Elon Musk vs Donald Trump feud sparks big, unbeautiful cybercrime wave
Crooks are taking advantage of the billionaires' squabble to defraud victims, run phishing campaigns and spin up dodgy memecoins.
It's not just political gossipmongers who have been enjoying the feud between President Donald Trump and his ex-First Buddy Elon Musk.
Cybercriminals have taken advantage of the publicity generated by the clash of two titanic egos to "register and weaponise" a wide range of malicious domains designed to scam, defraud and hoodwink like never before (as the Donald might say).
That's the warning from PreCrime Labs, the threat research team at BforeAI, which has identified a wide range of domains that have been used to run crypto scams, phishing campaigns, fake betting sites, impersonation schemes, and engagement farming operations that "leverage the notoriety of both figures to lure victims".
"Publicised online disputes, especially between celebrities or political figures, are repeatedly used as social engineering bait. In this case, multiple domains related to hypothetical Trump vs. Elon conflicts have surfaced, often mimicking betting platforms, fake giveaways, or crypto multipliers," PreCrime Labs wrote.
"In the case of the Donald Trump and Elon Musk feud, once Musk publicly voiced his distaste for Trump’s "big beautiful bill" on June 4, 2025, cybercriminals leapt into action, creating at least 39 new domains aimed at scamming and defrauding internet users. All of these new domains were registered in the following two days, on June 5 and 6, 2025."
Are threat actors winning bigly?
Crooks bought up a variety of top-level domains (TLDs) to use in their malicious campaigns, including 21 ".com" domains which appear more legitimate than ".xyz", ".fun" or other less reputable TLDs that have also been deployed.
These domains featured keywords tied to the feud, such as "trumpvselon", "elonvstrump", "elonprivateaccess", "trumploveselon" and "trumpmuskfeud". These were often combined with terms like "crypto", "billiondollar", "betting", "privateaccess" and "game" to push fake investment opportunities or dodgy apps and contests.
We have decided not to name the websites uncovered in the investigation, because we're a small site and we don't want to get sued.
However, we couldn't resist telling you about one domain called (and we apologise in advance) "elonsucksmydick.com", which now appears to have been taken down.
"Abusive or reputational attack domains were observed to psychologically manipulate visitors, making them support one side of the conflict, depending on the website’s agenda," the researchers added.
"Such platforms often include calls-to-action, like signing up for a movement or providing sensitive personal details, which can compromise their identity."
The bad guys were also using multi-channel attack vectors incorporating fake App Store and telegram integrations which draw victims onto trusted apps, before redirecting them to the malicious domains
Everything's computer
Threat actors are notorious for pivoting rapidly from one theme to another in response to breaking news stories - making it likely we will see more malicious domains spun up as the story takes more melodramatic twists and turns.
PreCrime Labs added: "The Elon vs. Trump feud has become a fertile ground for opportunistic threat actors, with a range of scams exploiting the names and media coverage of both figures. As public interest in these figures continues, more weaponized domains will likely be registered.
"This trend is a reminder of the importance of real-time monitoring of current events in domain threat intelligence and the need to act fast when trending news becomes a vector for cybercrime."
Do you have a story or insights to share? Get in touch and let us know.
