Previous posts in this discussion:
PostHow Was Podesta's e-mail Hacked? From Noah Rich (John Eipper, USA, 07/22/18 2:41 pm)
Noah Rich writes:
When commenting on Istvan Simon's post of July 19th, John E asked:
"When I log in to Gmail from an unknown computer, I receive an e-mail to this effect. Did Podesta not notice [when he was 'spear-phished' by the Russian hackers]?"
When you log into a computer from an unknown location, the e-mail is sent almost immediately. In other words, let's say I steal your password with a keylogger and sign into your e-mail from here in Japan. The e-mail will of course be sent to you by Google for being signed into from a strange location, but that e-mail is going right to the account to which I already have access. I am just going to delete it immediately so that you have no idea it was ever sent.
In this way, you'd have to check your trash bin, or archives (which I could also empty) to see that e-mail was ever sent to you. The only way to check would be to go to your account and check your sign in history, which obviously most of us never do unless we have reason to believe it was hacked.
JE comments: Thanks, Noah. How are things in Japan? Please send us an update when time permits.
For the uninformed on phishing, spear-fishing, and "whaling," a primer is below. In brief, the "spear" part means a specifically targeted attack that attempts to look like a trusted source. Low-level phishing casts a wide and clumsy net in the hope of picking up unsuspecting marks. Think of a guided missile vs saturation bombing.