Cybercrooks using ICE as cover to steal information in phishing campaign
Companies hurrying to disable ICE-supporting messages might fall into a phishing trap.
Getting emails containing weird links is no longer surprising, as we've all heard stories about phishing attacks.
But this well-known tactic now has a new twist: attackers are targeting software companies through email marketing services.
This phishing campaign works by first informing these clients that their automated emails will include an active donation button labeled “Support ICE.”
The message also notes that customers can opt out by logging in to their accounts and disabling the setting.
However, this way, the users then reveal their account username and password.
Among the companies targeted by the phishing campaign are Yale University, Texas A&M University, Orange Theory, the Cystic Fibrosis Foundation, Dogfish Head Brewery, the YMCA, and more. It is sent via Emma, an email marketing platform.
The email sent by Emma states:
“As part of our commitment to supporting US Immigration and Customs Enforcement (ICE), we will be adding a ‘Support ICE’ donation button to the footer of every email sent through our platform.”
“This button will appear automatically in all outgoing emails starting next week,” adds the message.
The email ends with the option to disable the setting, which many would choose, given people’s mistrust of ICE.
Lisa Mayr, CEO of Marigold, a brand under which Emma operates, also confirmed the email was a fake, reports 404Media.
Check if your data has been leaked
The company isn’t the first to have been targeted by such a phishing attack. The same tactic was used at the beginning of 2026, as noted by Fred Benenson. The programmer shared that he has been receiving phishing emails from another email delivery company, Sendgrid.
The emails that were supposed to be from Emma were sent via Survey Monkey. When users clicked the “Settings” button to disable the feature, they were actually directed to a site designed to steal information.
What makes this phishing attack so clever is that it plays on people’s views and reactions, prompting them to quickly take action without stopping to think that it might put them in danger.
Unlock more exclusive Cybernews content on YouTube.
