Politicians are an interesting class of people when discussed in the context of social engineering. The public nature of their career not only requires them to use social engineering on a daily basis but it also opens them up to becoming victims of social engineering as well.
How Politicians Use Social Engineering
Many of the tasks that a politician is required to perform lend themselves nicely to social engineering. It would seem that, in the United States at least, a person that is an expert in social engineering techniques would have a better opportunity at becoming a successful politician than someone who is not. Many times during a politicians career he/she is forced to implement many of the basic social engineering principles.
The principles of reciprocation, obligations, concessions, authority, consensus, commitment and consistency and liking are the very essence of what a politician must strive for in order to be elected in the first place. This is what gets most politicians their jobs at first, and what sometimes leads to their demise as well.
How Social Engineers’ Use Politicians
Just like any other celebrity, the life of a politician is open to the public. This vast amount of public knowledge makes them ripe for the picking to a keen social engineer. The potential to harm a politician’s public image is enough for them to be very wary of who they trust.
During the 2016 United States Presidential Elections, Mike Pence, was the victim of a malicious social engineering attack. As reported in the IndyStar, June 1, 2016, Mr. Pence’s personal email was hacked by a scammer asking for money. The fake email claimed the Pences had been attacked while on their way back to their hotel in the Philippines. The fake email claimed that although they were not hurt, their money, bank cards and mobile phone had been stolen. Impostor scams, such as this one, were the third most-common complaint reported last year to the Federal Trade Commission.
As reported by SecureWorks in March 2016, CTU researchers identified a phishing campaign using Bitly accounts to shorten malicious URLs. The targets included email accounts linked to the November 2016 United States presidential election. Specific targets included staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC). The shortened links in the phishing emails redirected victims to a URL that spoofed a legitimate Google domain. High profile victims of this phishing campaign were John Podesta and Colin Powell.
As reported on Motherboard, on March 19, 2016, Hillary Clinton’s campaign chairman John Podesta, received an alarming email that appeared to come from Google informing him that someone had used his password to try to access his Google account. The phishing email included a link to a spoofed Google webpage informing him to change his password because his current password had been stolen. Mr. Podesta clicked the link and changed his password, or so he thought. Instead, he gave his Google password to Fancy Bear and the rest as they say is history.