Phishing scammers weaponize ICE ragebait
U.S. Immigration and Customs Enforcement, along with CBP, have been deployed as the dominant police force by the Trump administration. Since 2025, they have kidnapped immigrants and American citizens and killed dozens of people. So when one marketing system’s customers learned that an “ICE Support” button would appear on each of their promotional emails, they were alarmed, to say the least.
A public relations employee’s instinctive terror of being associated with America’s most visible and controversial federal agency was the central point. The email seen by at least some customers of email platform Emma was a phishing scam. The hackers hoped to spark instant panic with the words: “As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will add a “Support ICE” donation button to the footer of every email sent through our platform.
It’s a tactic meant to send a rush of adrenaline to the brain, shutting down critical thinking in a mad rush to figure out what’s happening, why, and how to stop it. Next comes the hook: “Unsubscribe available”. With a big blue “Go to Settings” button, the email offered an option for Emma’s clients like the YMCA and Dogfish Head Brewery. not to show moral support for the divisive agency.
Of course, the email did not come from the Emma platform and the button did not redirect users to the Settings menu. As 404 Media reports, the Settings button sent users to a fake site meant to mimic the Emma platform and URL, hoping to steal credentials with a fake login prompt. The site is currently marked as “unsafe” by Chrome and other browsers.
The CEO of Marigold, which owns Emma, told 404 Media that this was a “very common phishing attempt.” Indeed, alarming messages playing on political tensions have become a common tactic, with some going in the opposite direction. Phishing scams claiming that email footers would support LBGTQ+ Pride and Black Lives Matter were documented earlier this year, targeting email marketing platform Sendgrid.
Just yesterday, I received a phishing message via Google Drive, playing on the same type of immediate alarm.
Michael Crider / Foundry
It’s a well-known tactic, raising concern and hopes for quick action on the part of the target, before they can think about it. Just yesterday I received a fake Google Drive notification, informing me of an “Arrears Payment Requested” document. The same approach warns you that your Windows computer has 752 viruses and requires active scanning… which somehow shows up on your iPad.
But exploiting current political tensions in the United States demonstrates an impressive sense of social engineering, even if it is just trying to exploit the fear of public relations disaster.
