Key Speakers At The Bloomberg Washington Economy Summit
John Podesta at an industry event in Washington, D.C. in April 2013. Andrew Harrer/Bloomberg/Getty Images

The Simple Phishing Attack That May Have Unleashed Clinton’s Email Troubles

Oct 29, 2016

A new batch of purported Clinton campaign emails released Friday by Wikilieaks include one apparently showing campaign chairman John Podesta and a Clinton campaign IT staffer falling victim to a password-phishing email disguised as a Google security warning. Observers say this may have been the moment that exposed a huge batch of Clinton campaign emails to the world. At the very least, it represents the type of attack likely involved.

The email, received by Podesta on March 19th of this year, superficially resembled a warning from Google of a suspicious login to Podesta’s account originating in the Ukraine. But it encouraged Podesta to reset his password by clicking on a shortened bit.ly link, rather than on a transparent link to Google itself.

Get Data Sheet, Fortune’s technology newsletter.

Most remarkably, the email was forwarded to a Clinton IT staffer, Charles Delavan, who failed to spot the trickery.

“This is a legitimate email,” Delavan wrote. “John needs to change his password immediately, and ensure that two-factor authentication is turned on [for] his account.”

In Delavan’s defense, he then provided a link to the real Gmail security-management page. If Podesta had followed that link, and taken the advice to turn on two-factor authentication, the ensuing hack might have been prevented.

Instead, according to an earlier report by Motherboard, the suspicious bit.ly link was clicked twice. It would have taken Podesta not to a Google page, but to a page associated with a Russian hacker known as Fancy Bear, where he may have unwittingly handed over his password. The Fancy Bear bit.ly account has been associated with thousands of attempted and successful hacks, including of Colin Powell and other Clinton staffers.

It may come as a surprise that a mundane (though well-crafted) phishing attack could lie at the root of perhaps the Clinton campaign’s biggest ongoing political headache. The information hackers gleaned from Podesta’s account have triggered a succession of major and minor scandals, including regarding Clinton’s paid speeches to Wall Street banks and possible mishandling of classified information.

For more on the Clinton emails, watch our video.

The news came alongside another explosive email-related development, as FBI director James Comey indicated that he was reviewing additional Clinton emails for possible classified information. The communications under new scrutiny were reportedly obtained through an investigation of former Congressman and Clinton associate Anthony Weiner, not from the phishing attack.

The new revelation also comes two weeks after miscreants accessed Podesta’s Twitter account and iCloud data, possibly because he used the same password, which was leaked in an earlier batch of emails, across multiple services.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions