So, three weeks ago, Gizmodo Media Group’s Special Projects Desk launched a security preparedness test directed at Giuliani and 14 other people associated with the Trump Administration. We sent them an email that mimicked an invitation to view a spreadsheet in Google Docs. The emails came from the address [email protected], but the sender name each one displayed was that of someone who might plausibly email the recipient, such as a colleague, friend, or family member…

Some of the Trump Administration people completely ignored our email, the right move. But it appears that more than half the recipients clicked the link: Eight different unique devices visited the site, one of them multiple times. There’s no way to tell for sure if the recipients themselves did all the clicking (as opposed to, say, an IT specialist they’d forwarded it to), but seven of the connections occurred within 10 minutes of the emails being sent…

Two of the people we reached—informal presidential advisor Newt Gingrich and FBI director James Comey—replied to the emails they’d gotten, apparently taking the sender’s identity at face value. Comey, apparently believing that he was writing to his friend, Lawfare.com editor-in-chief Ben Wittes, wrote: “Don’t want to open without care. What is it?” And Gingrich, apparently under the impression he was responding to an email from his wife, Callista, wrote: “What is this?”