A Typo Led To Podesta's Email Hack, Says Report (thehill.com) 274
tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.
Article disagreement (Score:5, Insightful)
Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"
If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?
Re: (Score:2, Interesting)
Who talks like that anyway? I would say something like "this is a scam, don't listen" or "this is fake"
Re: Article disagreement (Score:4, Interesting)
Re: (Score:2, Troll)
Re: Article disagreement (Score:5, Informative)
Wow, Democrats keep using that word 'transparent' - I do not think it means what you think it does.
'Transparent' does not mean - take years to respond to FOIA requests.
'Transparent' does not mean - turning over hand-picked work emails two years after leaving office.
'Transparent' does not mean - anything embarrassing can be kept private due to 'executive privlege.'
'Transparent' does not mean - crying like a stuck pig because your embarrassing emails were made public against your will.
Re: (Score:3)
You can get someone's tax returns through FOIA requests now? I didn't know that.
Re: Article disagreement (Score:5, Interesting)
They leaked some old ones, actually: http://www.nytimes.com/2016/10/02/us/politics/donald-trump-taxes.html?_r=0 [nytimes.com]
As for this story, it makes no sense. The email in question is here [wikileaks.org] and for some reason, I was unable to find any links to it in either article. As an aside, why do media outlets fail so badly at citing sources like this? It should be utterly basic journalism, but the major papers routinely fail to do this very basic step and wonder why bloggers eat their lunch... This was first reported many weeks ago, they're severely behind the times on this. I mean, you know it's bad when you're scooped by Slashdot commenters.... sheesh!
Back on topic, the relevant part of the response to the spear phishing email says this:
It's definitely an illegitimate email, but there's more wrong with the statement above than just typing "a legitimate email" instead "an illegitimate email." Being illegitimate means they DON'T yet have his password, so there would be no reason to change it and no good reason to advise that! Two-factor authentication, however, is very reasonable.
We know from the stats on the bit.ly link to the phishing page [bitly.com] that Podesta didn't follow his instructions to go to https://myaccount.google.com/security [google.com] though, and it's true that we can't hold Charles Delavan responsible for that part.
Re: (Score:2)
Who talks like that anyway?
Lawyers. If you are paid to obfuscate, it eventually becomes second nature, and you fail to communicate clearly even to your friends and family.
Damn autocorrect! (Score:3)
General pactice when someoe is being tageted is t asume other attaks fromm other vectors are in pogress som of which may be crack-basd.
I can titaly see this happening what wit today's autocorect, IT people not bein traned in gramar and always rushin, an the godamn suck ass chiclet keybords in us today.
Re:Article disagreement (Score:5, Funny)
Yup. This is just CYA bullshit designed to make them look less incompetent. We're all made typos, right?
It coudl happent o anyone!
Re:Article disagreement (Score:4, Funny)
We're all made typos, right?
Don't you mean "we've"?
Re: (Score:2)
Re:Article disagreement (Score:5, Insightful)
Of course the other big woosh in this is the excuse. We have all made mistakes but I never remember adding extras letters and reversing the definition. Of course normal response in IT circles when phishing email is questioned, is fuck no, do not touch it, I will be right there to check it, this because phishing attacks are normally picked up by filters and any suspect ones that get through become an immediate concern because they represent a greater threat. Of course if you set up your insecure email server in a bathroom with intend to destroy all records if you do not have time to edit out the ones you do not want, meh who gives a fuck, arrogant criminals in government who can completely distort the application of justice as far as their criminally corrupt arse is concerned, well, security that a problems for the plebs. You just know some extremely bad file attachments will leaked out and that's what all the real fuss is about, you could imagine splashed all over Russian media and they after some time censored versions on grudgingly put on western media. When they start to arrogantly ignoring network security, they always go nuts become idiots and starting pushing the limits, no matter where they work government or private, right up until they are brought crashing down to earth. Nobody tolerates fuck ups in the end and they readily toss them out as sacrifices to the appearance of justice.
Re: (Score:2)
We're all made typos, right?
Don't you mean "we've"?
WEAVE! Duh!
Fucking apostrophes....
...
:-D
..
.
Re:Article disagreement (Score:4, Funny)
Re: (Score:2)
Re:Article disagreement (Score:5, Insightful)
This is just CYA bullshit designed to make them look less incompetent.
I am confused. Up till now, I thought they were the victims of sophisticated Russian ex-KGB agents using quantum cryptanalysis. But it turns out they fell for a common phishing scam written by some script kiddie. How does this make them look less incompetent?
Re: Article disagreement (Score:4, Interesting)
Podesta used G-fucking-mail... HRC used a homebrew server for convienience... The DNC ran an UN patched Exchange server on Windows... I believe these are textbook definitions for incompetence!
Re: (Score:2)
Podesta used G-fucking-mail...
What's wrong with Gmail?
HRC used a homebrew server for convienience...
That may have been illegal, but I don't see how it demonstrates technical incompetence. Since there is no evidence it was hacked, I would say it demonstrates the opposite.
Re: (Score:3)
Re: (Score:2)
Podesta used G-fucking-mail...
What's wrong with Gmail?
If you are on Slashdot and don't know the answer to what is wrong with using gmail to send and receive private and confidential email, then I hope you get replaced by an H1B.
I expect you'll be banning foreign-looking people soon anyway so don't worry.
Re: (Score:2)
I believe you lack tremendous amounts of knowledge.
Everyone lacks a tremendous amount of knowledge. (Yes even slashdot denizens, contrary to the evidence).
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
This is the unfortunate reality of phishing and malware. The attack doesn't have to be very good, just persistent. Eventually someone will screw up, click the wrong thing, typo the response, and the bad guys are in.
Time to hack = number of people in organization / quality of security
Since "quality of security" can never be infinite, it's always just a matter of time.
Re: (Score:2)
Re: (Score:2)
Re:Article disagreement (Score:4, Insightful)
Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"
If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?
Depends on the layer of his mind where the mistake was made. If it is above the abstraction layer of the grammar processing for emitting the typo, he would emit a grammatical but erroneous-in-multiple-words statement.
Re: (Score:2)
Re: (Score:2, Insightful)
Legitimate or not, the huge thing that everyone should know is [b]never[/b] to use an email to log into an account.
Re: (Score:2)
the huge thing that everyone should know is never to use an email to log into an account.
Technology is failing if it falls on individuals to remember rules like this. They won't. Instead, services like Gmail, Yahoo, etc. should detect when emails contain fake links to login pages for email accounts or financial institutions, and warn the user that they are about to do something dumb.
Re: (Score:2)
Before pointing out the big obvious problem with that idea, I'll pause for a moment so that you can go check the links in some of your legitimate email. After you've had a bit of time to sob quietly, if you are again feeling brave, check the relay paths and senders of some of that crap.
Oh, and also some of us run our own mail services, but we generally know better than to click links in emails.
Re: (Score:2)
Technology is failing if it falls on individuals to remember rules like this. They won't. Instead, services like Gmail, Yahoo, etc. should detect when emails contain fake links to login pages for email accounts or financial institutions, and warn the user that they are about to do something dumb.
Agreed, they should -- but even then it won't be sufficient, since the clever scammers will constantly be putting up new fake pages that Gmail/Yahoo/etc won't necessarily be able to detect. Gmail/Yahoo/etc can only do so much to protect users, short of a wholesale replacement of email with a more secure communications mechanism.
I think if there is one silver lining to this whole fiasco, it's that government and politicians might finally start taking seriously the need for proper online security measures.
Re: (Score:2)
Agreed, Delevan's explanation is BS. But it's interesting to consider how often this sort of thing will happen when we're all using voice recognition on a day-to-day basis. The difference between "This is a legitimate email" and "This is an illegitimate email" can be very subtle depending on the speaker's accent, background noise, and any number of other factors.
If Delevan were the sort of person who thinks on his feet, he'd have blamed voice recognition instead of a typo.
Re: (Score:2)
The difference is "n il", as in two mistakes, one being the use of an "a" instead of an "an". This rules out a simple typo.
I read that as the difference is nil... heh. while on the topic of mistakes...
Re: (Score:2)
These are college graduates after all, right?
. . . so what other "typos" did they make that we don't know about . . . ? Maybe they wrote users telling them to turn their firewall and anti-virus "off" . . . but they meant to write "on" . . . ? It's just a typo.
So, instead of Trump employing Master Russian Hackers to swing the election . . . it just turns out that Hillary's staff are not aware of basic computer security essentials.
Typical Hillary: Following computer security policies is for "little people" and "deplorables", not for elite folks, li
Re:Article disagreement (Score:5, Insightful)
What about the second part, where he told him to change his password? There isn't a single letter typo that can reverse the meaning, plus, if there is no action, then "immediately" is completely redundant.
No, this is a poor cover story from someone who fucked up massively.
Re: (Score:2)
No, this is a poor cover story from someone who fucked up massively.
First rule of politics: never voluntarily admit to any wrongdoing, because everyone will immediately assume that your admission is actually a coverup for something worse, whether it is or not.
In this case, though, it's hard for me to imagine what could be worse. What do you think the actual mistake was?
Re: (Score:2)
Re: (Score:2)
If it was inhouse they could just change the password and ring the guy up and say "your new temporary password is sword-a-da-fish". Yes, it does sound a bit Marxist to do it that way, but if you want to keep stuff secret paying an advertising agency to handle your email is not a good step.
Re: (Score:2)
How is Gmail worse than Office 365 email?
Re: (Score:3)
This is slashdot, you should know better than to think those are the only choices.
If getting your stuff in the newspaper is a catastrophe then expecting a third party and everything on the way to them to keep your secrets is just asking for trouble.
BTW, the MS Exchange suite is very well named. The best thing to do with it is to exchange it for a different collection of software.
Re: (Score:2)
Probably what he should have done in the reply is not include the body of the message being discussed as part of the response, including the fraudulent link to change the email. . There was no reason for him to have chained the response along containing any of that information and the phishing link to click on.
Re: (Score:2)
Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"
If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?
He doesn't mean typo in the sense that he meant to write "illegitimate" and wrote "jllegitmate".
He meant typo in the sense that he thought "oh that's an illegitimate email" and intended to write something to that effect, but ended up writing something completely opposite.
Just think back to the times you proofread and found a typo, sometimes it's a mistyped word, and sometimes you find words that are radically different than you intended.
Of course that doesn't mean he's telling the truth, it does seem odd th
Re: (Score:2)
Re: (Score:2)
The technical term for that is that it was a 'brain fart'. Brain farts can happen to anybody. As evidenced here, when a brain fart happens you can even re-correct the words around the 'typo' as in using 'a' instead of 'an.'
Agreed though I wouldn't necessarily call "brain fart" a technical term.
The takeaway is that it was ordinary low-level phishing that cracked Podesta's account. The Clinton team wasn't even invulnerable to plain vanilla phishing.
Well they did have protocols to protect against phishing, and those protocols were followed, but one of the people in that chain made a fairly epic screw up, and fundamentally no organization is immune to someone making an epic screw up.
And remember the RNC was also hacked, so this isn't a case of one side being incompetent.
Is Podesta even in any kind of position now where his computer illiteracy could get him in trouble again?
He was computer literate enough to delegate the tasks he didn't understand, unfortunately the people he delegated
Re: (Score:2)
Re: (Score:2)
The ones I usually see are people typing 'do' and 'can' instead of 'don't' and 'can't'.
As far as this goes, he was intending to err on the side of caution. This one aide reports one email - but have there been other emails? Has a link been clicked already? Going PROPERLY to Google and changing the password would be a 'no harm done' situation, and I suspect that's what he was aiming for.
And then human error happened.
Re:Article disagreement (Score:4, Informative)
Of course I proofread my emails before hitting send to avoid these problems. And Delavan claiming he meant "illegitimate" rather than "not legitimate" decreases the possibility that this explanation is correct. Just wondering what native English speakers think. Despite living here 45 years and English being my best language, it isn't my native language and some of the intricacies still elude me.
Re: (Score:2)
To me, "illegitimate" is one of those words which seems to be semi-archaic in modern English.
Then despite being a native English speaker and almost certainly literate, I would ask you to brush up on day-to-day Englsih and your O-level English certs (or whatever they are now(.
Re: (Score:3)
Shhh. You're disturbing the narrative. How can they be expected to place blame on others, if they have to accept personal responsibility? It was Comey's fault, anyway. Or maybe the Russkie's. Someone other than them, anyway.
KGB (Score:5, Funny)
That sounds like a really sophisticated Russian hacking effort! I'm glad the CIA is on it!
We knew this weeks ago... (Score:2)
It's amazing how they didn't manage to link to any of the actual emails or other original sources on this. No, I don't want to read your other 10 related articles on the subject, I'd like to see the damned emails in question, please.
I covered this exact story quite thoroughly [slashdot.org] just the other day, not to mention several other comments which you can find if you go back further, wherein I covered the DKIM signatures, stats on the bit.ly link to the phishing page, etc. which all proved this to be real.
We figure
Inflammable means Flammable? What a country! (Score:5, Funny)
https://www.youtube.com/watch?... [youtube.com]
Clear Language (Score:3)
Exactly. Having done this for a few years, CLEAR LANGUAGE is very important. There are english courses dedicated to that concept, but its pretty simple to grasp.
"Yes, that's probably a virus. Delete it."
While not exactly technically accurate, leaves absolutely no ambiguity. You would never tell the user to change their password, because obviously, they are being told that already by a third party so you telling them that would be an explicit validation of the problem and cause them to immediately act on it
I call BS on the IT guy (Score:2)
Re: (Score:3)
Re: (Score:2)
il.le.git.i.mate \.il-i-'jit-*-m*t\ adj
1: born of parents not married to each other
2: ILLOGICAL
3: ERRATIC
4: ILLEGAL
-- il.le.git.i.mate.ly adv
-- il.le.git.i.ma.cy \-'jit-*-m*-se_-\ n
Re: (Score:3)
Who uses the word "illegitimate" to describe a phishing email?
When you're talking to non-techies you do, if you said phishing email to Podesta he would start looking for his tackle box.
Re: (Score:3)
I have never in my life referred to an email as "illegitimate". Not talking to bumpkins, not to construction workers, not to tradesmen, not to policemen, not to soldiers, not to doctors, not to lawyers, not to elected officials. Not to my employees, not to my bosses, not to CEOs, not to directors. Not to teenagers, not to millennials, not to adults, not to boomers, not to octogenarians.
However, I use the phrases "That's spam, delete it." and "Fake, trash it." damn near every day.
I haven't been around the
Re: (Score:2)
Re: (Score:2)
He's working for the Russians like every other person that gets in to the Democrat party's email.
He doesn't speak English well. :-^
Lots of typos (Score:5, Funny)
Re: (Score:3)
That's the real shame here... the Left screaming and hollering about hackers, while trying to pretend the released information doesn't exist.
Re: Lots of typos (Score:4, Interesting)
What a childish claim - why would the contents of RNC emails be 'much, much worse'? You could conclude that they likely have similar things in their emails.
Or the RNC email server was secure?
Or the RNC emails weren't as 'explosive'?
Or the RNC simply wasn't targeted?
Or any of a hundred other reasons...
You don't need Russia or China (Score:5, Informative)
To hack complete idiots.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
> No doubt, but notice that they waited until after Sanders lost the primary to out Clinton.
For which hack? I covered the list of them just the other day - https://slashdot.org/comments.pl?sid=9986237&cid=53472053 [slashdot.org]
You realize there are many sets of leaks at different times and not many people even took Trump seriously back in the summer of 2015, right? (Many still do not, but I digress...)
Oh, and we have an email from them in 2015 saying "Best approach is to slaughter Donald for his bromance with Pu
It's Podesta's fault too (Score:4, Funny)
Comrade Podesta,
Filthy imperialist pigs have hacked into you email. To change your password please click http://www.ussrlives.com/mail/ [ussrlives.com]
If you don't enable MFA I have no sympathy for you (Score:2)
Seriously- If you haven't enabled MFA on your Gmail account then please don't complain when you get hacked. It takes a couple of minutes- you have no excuse not to.
text of email (Score:5, Informative)
https://wikileaks.org/podesta-emails/emailid/36355
[Edited to remove blank lines and phone numbers]
Re: Someone has your passwrd
From:mfisher@hillaryclinton.com
To: slatham@hillaryclinton.com
CC: john.podesta@gmail.com
Date: 2016-03-19 12:14
Subject: Re: Someone has your passwrd
Hi- yes I will call John right away and work on new passwords. He will need
to use my two step verification codes to sign in.
Milia Fisher
[phone number]
On Mar 19, 2016, at 10:07 AM, Sara Latham
wrote:
The gmail one is REAL
Milia, can you change - does JDP have the 2 step verification or do we need
to do with him on the phone? Don't want to lock him out of his in box!
Sent from my iPhone
Begin forwarded message:
*From:* Charles Delavan
*Date:* March 19, 2016 at 9:54:05 AM EDT
*To:* Sara Latham , Shane Hable
*Subject:* *Re: Someone has your passwrd*
Sara,
This is a legitimate email. John needs to change his password immediately,
and ensure that two-factor authentication is turned on his account.
He can go to this link: https://myaccount.google.com/security [Stupid assistant ignored the correct way to chg pass]
to do both. It is absolutely imperative that this is done ASAP.
If you or he has any questions, please reach out to me at [phone number[
On Sat, Mar 19, 2016 at 9:29 AM, Sara Latham
wrote:
> Sent from my iPhone
>
> Begin forwarded message:
>
[Forwarded Phishing Email from Delavan here]
> *From:* Google
> *Date:* March 19, 2016 at 4:34:30 AM EDT
> *To:* john.podesta@gmail.com
> *Subject:* *Someone has your passwrd*
>
> Someone has your passwrd
> Hi John
>
> Someone just used your password to try to sign in to your Google Account
> john.podesta@gmail.com.
>
> Details:
> Saturday, 19 March, 8:34:30 UTC
> IP Address: 134.249.139.239
> Location: Ukraine
>
> Google stopped this sign-in attempt. You should change your password
> immediately.
>
> CHANGE PASSWORD
>
> Best,
> The Gmail Team
> You received this mandatory email service announcement to update you about
> important changes to your Google product or account.
>
--
-Charles Delavan
HFA Help Desk
The HFA Operations Team is here to support you. Let us know how we’re doing .
by filling out a brief survey
So the help desk actually provided the correct URL to change the password, but the assistant went on click the phishing bit.ly link. Funnily enough, the HelpDesk monkey's sig contains a link to a survey using A BIT.LY LINK! LOL>
Re: (Score:3)
Not a very sophisticated phishing attack. I can't imagine an automated system saying "Someone has your password".
Rather it would warn more like "We've detected suspicious activity in your account," and advise user to check it was OK.
However, google security emails really are addressed "Hi " and signed "Best", so who knows??
I'd expect the KGB version to be more polished.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It looks like Delavan is trying to wiggle out of that mistake now by claiming that he meant illegitimate; however Delavan's stated conclusion that Podesta should immediately change his password in response to that "illegitimate" email shows otherwise.
Idiot (Score:5, Insightful)
He blindly clicked on a link in an email and gave up his password.
And this proves that Russia hacked is account.
All this proves is that John Podesta is an idiot.
Keep at it with enough attacks (Score:2)
Re: (Score:2, Interesting)
>The fact that both DNC and RNC were hacked, but only the choicest bits of embarassing stuff from the DNC hacks were leaks, strongly suggest Russian involvement with the intent of benefiting Trump in the general.
Except the Chairman of the Republican National Committee, Reince Priebus, said the RNC was not hacked.
“The RNC was absolutely not hacked,” Priebus said.
“Well, it’s really simple,” he added, when asked to explain the report. “Because when the DNC was hacked, we called the FBI and they came in to help us. And they came in to review what we were doing and went through our systems, went through every single thing that we did.”
“I don’t know of any employees, on any of their own Gmail accounts, that was hacked,” he continued. “So what I’m trying to tell you is the RNC was not hacked, number one.”
Keep trying!
I blame Russia (Score:3)
The Russian psychic warfare department strikes again! We really need to stop those evil Russians meddling with our democracy! Who knows in what other nefarious ways they use their psychic superpowers!
Curious alignment of the discussion for /. (Score:2)
Normally the slashdot folks are smart. What happened here?
Re: (Score:2)
Well, it was certainly not the result of US intelligence!
What the release of the Clinton E-mails shows is that (1) the people around Hillary Clinton were incompetent when it came to E-mail security, and (2) Hillary Clinton and the DNC had a lot of dirty laundry.
Who actually released those E-mails hardly matters. Obviously, it was someone who wanted to hurt Hillary. So what? That's how adversarial systems work.
Re: (Score:2)
http://www.salon.com/2015/05/20/george_w_bushs_cia_briefer_admits_iraq_wmd_intelligence_was_a_lie/ [salon.com]
Re: (Score:2)
Well, that logically also means either Hillary Clinton lied about Iraq herself, or that she was derelict in her duty to inform herself, or it means the CIA lied to Hillary Clinton, doesn't it?
Re: (Score:2)
Re: (Score:2)
The point is that if you take the position that the intelligence community was truthful on Iraq and the only people who lied were Bush and Cheney, then Clinton's vote wasn't just "a mistake", it was a deliberate and callous choice.
In any case, what actually happened is slightly more complex. The intelligence report came in two versions, one classified, one unclassified. The unclassified report was misrepresenting the situation, and that's all Hillary ever bothered to read. That means that Trump is justified
and yet... (Score:5, Insightful)
...we continue to talk about the HACK and who did it, not what the emails showed.
Re: (Score:3)
That's been done everywhere else, so why nor talk about the hack on a tech site and the politics on a political site?
How about this suggestion - link to a one of the many places discussing what the emails showed.
How does that IT guy get work done? (Score:2)
Really, if he's going to be changing the password after receiving every phishing scheme message there isn't going to be much time left for actually doing work.
All that he had to do was reply, "It's a scam to try and get you to enter your password on a bad guy's website. Delete the email and forget about it." Then write up a message that provides a few more details to be distributed to everyone that basically says the same thing because if one person asks you know that more than one person has that questi
These people mocked McCain over computers... (Score:5, Insightful)
Eight years ago these people mocked McCain as "out of touch" [factcheck.org] for his reluctance to use a computer...
Turns out, they need two layers of aides themselves to be able to tell an e-mail scam... Hypocrite scum.
Re: (Score:2)
Eight years ago these people mocked McCain as "out of touch" [factcheck.org] for his reluctance to use a computer...
Turns out, they need two layers of aides themselves to be able to tell an e-mail scam... Hypocrite scum.
Right. And then I'm supposed to believe that the well-written "answers" from "Hillary Clinton" on Quora are really from Hillary herself - someone who demonstrably is baffled by a fax machine.
Lesson 1 - use small words to PolSci types (Score:2)
They like to call it "Political Science", but as valid a study as it is the "science" bit just doesn't cut it. When a manager has come in via a political track it is important to use small words instead of communicating as if they had studied science, engineering or literature. People who have not been to college at all usually make up the slack, but on the political track they are o
I've become way too paranoid (Score:2)
I got a letter (actual paper sent via USPS) telling me that a healthcare provider suffered a data breach and my personal information has been stolen from them.
It tells me to go to a website to get a year of free credit monitoring and enter a customer number they have assigned me. I've never heard of this website. Warning bells go off, but as long as I only enter the customer number they assigned me what harm can it do? It seems legit. I really did use that healthcare provider. (So did thousands if n
Re: (Score:2)
Re: (Score:2)
And if you were feeling extra paranoid you could call
Re: (Score:2)
Obviously if they're offering legit credit protection they'll need an SSN, but presumably they already have it because I did cough up that information when I sought health care.
Assuming they're legit and I am inclined to agree they probably are, they're just using this to confirm that I am who I say I am.
But how else would anyone know my unique Customer ID Number unless the snail-mail was intercepted or someone had hacked into their system? And what good would it do an identity thief to enroll me into a y
Why ? (Score:2)
Why would you use an email link to change your password anyways, given the possibility of a faked or hijacked domain ? You should obviously go to the source and perform admin functions though the official tools and channels provided by that source even if someone vetted the email for you.
Re: (Score:2)
Re: Proof! (Score:2)
The most reasonable answer as to why so many Huma work emails were on a forgotten laptop is because she set her laptop to download work emails and store them instead of simply using it to access a webmail portal on the server...
Re: (Score:2)