recommended reading

What Happens When You Click on That Fox News ‘Trump Quits’ Video?

Republican presidential candidate Donald Trump

Republican presidential candidate Donald Trump // Wilfredo Lee/AP

Memo to people receiving a Fox News email that reports Donald Trump has bowed out of the presidential race: Spam campaign season is in full effect.

A fake March 24 article inside carries a Bill O'Reilly byline and starts off with a video captioned, "This is the ONLY video I've seen that reveals the ‘April Surprise nobody is talking about.”

Clicking on the video will not corrupt your computer, security analysts say, but the sender does want your money.

The link takes you to a 41-minute spiel by a purported economics professor, who sells financial survival guides.

Adam L. Penenberg, a journalism professor who exposed then-New Republic writer Stephen Glass as a fraud, tweeted about the faux Trump email campaign March 24.

Nextgov sent a couple of the emails he received to security researchers for analysis. 

After examining the embedded links and code, they found the messages appear to be nothing more than an online infomercial. The links do not download malware or redirect you to sites that steal information, said Johannes Ullrich, dean of research for the SANS Technology Institute. He runs the organization's Internet Storm Center, a group of volunteers that monitors malicious activity from sensors covering more than 500,000 IP addresses worldwide. 

One message from “FOX Today” arriving in inboxes (or, perhaps, spam folders) carries the subject line, "Determined to Attack America.” The story is titled, "Trump: I Warned America That This Was Going To Happen” and is accompanied by a screenshot of Trump commenting on the Belgium suicide bombings.

The link embedded in both videos leads to the website, thefinalbubble.com,” which plays a December 2015 clip of Trump warning, “Remember the word bubble, you heard it here first...” followed by a presentation from someone calling himself Charles Hayek.

There is very little information on the Web about this self-described macroeconomist, other than product pitches.

Ullrich said nothing suspect turned up when clicking on various browsers.

The Belgium terrorism email uses a domain (info@saveworldlives.com) that does not match the sender (“FOX Today”) and appears never to have existed, he said.

"I guess he uses the same fear that attracts people to Trump, which is why he is using Trump as a 'hook' to get people to watch his video/buy his books," Ullrich said in an email. 

Meanwhile, spam filters reportedly are quarantining authentic campaign messages from Trump's distant Democratic rival. A Gmail algorithm flagged Bernie Sanders' free education and low-priced drug offers as suspicious, according to the Washington Times.

Ira Winkler, president of Secure Mentem, told the newspaper the Sanders organization likely triggered Gmail’s fraud warning because the contents of the message included phrases that spammers use to try to sell prescription drugs.

"The way spam filters tend to work is you’ve got scoring," Winkler said. "And the more time trigger words are used, scoring tends to go up. When you put out a campaign message filled with fluff, it’s not unexpected." 

The case of mistaken identity happened last November and was resolved by Google, Washington Times reports.

More recently, a real March 18 Fox News article said Trump himself might have been the target of a malicious online operation. 

Activists aligning themselves with the Anonymous hacker collective claim to have leaked some of the billionaire's private information, including his Social Security number. U.S. authorities "are seeking the arrest of the people responsible for attempting to illegally hack Mr. Trump’s accounts and telephone information,” the Donald's campaign reportedly said. 

Threatwatch Alert

Network intrusion

Pizza Hut Website, Mobile App Burned by Hackers

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov