Like him or loathe him Donald Trump is one of the main news stories at the moment . He also seems to be generating interest from spammers as well. We at AdaptiveMobile released a blog last year about Pokemon Go Spam that displayed how spammers will capitalize on any issue that captures the public attention, by sending related spam. Prior to the inauguration on the 20th of January we examined traffic to see is there any President-elect Trump related spam. Over the last few months we’ve seen President-Elect Trump’s popularity is being capitalised on by spammers, who are sending spam SMS from VoIP operators that use the Trump name or brand.
Campaign 1: President Trump Loans
The main and largest Trump related Spam campaign we saw over the last 2 months was sent via aggressive SMS to subscribers in relation to online loans. This is a long running Spam campaign that has only in the last few months incorporated a claimed Trump vouch of approval. You can see some sample messages in the image below :
The URL embedded in the SMS redirects to an aggressive loans website shown below. Note there is no mention of Trump on the website, indicating that the attack is not actually built around the Trump 'brand', but its only the text message that uses it (so far).
In one of our North American mobile network customer’s, we could see that this loan campaign targeted all 50 states and Washington DC. There were over 60,000 messages sent from VOIP operators, where each message mentioned President-elect Trump. While these attacks were blocked, to see if there was any patterns to those who were targeted, we calculated how many people per state were targeted by a spam message from this Spam campaign. To calculate this we divided the population of the state by the total messages targeted to the given state. Note: the destination state was determined by the area-code of the attempted recipient of the spam
The distribution of the campaign in the US can be seen below:
The more red a state is, the more spam per person it was targeted with. It is interesting that the campaign is most concentrated in states that voted Republican in the 2016 Presidential election, with 9 out of the top ten targeted states voting Republican (the outlier being Washington DC). However it can be difficult to come to a conclusion as to why these Republican states were targeted more per person than other states, it might be due to chance, income levels per state, the fact that President-elect Trump won more states or maybe due to a list of recipients the spammers had available to them.
Campaign 2: Make Money Quick Trump
The above was not the only spam campaign to try to profit using the Trump brand. In the last week between the 10th and 11th of January we saw another spam campaign that also used the Trump name. This spam campaign is also from a VoIP operator and is for a make money quick scheme. You can see a message below. All messages had nearly identical message content:
The URL embedded in the SMS redirects to a link like: xxxxx-moneyxxx.com. Once you land on this URL a video starts that entices the viewer to work from home and earn money by “barely” working. Again there is no mention of Trump in the video, showing that the spammers were simply reusing the Trump brand for an existing spam campaign.
This make money quick scheme campaign again targeted all 50 states and Washington DC. In a 2 day period there was over 30,000 messages that reference President-elect, sent from VoIP operators. To examine the information further we again calculated how many people per state received a spam message related to this Spam campaign.
The results of this campaign were more evenly spread across the states as you can see from the below map. Again in this case the more red a state is, the more spam per person it was targeted with.
This time the top states with the low messages per population statistic voted both Republican and Democrat, it remains to be seen if this trend continues over time.
So what can we conclude from this? , well first, we are seeing an increase in the amount of Trump related spam, and the trend of popular issue related Spam campaigns continues. These phenomenon is not exclusive to President-elect Trump btw, in the past we encountered Obamacare spam, such as the following:
Obama Care open enrollment starts TODAY, November 1st. Pick your plan here if you haven't or if you want to change/upgrade/downgrade [url=http://goo.gl/0XXXXX]http://goo.gl/0XXXXX[/url]
Although that was targeted more at the Affordable Health Act, rather than using the President Obama ‘brand’ itself.
Of the two campaigns examined we do not have enough evidence to conclude that the first campaign (the Loan spam) was indeed targeted to states by political orientation, but previously we have seen attacks targeted by the presence of small regional banks, income levels, and even number of unattached males so it may well be the reason, or at least one reason of many. Certainly, this Loan spam campaign varies from the 2nd campaign covered - the make money quick scheme - which was interesting as it was evenly distributed throughout the states and showed how we expect campaigns to be distributed. Overall, it seems likely that the more the new President remains in the news, the more likely that spammers will continue to try to cash in on his "brand". As a result its likely that more people in the future will be receiving attacks on their cell phones, purporting to come from, or be recommended by, President-elect Trump.