THREAT ALERT

Scammers Impersonating Emails to Steal Money

At Defending Digital Campaigns (DDC), we speak with people across U.S. politics —from campaigns and national committees to state parties — about cybersecurity and their concerns. In recent discussions, a disturbing trend has emerged: scammers are impersonating emails in attempts to steal money.

We’ve heard from several state and county party officials that emails appearing to come from the Chair, Executive Director, or other leadership figures were spoofed (impersonated) and used to send scam messages to staff, volunteers, and others. These emails all included the same urgent request: to purchase and electronically send gift cards to cover an “immediate” expense.

As the redacted thread below (used with permission) shows, some recipients initially responded, and the scammers engaged quickly and convincingly. Fortunately, no gift cards were ultimately purchased.

As you’ll see, spoofed emails can appear legitimate — either because they originate from hacked accounts or because they closely mimic real ones.

While this particular incident happened to a state party, it’s a classic and highly effective scam technique used to target a wide range of individuals and organizations.

Here’s the exchange:


Scammer initial email spoofing executive’s email:

Mar 28, 2025,  xxxxxxxxxxxxxxxxxxxxxxx  wrote:

 Hello XXX,

Do you have a minute to exchange emails? I’m in a meeting right now Unfortunately, I won’t be available for calls right now. I would appreciate your help with procuring several gift cards. There are some individuals here at the meeting I’m presenting them to. Please let me know if you can help with this. I’ll provide you with the specifics regarding the type of gift cards and denominations.


Staff responded:

Mar 28, 2025, xxxxxxxxxxxxxxxxxx  wrote:

Just got your email. I’m not sure how to go about getting gift cards. Can I do it online or do I need to go somewhere and get physical cards?


Scammer responded:

Mar 28, 2025, xxxxxxxxxxxxxxx  wrote:

Get in-store physical gift cards. Please purchase eight (8) eBay gift cards, each with a $100 denomination. Once you have them, kindly scratch off the protective covering on the back, take clear images of each card, and email them to me.

I will handle the necessary details and forward them to the recipients accordingly. Also, please keep the purchase receipts for reimbursement. Thank you for your attention to this matter.


Staff Responded:

Mar 28, 2025, xxxxxxxxxxxxxx wrote:

Do you need these right now?


Scammer responded:

Mar 28, 2025, xxxxxxxxxx  wrote:

Yes, need to send them out to the recipients in less than an hour.


Staff responded

Mar 28, 2025, xxxxxxxxxxxx  wrote:

Sorry, xxxxxxx, I can’t do this in this time frame. You will just have to handle this on your own later. And don’t forget, we don’t have enough $ in our account for that.


Scammer makes one last effort

Mar 28, 2025, xxxxxxxxxx wrote:

 What time is feasible for you to do this? 

These are not official expenses but rather personal expenses. Once you're done, I'll have you reimbursed. I'm unable to handle this on my end due to a technical issue with my payment method  that I'm trying to resolve.

/end thread


As you can see, the scammer was quite persistent, and the staff member genuinely believed they were communicating with someone in leadership. Scammers often exploit known and trusted relationships, combined with a classic tactic: creating a sense of urgency — “I need this now, it can’t wait.”

How does this happen?

It’s quite common for political organizations, like state parties, to have significant amounts of staff and leadership information — such as names and email addresses— easily accessible on their websites. Additionally, personal information can be harvested through other means, making it easier for scammers to craft convincing messages.

Last October, we published a blog  highlighting research from VoterGuard that discovered the magnitude of this problem. Andrew Schoka of VoterGuard stated:

“66,000 accounts linked to political organizations were publicly discoverable through vectors like misconfigured web pages or unsecured file-sharing tools.”

How to address the problem:

These kinds of scams are some of the most common. They can easily be defeated with awareness and a few upgrades in security:

  • Prevent impersonation and spoofing by implementing DMARC. DMARC authenticates the sources of email from your state party like examplestateparty.org or .com. It also improves deliverability. 

  • Implement strong multifactor authentication organizationwide. That means using passkeys on organization and personal accounts on Google and Microsoft.

  • Alert all of your staff if a scam happens in your campaign, committee or party. 

  • Make it a cast in stone policy that the team understands that they will never receive a request for gift cards.

  • Have a process in place that any expenditure or requests for funds should be verified via a means other than email like sending a text to the requestor or going old school and calling directly.

  • Review what email addresses are publicly available on your websites. Consider using an info email or setting up a secondary email account for a Chair, Vice Chair, and Executive Director that are used only for public facing work and never published.

  • In any organization, many documents with contact information get shared and reshared. Understand how to configure, adjust, or retract sharing. Here’s how to configure document sharing in Google https://support.google.com/docs/answer/2494893?hl=en&co=GENIE.Platform%3DDesktop

  • Train and make your team aware of these kinds of attempts and the prevalence of phishing generally, and to set their suspicion meters to extremely high for incoming communications.

Encourage your team to sign up for the DDC newsletter to stay informed about good cybersecurity and the latest threats https://defendcampaigns.org/contact-us.