A "convincing" fake email and fake password reset page has been revealed by WikiLeaks, apparently showing how Clinton presidential campaign chairman John Podesta was tricked into revealing his Gmail password to hackers.
Despite having the extremely suspect subject line of "SOmeOne has your passwOrd’, which is something you’d imagine to be a clear giveaway as Google would never misuse capital letters in this way, Podesta’s tech support guy, Charles Delavan, assumed the email was real.
In the email thread, Delavan states "This is a legitimate email" and, despite advising two-factor authentication be switched on, and despite him providing a legit password reset page at Google, Podesta is assumed to have clicked on the Bitly link in the original fake email.
Now, it has to be said that no-one besides Podesta and Delavan can truly confirm whether this email is genuine, or not, and clearly, they’re unlikely to ever confirm anything about these emails one way or the other.
Or at least, not for many, many years, well after this election cycle is over.
But the fact is that a phishing email can still do a great job of fooling even those who are supposed to be seasoned tech people, let alone the chairpeople of major presidential campaigns in the US.
And, assuming this is precisely how hackers gained access to Podesta’s Gmail account, which apparently was the same username and password combination for his iCloud account, loose password lips can sink presidential ships.
Of course, Hillary Clinton has not yet won or lost the US presidential election, but should she lose it, this massive email leak will surely be one of the major reasons why, let alone email server scandals and all the rest of the allegedly super shady stuff the people in question are alleged to have done over decades, depending on whether you believe Internet conspiracies, or not.
Never clicking on a Bitly or other similar link is one thing to avoid, as is having the option on that lets you see the URL of anything linked online, but even then, trickery has been used to make links look legitimate through clever misspellings.
The Internet is still the wild, wild Web, and the threats have only grown ever more sophisticated.
Keep safe out there, lest one of us is next, as there but for the grace of God (and a keen eye for scammers) go us all.