As Wikileaks on Saturday released the 22nd batch of emails hacked from the account of a top aide to Hillary Clinton, the emails show that it wasn't just John Podesta who was duped by a phishing email, but also those who worked in the Clinton campaign on IT did not immediately realize it was an effort to get Podesta's password.
In a new message out this weekend, another Clinton staffer confidently says she's ready to help Podesta:
Two other staffers had already assessed the phishing email incorrectly, thinking it was a legitimate warning from Google, that someone from Ukraine had tried to crack his email account.
"The gmail one is REAL," wrote one staffer in an email released on Friday, which showed the underlying phishing attack for the first time.
One internet threat expert who contacted me on Friday said he was not surprised that the Clinton team had fallen for this phishing email.
"I look at a lot of these and the people who create these messages are very good at making something that is deceptive," the expert told me.
"Most people don't hover their mouse over a link like that to see where it would lead to before clicking," I was told.
Also of note, the lengthy bit.ly code that was used as a link at the bottom of the phishing email - that would take Podesta not to Google - but another site, where the hackers could then get his password.
Part of that code uses what is known as the "Base64" format - you can put a string of text in like, "email@example.com," and it spits back a certain code.
In this case - "am9obi5wb2R1c3RhQGdtYW1sLmNvbQ" - and you can see that clearly in the above string.
Wikileaks has not yet released the original phishing email, but a forwarded version was seen for the first time on Friday:
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.