Security News > 2021 > June > DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians

DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians
2021-06-02 12:54

The Department of Justice has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals-including campaign workers and the Microsoft security team-in an attempt to trick victims into providing account credentials.

The U.S. Attorney's Office for the District of Massachusetts has charged Diana Lebeau, 21, of Cranston, R.I., with "Attempted unauthorized access to a protected computer," according to a press release from the DoJ. The charge relates to a phishing campaign Lebeau allegedly mounted beginning in January 2020 against about 22 campaign staffers for an unnamed candidate for political office, as well as another political candidate-also not identified-and related associates, according to the DoJ. Assistant U.S. Attorney Seth Kosto is prosecuting the case.

The campaign came in two phases with various targets, with Lebeau allegedly using a typical phishing tactic of taking the identity of trusted associates of the victims to try to trick them into complying with the messages' request for credentials, authorities said.

The first phase of the campaign sent two sets of phishing emails.

One claimed to be from either the campaign's managers or one of the campaign's co-chairs and asked recipients to put their account credentials into an attached spreadsheet, or to click a link that connected them to a Google Form that also solicited credentials, according to the DoJ. Lebeau also allegedly targeted the candidate's spouse and other co-workers with messages that appeared to be either from Microsoft's "Security Team" or from an employee of the workplace's IT help desk.

"The emails requested that recipients provide account credentials or other information about their computers by adding it to attached spreadsheets or on a website that mimicked the appearance of the employer's legitimate website," according to the DoJ. The second phase of the campaign came two months later in March, when Lebeau allegedly sent phishing emails targeting another candidate for political office that claimed to be from the candidate's cable and internet provider.


News URL

https://threatpost.com/doj-woman-phishing-politicians/166594/