As America counts down to the November 3 elections, things are tense for political campaigns. There's a lot of money flying around and the online criminals have sensed blood in the water.
The Republican Party of Wisconsin, a key battleground state which President Trump won in 2016 by less than 1 per cent, has admitted that it lost $2.3m earlier this month to business email deception - where phishing emails harvest credentials and use these to submit fake or altered invoices for services (not) rendered.
The issue was first spotted on the evening of October 23, the state GOP said, and the FBI were called in the next morning. It appears that the criminals were able to doctor invoices that came from regular vendors and divert millions to other accounts. Efforts to recover the money are already underway.
"Cybercriminals, using a sophisticated phishing attack, stole funds intended for the re-election of President Trump, altered invoices and committed wire fraud," said the Badger State's GOP Chairman Andrew Hitt.
"These criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime. While a large sum of money was stolen, our operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3.”
Given the vast sums of money pumped into American elections, and the febrile atmosphere of the current campaigning, it's not entirely surprising that political organizations might not take the time to check the correctness of their invoices. The election could mean a big payday for crims unless processes are tightened up. ®