Hackers stole millions from Wisconsin Republican Party

Original Article By Scott Bauer
October 29, 2020
AP News

PHISHING ATTACK STOLE MONEY; NO DATA.

The Wisconsin Republican Party had a suspected phishing incident that couldn’t have come at a worse time. An estimated $2.3 million was stolen by cybercriminals from the party’s reelection fund after at least one staffer interacted with a phishing email, impacting operations just as the races were coming down to the wire. The FBI and local officials are investigating the incident.

There have been more than 800 attempted phishing attacks for financial gain targeting the Wisconsin Democratic Party this campaign cycle, but none has been successful, said party spokeswoman Courtney Beyer. The Wisconsin Republican Party, however, was not so lucky.

Hackers manipulated invoices from four vendors who were being paid for direct mail for Trump’s reelection efforts as well as for pro-Trump material such as hats to be handed out to supporters. Invoices and other documents were altered so when the party paid them, the money went to the hackers instead of the vendors, Republican Party Chairman Andrew Hitt.

It appears the attack began as a phishing attempt and no data appears to have been stolen, said party spokesman Alec Zimmerman. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday after it was discovered that an invoice was generated that shouldn’t have been there.

The alleged hack was discovered less than two weeks before Election Day, as Trump and Democratic rival Joe Biden made their final push to win Wisconsin and its 10 electoral votes. Trump won the state by fewer than 23,000 votes in 2016 and was planning his third visit in seven days on Friday. Biden also planned to campaign in Wisconsin on Friday. Polls have consistently shown a tight race in the state, usually with Biden ahead by single digits and within the margin of error.

REALTIME CYBER SECURITY SOLUTIONS

The most dangerous attack is used to do everything from steal money to deploy malware; more than just compromising data. Our Chief Information Security Officer, Todd Swartzman, can meet with you personally and do a gap assessment on your business to see where you could use extra protection. Learn more now about our Cyber Defense program…

RealTime IT is located in Dothan, Alabama and services the entire Wiregrass area and across the U.S.

What is Smishing?

SMishing is any type of phishing attempt that involves text messaging. As consumers, we tend to be more trusting on our cell phones, but this is very dangerous. Cyber criminals are able to mimic sms (text) messages making it look like it's from someone you know and asking you to click on a link.  If for some reason you do this, ransomware could possibly be downloaded on your device and could compromise your sensitive information like credit card, social security and account numbers. 

Almost everyone has encountered phishing scams that arrive via spam emails. Someone might claim to be from your bank or pretend like they’re from your phone company looking for personal information like passwords.

Basically, Smishing is the SMS (“SMS” stands for “short message service” and is the technical term for the text messages you receive on your phone) version of phishing scams. Instead of a spammy email, you get a text message on your smartphone.

Now, a lot of people are receiving text messages claiming to be from FedEx or other delivery serviceswith a tracking code and a link to “set delivery preferences.”

Don’t click the link!

If you tap that link on your phone, you’ll end up on a fake site (a phishing site) with a fraudulent “free reward.”

Watch our latest IT Shorts on SMishing now.