Threat actors likely to exploit U.S. tariff confusion

Staying ahead of cyber threats means thinking like a threat actor. And right now, one of the most fertile grounds for phishing and social engineering campaigns is the confusion surrounding recent U.S. tariff announcements.

The evolving landscape of international trade policy, particularly heightened tariffs on Chinese goods and ongoing disputes with other countries, creates both uncertainty and urgency—ideal conditions for phishing to thrive. But for threat actors, it’s not just a news story. It’s a golden opportunity.

The perfect cover: Tariffs as phishing bait

Threat actors are opportunists. They watch global headlines for moments of tension and confusion they can weaponize. The on again, off again U.S. tariffs provide just that. Given the complexity of the situation, the potential phishing angles are only limited by the threat actor’s imagination, but would likely include:

• Fake customs notifications: Attackers can pose as logistics companies or customs agencies, telling victims they need to pay a new tariff before releasing the package.
• B2B trade scams: Public records make it easy to identify companies that import or export goods. These firms could be targeted with spear phishing emails warning of regulatory changes or new requirements, with malicious attachments disguised as revised forms or invoices.
• Fake government notices: Well-crafted emails claiming to come from the U.S. Department of Commerce or U.S. Customs and Border Protection could easily trick employees into clicking malicious links or offering up login credentials.
• Vendor impersonation scams: Cybercriminals might pretend to be overseas suppliers requesting urgent action, such as wire transfers or credential data, to comply with new tariff rules.

These scenarios are especially potent right now because they blend legitimate concerns with tight deadlines and regulatory language—exactly the kind of psychological levers that phishing thrives on.

The recent E-ZPass phishing campaign shows how effective a lure can be with just urgency and realism. Victims received texts about unpaid tolls, linking to a fake payment site. Applying that same tactic to something more complex, like international tariffs, generates confusion in addition to urgency and realism. That extra layer makes tariff-themed phishing campaigns even more dangerous, especially when recipients aren’t sure what’s legitimate.

Geopolitics and malicious cyber activity

This isn’t a new tactic. Threat actors have long exploited complex geopolitical issues to add urgency and legitimacy to phishing schemes:

• COVID-19 and vaccine distribution: Cybercriminals impersonated health agencies and vaccine suppliers during the height of the pandemic, targeting both individuals and organizations with fake appointment links, malicious attachments, and phony registration forms.
• Russia-Ukraine war: Threat actors launched phishing campaigns disguised as humanitarian appeals, donation requests, or official sanctions notifications—some even mimicking NATO and EU communications.
• Brexit-related scams: Leading up to and following the UK’s withdrawal from the EU, scammers leveraged the confusion around travel, trade, and taxes to trick victims into providing personal and financial information.

Each of these cases involve leveraging a high-stake, high-confusion event to craft convincing lures.

How to counter any new phishing campaign

When geopolitics shifts, so do the tactics of cyber threat actors, and so must network defenders and users. To counter attacks that leverage geopolitical affairs, network defenders should think from the adversary’s perspective. Ask yourself:

• What current events could create confusion?
• Who is most likely to be affected?
• What type of message would they expect to receive?

As global events shift, phishing tactics will too. Staying ahead means anticipating, not just detecting, threats. By understanding how cybercriminals exploit confusion and crafting defenses with the attacker’s mindset in mind, organizations can turn awareness into resilience.

In additional to cybersecurity solutions, such as Field Effect MDR, that mitigate risks posed by phishing activities, Field Effect recommends that network defenders:

• Ensure users, especially those in logistics, finance, and procurement, are aware of potential phishing tactics related to tariffs and trade.
• Encourage employees who receive tariff-related emails to report them. Field Effect users are encouraged to submit suspicious emails to Field Effect’s Suspicious Email Analysis Service (SEAS) to ensure they are benign before clicking links or opening an attachment.
• Monitor trade policy updates not just for compliance reasons, but to anticipate potential threat vectors.

If you have any questions or comments regarding this analysis, please contact us.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.

Sign up