Planning to donate money online to a candidate during the 2008 United States presidential election? Before you click the "donate" button, make sure the site you visit is not a fake.

Online presidential campaign Web sites could be the next breeding ground for phishing scams and other fraud, according to Craig Spiezle, directorof Security & Safety Product Management at Microsoft.

Spiezle and others presented information about the possibility of widespread political phishing at the Anti-Phishing Working Group's general meeting andeCrime Researchers Summit. Spiezle provided examples of spoofed and forged e-mail messages purporting to come from leading presidential candidates campaigns and U.S. government agencies, including the IRS. The e-mail messages attempt to drive people to phishing sites that are designed to steal credit card data and load malicious software onto unprotected computers.

In a panel discussion at the summit, Christopher Soghoian and Markus Jakobsson warned that "Campaigns encourage risky behavior by teaching users that it is okay to click the 'donate' button on an unsolicited e-mail that arrives from a candidate." For more information, see their white paper The Threat of Political Phishing.

To help prevent phishing scams, you should use caution when you click links in e-mail messages