Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    The New Posterboy of CyberInsecurity: John Podesta Fell For Social Engineering Attack

    Motherboard has a great article explaining just how Podesta, Chairman of the 2016 Hillary Clinton presidential campaign got  hacked.  (Podesta previously served as Chief of Staff to President Bill Clinton and Counselor to President Barack Obama). The man fell for social engineering: a Google credentials phish -- one of the most common phishes that we see in the Phish Alert Button emails that customers send us. That article includes some great screenshots of emails used to hack several other public figures.

    The other thing of note here is that this particular phish spoofed a security alert notice from Google -- just the kind of attack that we discussed in this blog post.

    In Podesta's case the bad guys used a bit.ly link -- something else we see all the time. And the landing page for the credentials phish probably looked something like the below...

    Google Credtials Phish

    It is a textbook example of how John Podesta became a Cyber-Insecurity poster child: 
    • Using a terrible password to begin with
    • Re-using that password for multiple sites/accounts
    • Sharing the password with assistants
    • Asking an assistant to email him his password when he forgot it
    • Not turning on two-factor authentication
    • Not changing passwords after one account was known to be compromised

    Don't be that guy and train your users within an inch of their lives to "not be that guy" either...

    keepcalm.jpg

    Free Phish Alert Button

    Do your users know what to do when they receive a suspicious email?

    Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning? KnowBe4’s Phish Alert button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. KnowBe4's free Phish Alert for Outlook is an add-in you can download and deploy at no cost.

    Learn More

      

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews