When sent a fake phishing email by the technology website Gizmodo, more than half of 14 targeted Trump administration officials fell for clicking on the potentially dangerous link. "We sent them an email that mimicked an invitation to view a spreadsheet in Google Docs," Gizmodo writes. "The emails came from the address firstname.lastname@example.org, but the sender name each one displayed was that of someone who might plausibly email the recipient, such as a colleague, friend, or family member."
Newt Gingrich and FBI Director James Comey both cautiously replied to the emails, "apparently taking the sender's identity at face value," Gizmodo notes. Other targets of Gizmodo's test included White House Press Secretary Sean Spicer, senior adviser Stephen Miller, and Trump's cybersecurity adviser, Rudy Giuliani.
Eight different unique devices visited the site, one of them multiple times. There's no way to tell for sure if the recipients themselves did all the clicking (as opposed to, say, an IT specialist they'd forwarded it to), but seven of the connections occurred within 10 minutes of the emails being sent.
At least the recipients didn't go farther. Our testing setup — which included disclaimers for careful readers at each step — did not induce anyone to go all the way and try to hand over their credentials. [Gizmodo]
While Gizmodo began their investigation three weeks ago, their findings couldn't be more timely. Last week, approximately a million Gmail users received an email purporting to contain a link to a Google Doc that had been shared by someone the user knew. "While contact information was accessed and used by the campaign, our investigations show that no other data was exposed," a Gmail spokesperson told CNBC.
Of course, not everyone is always so lucky; emails exchanged by the Democratic National Committee and the Clinton campaign were accessed after Clinton's campaign chairman, John Podesta, fell for a similar phishing email.
"These are not theoretical risks," Gizmodo writes. Read their full investigation here.