primary held their fifth debate
    • This time the field had begun to narrow as only seven candidates qualified for the debate. According to Vox news the big winners of the debate were Pete Buttigieg and and Elizabeth Warren.
  • Michael Bloomberg officially announced his candidacy on November 24th
  • Pete Buttigieg polled closely behind Bernie Sanders and Elizabeth Warren
    • Joe Biden was still polling first

Phishing Analysis

The number of phishing emails using each candidate’s name doubled from the month before. The three highest polling candidates were very close in the number of phishing campaigns with their names attached. The number of phishing emails referencing Michael Bloomberg increased by the highest percentage (250%) likely off the news of his candidacy.

December 2019

 
  • The sixth Democratic primary debate was on December 19th
    • The news cycle surrounding it was dominated by a heated exchange between Elizabeth Warren and Pete Buttigieg concerning closed door fundraising and “wine caves

Phishing Analysis

Phishing emails utilizing presidential candidates doubled again, now becoming a noticeable percent of malicious email. For the first time Pete Buttigieg cracks the phishing top four, this may be due to the increased name recognition he gained as a result of the “wine cave” virality. Another interesting note is the drop in mentions of Bernie Sanders when it came to phishing emails. Maybe his followers were becoming wise to the spoofs or the campaign itself could have improved its DMARC settings to crack down on impersonations.

January 2020

Phishing Analysis

Phishing attacks containing “Joe Biden” nearly doubled once again (+75%). Meanwhile other candidates only increased incrementally. This is not surprising as January produced a lot of news stories about Joe Biden in relation to the impeachment hearings increasing his relevancy as a public figure. It is likely that many of the phishing emails using his name during the month of January were targeting both Biden supporters and Trump supporters with different messaging surrounding the candidate.

Overview

 

Phishing emails using the names of Democratic candidates has mostly increased over time. As the primary election nears, more people are paying attention and more people are clicking emails they think are from candidates they are considering supporting. This makes the opportunity for successful phishing attacks better every day.However, as phishing attacks rely on both name recognition and emotion, the most obvious name to use is that of the current president. Looking at the totals over the past four months of the all the Democratic candidates combined when compared to the total number of phishing utilizing President Trump’s name this point becomes even clearer.

 

Conclusion

As you conduct your research, sign up for updates, make donations, and take other participatory actions in our nation’s Democratic process, do not forget to take proper precautions to protect yourself from email based threats. All of the emails we looked at were sent to our customers (corporate email addresses) and it is reasonable to assume that the numbers may be even higher for personal accounts. Remain vigilant and trust no one.