The news today thinks it knows how John Podesta, Hillary Clinton’s campaign chairperson, got badly hacked.
John gets an email. It’s allegedly from
firstname.lastname@example.org. It tells him that “someone” from the Ukraine tried to login to his Gmail account, and he should change his password.
John’s IT person inexplicably says the email is legit and that he should change his password immediately. John apparently clicks the provided link and gives his Gmail password away.
Red flags that the email is not legit:
- The subject is *Sоmeоne has your passwоrd*. Hmm… odd phrasing. Odd-looking o‘s.
- The change password link is to a bitly.com address. (Don’t go there.)
Do not click links in emails. Especially do not click links in odd emails or on links behind link shortening services.
I don’t really blame Mr. Podesta. We expect too much of users regarding computer security. But still. This is avoidable.