The cyberattacks on the Clinton Campaign, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) started, as many do, with a spear phishing attack.

According a July 2018 indictment of 12 Russian military intelligence officials, in March 2016, a member of the Russian military spoofed an email to look like a security notification from Google, then sent it to the Clinton campaign manager “instructing the user to change his password by clicking the embedded link. Those instructions were followed.”