In light of Ron Paul's massive fundraising day yesterday ($3.8 million raised online in a single day) one security blogger has brought up the question of phishing attacks against Web-based political fundraising. In his Threat Chaos blog Richard Stiennon asks the question,
But how many of those 35,000 donors checked the URL carefully before providing their credit card information as well as the name of their employer? Was it a phishing site they were visiting?
Richard is exactly right to be asking this question. As I have pointed out in the past, phishing attacks a great deal more than simply banks. Why are they not attacking online political parties? They probably are. And if they aren't, it's only a matter of time until they do.