Phishing scammers weaponize ICE ragebait
US Immigration and Customs Enforcement, along with CBP, have been deployed as a dominating police force by the Trump administration. Since 2025 they’ve snatched both immigrants and US citizens and killed dozens of people. So when customers of a marketing system were told that a “Support ICE” button would appear on every one of their promotional emails, they were alarmed to say the least.
The instinctive terror of a PR worker at the thought of being associated with America’s most visible and controversial domestic federal agency was the point. The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, “As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a ‘Support ICE’ donation button to the footer of every email sent through our platform.”
This is a tactic meant to send a rush of adrenaline to the brain, shutting down critical thinking in a mad dash to figure out what’s going on, why, and how to stop it. Then comes the hook: “Opt-Out Available.” With a big blue “Go to Settings” button, the email offered Emma clients like the YMCA and Dogfish Head Brewery an option not to show moral support for the divisive agency.
Of course the email wasn’t from the Emma platform, and the button didn’t take users to the Settings menu. As 404 Media reports, the Settings button sent users to a fake site meant to mimic the Emma platform and URL, hoping to steal credentials with a phony login prompt. The site is currently marked as “Dangerous” by Chrome and other browsers.
The CEO of Marigold, which owns Emma, told 404 Media that this is a “very common phishing attempt.” Indeed, alarming messages playing on political tensions have become a common tactic, with some heading in the opposite direction. Phishing scams claiming that email footers would support LBGTQ+ Pride and Black Lives Matter have been documented earlier this year, targeting the Sendgrid email marketing platform.
Just yesterday I got a phishing message via Google Drive, playing on the same kind of immediate alarm.
Michael Crider / Foundry
It’s a known tactic, cause alarm and hope for swift action from the mark, before they can think about it. Just yesterday I received a fake Google Drive notification, informing me of an “Arrears Payment Demanded” document. The same approach warns you that your Windows machine has 752 viruses and needs an active scan…which somehow appears on your iPad.
But employing the current political tensions in the US shows an impressive amount of social engineering savvy, even if it’s only trying to tap into the fear of a public relations disaster.