Russian hackers used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee (DNC) and members of Hillary Clinton’s top campaign staff, according to a report by the SecureWorks cybersecurity company.

The emails, which were sent to DNC and Clinton staff from March 10, appeared almost identical to the standard warnings Gmail users get asking them to reset their passwords, the report found. Once clicked, the links took users to a page that imitated a Google login page, but which was stealing their password information — and downloading malware — designed by a group of Russian hackers known as Fancy Bear.

The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton’s campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks’ research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.

Researchers found the emails by tracing the malicious URLs set up by Fancy Bear using Bitly, a link shortening service. Fancy Bear had set the URL they sent out to read accounts-google.com, rather than the official Google URL, accounts.google.com, the report said.