Diana Lebeau Sentenced in Political Phishing Scheme

Diana Lebeau, 21, of Cranston, R.I., is facing federal consequences after being sentenced for a calculated phishing scheme aimed at political figures and their inner circles. On Tuesday in Boston, U.S. District Court Magistrate Judge Jennifer C. Boal handed down a sentence of two years’ probation and ordered the forfeiture of computer equipment used in the cyber attacks. Lebeau admitted to attempting unauthorized access to protected computers—a charge she pleaded guilty to on July 27, 2021.

The scheme began as early as January 2020, when Lebeau unleashed a wave of deceptive emails targeting approximately 22 members of a political campaign’s staff. Posing as high-ranking campaign officials, the emails instructed recipients to enter their login credentials into an attached spreadsheet or a fake Google Form. The ruse was polished—mimicking internal communications with alarming accuracy—and designed to breach campaign systems under the guise of routine digital maintenance.

But Lebeau didn’t stop at the campaign staff. She expanded her reach to the candidate’s spouse and employees at the spouse’s workplace. In those messages, she impersonated Microsoft’s “Security Team” and internal IT helpdesk staff, urging recipients to submit sensitive account data through fraudulent links or spreadsheets. The fake login pages mirrored legitimate corporate sites, blurring the line between authenticity and deception.

In March 2020, Lebeau pivoted to another target: a second political candidate. This time, she crafted emails that appeared to originate from the candidate’s cable and internet provider, complete with a bogus login link that promised resolution to a supposed account issue. She didn’t just send emails—she went further, impersonating the candidate in live online chats with the provider in an attempt to reset and seize control of the account password.

Despite the brazen nature of the attacks, federal prosecutors confirmed Lebeau did not act out of financial gain, political allegiance, or foreign influence. No data was confirmed as successfully harvested, and no financial losses were reported. Still, the intent was clear: infiltrate, exploit, and compromise. Acting U.S. Attorney Nathaniel R. Mendell and FBI Boston Special Agent in Charge Joseph R. Bonavolonta emphasized that any attempt to breach political infrastructure is treated as a serious federal offense.

The case was prosecuted by Assistant U.S. Attorney Seth B. Kosto, Deputy Chief of the Securities, Financial & Cyber Fraud Unit. With two years of probation and seized equipment, Lebeau’s punishment reflects the judiciary’s stance on cyber intrusions—especially those aimed at democratic processes. The FBI continues to warn political campaigns and public figures to remain vigilant against increasingly sophisticated phishing tactics.