Phishing – Not Hacking – Caused Leak

The recent release of so many hacked emails was a result of “spear-phishing,” a target phishing mail sent to marked individuals, 2 of whom were John Podesta, head of Hillary Clinton’s campaign & Colin Powell. Spear-phishing is an e-mail spoofing fraud attempt that targets a specific organization or person, seeking unauthorized access to confidential data.

The target gets a “security alert” from what looks like Google. “Someone has your password,” it says at the top, in a do-not-ignore-this red banner warning that someone has just tried to sign into your Google account.

The message provides realistic-looking details: the date the password was used, the IP address of the supposed culprit and a source location from which the account was accessed.

“Google stopped this sign-in attempt,” it reassures you, “but you should change your password.” Of course, there’s a button to do just that. “Change password,” the text reads, over a reassuring safety-blue background.

Most of us would click the button. That is what the 2 targets, Podesta & Powell did. It was that simple. That is why you need to be very careful on what you click within an email, even from those who you trust. Always try to look where the link takes you if you know how. Otherwise, go you the account in question directly, instead of through a link in your email. The bad guys in this situation used a shortened link (bit.ly) and forgot to make it private. Investigators could see that the Podesta link only had 2 clicks, both Podesta. It was definitely targeted.

To protect yourself from spear-phishing or phishing, try these tips. 1. Pick a strong password for your accounts and use different passwords for each account. 2. Use 2-factor authentication whenever you can. 3. Consider using security software that blocks malware in addition to blocking viruses.

The bottom line – do not trust any link in any email. Check out the link carefully before going to the website.

Sources:
How hackers broke into John Podesta, DNC Gmail accounts https://nakedsecurity.sophos.com/2016/10/25/how-hackers-broke-into-john-podesta-dnc-gmail-accounts/

How John Podesta’s Emails Were Hacked And How To Prevent It From Happening To You http://www.forbes.com/sites/kevinmurnane/2016/10/21/how-john-podestas-emails-were-hacked-and-how-to-prevent-it-from-happening-to-you/#31b71e9e5c02

John Podesta Wasn’t ‘Hacked,’ He Fell For An Email Phishing Scam http://www.dcclothesline.com/2016/10/21/john-podesta-wasnt-hacked-he-fell-for-an-email-phishing-scam/

address-of-noticegoogle_notice_phishing-325