Diana Lebeau Sentenced in Political Phishing Scheme

Diana Lebeau, 21, of Cranston, R.I., was sentenced yesterday in federal court for a brazen phishing scheme targeting political candidates and their inner circles. Lebeau pleaded guilty to one count of attempted unauthorized access to a protected computer, admitting to a string of cyber attacks designed to steal sensitive login credentials from campaign staff and family members of high-profile candidates.

On July 27, 2021, Lebeau entered her guilty plea. Yesterday, U.S. District Court Magistrate Judge Jennifer C. Boal handed down a sentence of two years’ probation and ordered the forfeiture of all computer equipment used in the commission of the crimes. No financial or political motive was cited, and prosecutors confirmed she did not act on behalf of any foreign entity.

The scheme unfolded in January 2020, when Lebeau sent phishing emails to approximately 22 members of a political campaign’s staff. Posing as senior campaign managers or co-chairs, she lured recipients into entering their usernames and passwords into fake spreadsheets or Google Forms that mimicked official communications. The deception was precise, crafted to exploit trust and urgency.

Lebeau didn’t stop there. She expanded her reach to the candidate’s spouse and employees at the spouse’s workplace. In these emails, she impersonated Microsoft’s “Security Team” or an internal IT helpdesk technician, directing recipients to compromised links or attachments that mirrored legitimate company portals. The goal: harvest login information under false pretenses.

In March 2020, she shifted focus to another candidate, crafting phishing emails that appeared to come from the individual’s cable and internet provider. The messages contained fake login links prompting the recipient to “resolve account issues” by submitting credentials. Lebeau also impersonated the candidate in live online chats with the provider’s support team, attempting to reset and seize control of the account.

Acting United States Attorney Nathaniel R. Mendell and Joseph R. Bonavolonta, Special Agent in Charge of the FBI’s Boston Division, announced the sentencing. Assistant U.S. Attorney Seth B. Kosto, Deputy Chief of Mendell’s Securities, Financial & Cyber Fraud Unit, prosecuted the case, underscoring the federal crackdown on digital impersonation and cyber intrusion, even when motives aren’t financial.

RELATED: Diana Lebeau Sentenced in Political Phishing Scheme