Clinton receives an email that purports to be from Neera Tanden, the president of the Center for American Progress. The subject heading is “Exclusively For You.” The text of the short email says, “Look what I’ve found”—an Internet link follows —“Here is a very nice offer. Enjoy.”
Clinton replies, “Neera–did you send me this? If not, I think your email address book has been hacked. If so, why? Anyway, hope you’re well.” (US Department of State, 10/30/2015)
In February 2011, a State Department security official warned to Clinton and others that there was a dramatic increase in attempts “to compromise the private home email accounts of senior Department officials. […] Specifically, the actors are sending cleverly forged emails to victims’ private web-based accounts… These ‘spear phishing’ messages appear to be sent by US government officials but are designed to trick recipients into activating embedded malicious code by clicking on an attachment or link. […] We urge Department users to minimize the use of personal web email for business…” (US Department of State, 11/5/2015)
Clinton apparently was the target of two other “spear phishing” attacks in May 2011, and she was warned again in June 2011 that the personal emails of government employees were being targeted by hackers. (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)
The email from Tanden appears to perfectly fit this warning, and likely was not intentionally sent by Tanden at all. It is unknown if Clinton clicked on the link before realizing the email was bogus. Despite such warnings and this incident, Clinton continues to exclusively use a private email address for all her work and personal emails.