HR Jetpack

Political Phishing

This video is premium content

Register or sign in to gain access.

Lesson:

Political Phishing

Lesson Content

Some of the biggest technology stories of 2016 were the cyberattacks on the Clinton Campaign. In one of those cases, Hillary Clinton’s Campaign Chief, John Podesta, fell victim to a phishing attack which not only compromised the campaign and the DNC, but also his entire online life. This story is essentially a lesson in “what not to do” on multiple levels of online security.

This all started because John Podesta received a phishing email. It appeared to be from Google, telling him that his account had been compromised and he should change his password immediately. He was rightly suspicious and had doubts over the authenticity of the email, so he sent it to the Clinton Campaign Helpdesk’s IT Manager. The phishing email was convincing enough that his IT person told him that the email was legitimate. Despite that failure, he followed that statement with the correct advice. He told Podesta to go through Google’s website directly to change his password and reminded Podesta to turn on Two Factor Authentication if he had not yet done so. Instead of properly following the advice, Podesta clicked on the URL he had been sent in the original email which took him to the dummy Google page, and once he entered his login details, the attackers had his credentials. Also, as you may have guessed, Podesta never enabled two factor authentication. Had he taken just that one additional step, his username and password would not have been enough for the attackers to gain entry to his email and this entire story may never have happened.

Unfortunately, this all gets worse. Because the attackers leaked tens of thousands of his work and personal email going back many years, which were now accessible to the public via Wikileaks. As the public started to read through these emails, they came across an exchange between Podesta and a colleague from May of 2015 where Podesta asked that person to send him his password to iCloud for his Apple ID. Over email, the person responded with his password, which was “Runner4567”. From May of 2015 to October 2016 when the emails surfaced online, he apparently never changed that password. Shortly after these emails became public on Wikileaks, screenshots of the email, including Podesta’s Apple ID credentials, appeared on 4chan and Reddit. So people started to try the username and password combination they saw online, and it still worked. Pranksters were able to access his iCloud and wipe his iPhone and iPad remotely. They also allegedly used the same exact password on his Twitter account and were able to access that as well, defacing it with Pro-Trump messages to publicly humiliate him and force the DNC to publicly acknowledge that his accounts had been breached.

So just to really drill down to all of the places where this story goes wrong:

On a personal level, he had a very weak password which he used on multiple accounts. He couldn’t remember this weak password, so he had someone email it to him. For more than a year, that password did not change, and even when he saw his emails had been leaked and there was a media firestorm surrounding the story, he still didn’t go in and update his passwords. Beyond the password issue, he ignored the directive from IT to enable two factor authentication.

On an organizational level, the IT support staff certainly made mistakes as well. They didn’t have sufficient protections in place, and incorrectly identified the phishing email as safe. Having said that, their advice of what to do regarding the incident was correct, and ultimately not followed by the individual. A reminder to all of us that there is only so much the organization can do to protect their employees if those employees are not adequately trained and on-board with the company’s expectations.

In many ways, this story is a worst-case scenario for what can happen with lax security measures and poor judgment in today’s world. If he had been following even some of the best practices outlined in this course, John Podesta probably would have avoided a personal and professional disaster.

Michael Wilson

Instructor:

Michael Wilson

Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training,...

Michael's Full Bio

HR Courses

Human Resources Training Programs

Self-paced HR Courses

The following HR courses are self-paced (asynchronous), and qualify for both SHRM and HRCI recertification credits. These courses are included in the HR Recertification Subscription.

Effective Disciplinary Action Policies and Procedures

Duration: 1 hr 1 min
SHRM: 1.0 PDC
HRCI: 1.0 General

Liz LaForte

Liz LaForte

RFP Process for HR

Duration: 1 hr 19 mins
SHRM: 1.25 PDC
HRCI: 1.25 General

Mark Fogel

Mark Fogel

Organizational Ethics for HR Managers

Duration: 1 hr 30 mins
SHRM: 1.5 PDC
HRCI: 1.5 General

Dawn Tedesco

Dawn Tedesco

HR as a Business Partner

Duration: 1 hr 5 min
SHRM: 1.0 PDC
HRCI: 1.0 Business

Scott Pitts

Scott Pitts

Blockchain for HR

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Michael Wilson

Michael Wilson

HR Strategic Planning

Duration: 1 hr 2 mins
SHRM: 1.0 PDC
HRCI: 1.0 Business

Hayley Buonopane

Hayley Buonopane

Employee Engagement & Retention

Duration: 1 hr 4 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

HR Metrics That Matter

Duration: 1 hr 16 mins
SHRM: 1.25 PDC
HRCI: 1.25 Business

Christina Danforth

Christina Danforth

Finance for Absolute Beginners

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Anna Samorukova

Anna Samorukova

Change Management 101

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Hayley Buonopane

Hayley Buonopane

Labor Relations

Duration: 1 hr 42 mins
SHRM: 1.50 PDC
HRCI: 1.75 General

Matthew Kerzner

Matthew Kerzner

Diversity and Inclusion

Duration: 1 hr 25 mins
SHRM: 1.25 PDC
HRCI: 1.50 General

Christina Danforth

Christina Danforth

HR Analytics

Duration: 1 hr 31 mins
SHRM: 1.50 PDC
HRCI: 1.50 Business

Christina Danforth

Christina Danforth

Performance Management: Development & Deployment

Duration: 1 hr 18 mins
SHRM: 1.25 PDC
HRCI: 1.25 General

Christina Danforth

Christina Danforth

The Role Assessments Play in Talent Management

Duration: 2 hr 5 mins
SHRM: 2.0 PDC
HRCI: 2.0 General

Craig Haas

Craig Haas

AI for HR

Duration: 1 hr 3 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Michael Wilson

Michael Wilson

Compensation 101

Duration: 1 hr 8 mins
SHRM: 1.0 PDC
HRCI: 1.25 General

Pamela Sande

Pamela Sande

Effective Leadership Communications for HR Professionals

Duration: 2 hr 30 mins
SHRM: 2.5 PDC
HRCI: 2.5 General

Christina Danforth

Christina Danforth

Recruiting Strategies to Hire the Best Candidate

Duration: 1 hr 6 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Lois Krause

Lois Krause

Cybersecurity 101 for HR Pros

Duration: 1 hr 2 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Michael Wilson

Michael Wilson

EQ Competence: Fostering a Talent Advantage that Drives Organizational Performance

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Craig Haas

Craig Haas

Thinking Lean

Duration: 1 hr 8 mins
SHRM: 1.0 PDC
HRCI: 1.25 Business

Christina Danforth

Christina Danforth

Coaching for HR Professionals

Duration: 1 hr 2 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

The Employment Cycle

Duration: 1 hr 45 mins
SHRM: 1.75 PDC
HRCI: 1.75 General

Christina Danforth

Christina Danforth

Behavioral and Situational Interviewing

Duration: 1 hr 8 mins
SHRM: 1.0 PDC
HRCI: 1.25 General

Stephanie Legatos

Stephanie Legatos

Dynamic Dialogues

Duration: 1 hr 10 mins
SHRM: 1.0 PDC
HRCI: 1.25 General

Stacey Zackin

Stacey Zackin

Employment Law 101

Duration: 3 hr 11 mins
SHRM: 3.0 PDC
HRCI: 3.25 General

Mark Addington

Mark Addington

Thrown to the Wolves: Preparing Your New Leaders to Lead the Pack

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Karen Hinds

Karen Hinds

Introduction to Organizational Development

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

Practical Meeting Preparation: Getting Ready for a Productive Meeting

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Succession Planning: Build Your Bench

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

Practices for Hiring Successfully

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

Team Development: Building Collaboration & Effectiveness

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Leading and Managing the Need for Both

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

Coaching: Guiding the Management Team

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

Being A Change Agent

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane

Hayley Buonopane

Leading a Multigenerational Team

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Karen Hinds

Karen Hinds

Multi-Generational Workforce: Problem or Competitive Advantage?

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Virtual Reality: The Future of HR

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christina Danforth

Christina Danforth

Unconscious Bias: Impact on Recruitment and Retention

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christina Danforth

Christina Danforth

Business Fundamentals for HR Pros

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich

Jack Antonich

Influence and Communications as an HR Pro

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

Value Based Decision Making for HR Pros

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

Strategic Planning to Support HR Initiatives

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Dr. Deborah Osgood

Dr. Deborah Osgood

Meet in the Middle: Best Methods for Conflict Management

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Economics for HR Professionals

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich

Jack Antonich

Business Plans: Why HR Pros Should Care

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich

Jack Antonich

Emotional Intelligence: What is it and Why Does it Matter

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Marketing/Selling Continuum (From Idea to Revenue)

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich

Jack Antonich

Diversity Equity & Inclusion The Lens We Wear

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

Welcome! What HR can Learn from the Field of Hospitality

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

Accounting and Financial Reporting for HR Pros

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich

Jack Antonich

How HR Can Establish & Influence a Culture Of Hospitality

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

Raising Capital (Who, What, When, Where, Why & How)

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich

Jack Antonich

Cultural Competence: Fostering Diversity Equity & Inclusion

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin

Stacey Zackin

DiSC Communication Styles: What are They & How They can Help You

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Effective Meeting Facilitation for HR Pros

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti

Best Practices in Providing Effective Performance Feedback

Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti

Christine Gatti