But there was a flaw in the plan. Two-factor authentication was required on everyone’s work email. The phishing attack was sent to Podesta’s personal email. Now, what past behavior could possibly have given Podesta the idea that he could send and receive tons of highly confidential campaign emails from his personal email account? Oh, snap.
