The New Posterboy of CyberInsecurity: John Podesta Fell For Social Engineering Attack 10/24/16
Motherboard has a great article explaining just how Podesta, Chairman of the 2016 Hillary Clinton presidential campaign got hacked. The man fell for social engineering: a Google credentials phish — one of the most common phishes .
The other thing of note here is that this particular phish spoofed a security alert notice from Google .
In Podesta’s case the bad guys used a bit.ly link , which is very common. And the landing page for the credentials phish probably looked something like the one below…
It is a textbook example of how John Podesta became a Cyber-Insecurity poster child:
- Using a terrible password to begin with
- Re-using that password for multiple sites/accounts
- Sharing the password with assistants
- Asking an assistant to email him his password when he forgot it
- Not turning on two step verification
- Not changing passwords after one account was known to be compromised
(Taken from KnowBe4)