Photo: Andrew Caballero-Reynolds/AFP/Getty Images

Democratic Sen. Jeanne Shaheen's team has sent out three fake spearphishing email campaigns to staffers over the last 18 months to test whether they’d fall for real hacking, her chief of staff, Maura Keefe, tells Axios. The result? Several fell for it.

Why it matters: Every political operation in the country is grappling with the reality that hackers may target them — that is, if they haven’t been infiltrated already.

The context: Keefe's effort is just one indicator of the cybersecurity culture shift starting to happen on the Hill:

  • They sent one email campaign prompting staff to open an attachment from an address imitating Keefe’s Senate email with a slight typo.
  • Another mimicked the legitimate attack last year that hit McCaskill’s team.
  • Another asked staff to change their Facebook passwords.
  • Those who got caught had to retake a cyber training course.

The impact: Fewer staffers clicked the phishing links with each new campaign, from five or six on the first, to just one. "It works," Keefe said. "It’s become a little bit of a point of pride for the staff to be on top of it."

The big picture: This is about playing catch-up on cybersecurity. "I was not hyper-aware and I don't think many people were" before the 2016 elections about cybersecurity, said Keefe. She added she didn't think Sen. Shaheen's previous campaign even had a line item in the budget for it. "It's definitely been an awakening," she said.

  • What’s next: Keefe, who chairs the Democratic chiefs of staff group, intends to discuss cybersecurity budgeting for the campaign cycle with other chiefs of staff.
  • Campaigns generally are nowhere near where Sen. Shaheen's office is — and she's not up for reelection until 2020. One-third of House candidates have vulnerable websites right now, according to a study released this month, and campaigns are often too strapped for cash to afford cybersecurity expertise.
  • The DNC has been sending spearphishing training emails to staffers as well, a Democratic source tells Axios.

The bottom line: The nature of political operations — from Iowa presidential strivers to the halls of the Senate — is changing. It's no longer just about policy and messaging, but also running cybertraining bootcamps to outsmart adversaries. And politicians can train their teams all they want, but each office is only as secure as its weakest, most distracted, careless clicker.

Go deeper:

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 9:30 p.m. ET: 30,918,269 — Total deaths: 959,059— Total recoveries: 21,152,312Map.
  2. U.S.: Total confirmed cases as of 9:30p.m. ET: 6,799,044 — Total deaths: 199,474 — Total recoveries: 2,590,671 — Total tests: 95,108,559Map.
  3. Politics: Testing czar on Trump's CDC contradictions: "Everybody is right" Ex-FDA chief: Career scientists won't be "easily cowed" by political vaccine pressure.
  4. Education: What we overlooked in the switch to remote learning.
  5. Health: The dwindling chances of eliminating COVID-19 — 7 states set single-day coronavirus case records last week.
  6. World: England sets £10,000 fine for breaking self-isolation rules — The countries painting their pandemic recoveries green.

Arrest over letter to Trump containing poison ricin

President Trump returning to the White House from Minnesota on Sept. 18. Photo: Win McNamee/Getty Images

A suspect was arrested for allegedly "sending a suspicious letter" after law enforcement agents intercepted an envelope addressed to President Trump containing the poison ricin, the FBI confirmed in an emailed statement to Axios Sunday.

Details: The suspect, a woman, was arrested while trying to enter New York from Canada, law enforcement forces said.

Trump campaign goes all in on Pennsylvania

Trump poster in Scranton, Pennsylvania. Photo: Robert Nickelsberg/Getty Images

The president's campaign is placing more importance on Pennsylvania amid growing concern that his chances of clinching Wisconsin are slipping, Trump campaign sources tell Axios.

Driving the news: Pennsylvania, which has 20 electoral votes, twice Wisconsin's number, actually has been trending higher in recent public and internal polling, a welcome development for the campaign.