Win or lose, both candidates and the rest of us should remember one key lesson from the election—even IT folks can be fooled by a phishing email.
As the campaign chugged along in late October, a new batch of emails Wikileaks released on October 28 contained a major clue to how Clinton campaign chair John Podesta’s email account was hacked.
That document stated that in mid-March, Podesta received an email purporting to be from Google. “Someone has your password” was the subject line. That email claimed someone in Ukraine had attempted to access his account; Podesta was told he needed to change the password.
Even Podesta’s IT experts were fooled at first. One reason is that the link he was directed to click was a bit.ly link. Bit.ly is a service that shortens web addresses but can also obfuscate them.
Cybersecurity firm, SecureWorks, first warned of the issue in June 2016 when numerous spearphishing attacks were sent to top-level Clinton campaign officials as well as Democratic National Committee (DNC) operatives.
“Users rarely check the full URL associated with short links, so threat groups can use URL-shortening services to effectively hide malicious URLs,” the warning stated. “Threat actors can use the services’ detailed statistics about which links were clicked when, and from what location, to track the success of a spearphishing campaign.
“Specific targets include staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton’s communications, travel, campaign finances, and advising her on policy.”
According to SecureWorks, the bit.ly address used in the spammy emails could be traced back to a Russian group dubbed Fancy Bear. While Fancy Bear is best known for hacks of interest to its government, the group also leaked medical records hacks of athlete Simone Biles and others after the Rio Olympics.
It’s wise to be wary of all links in emails. That goes double for bit.ly links. One legitimate reason to use bit.ly’s service is the ability to monitor who is viewing them. As a result, researchers studying the Podesta hack can tell the malicious link in his email was clicked twice. That monitoring feature also shows hackers whether their latest spearphishing attacks work.
Bit.ly is aware of the potential abuse and tells users ways to verify the links are legit. They’ve even built in a preview function. If you copy the bit.ly link and add a “+” at the end, your browser can reveal the true destination.
Now that’s a bit of vital knowledge. Share this story with friends and family to boost their online security.