Why the FBI Director Doesn't Bank Online 360
angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."
Re:After reciving an e-mail that appeared... (Score:5, Informative)
It's not apparent. Dollars to donuts it's far cheaper to send an email targeting a specific bank to a very large number of harvested US email addresses than to somehow find out which email addresses relate to which bank's customers, and send them a targeted email. Emails cost virtually nothing to send.
Re:After reciving an e-mail that appeared... (Score:4, Informative)
419 scams and phishing are completely different sorts of scenarios:
- The first is an appeal to a person's greed that happens to be done via e-mail
- The second is a forged and somewhat alarmist e-mail providing a link to access what appears to be your bank's system to correct a problem.
419 scams are just a common type of scam only done "via e-mail" and should be easily detectable to anybody knowledgeable in the ways of deceit (the appeal to one's greed makes it very obviously).
Phishing involved a forged e-mail (which means one needs to be aware that e-mails can be forged) demanding nothing of value from the recipient (just some time to check and correct a "problem") and providing a helpful link to the relevant site (said link looking ok for a non-technical person). The helpful link to the site is a common feature in e-mails from many companies (for example MySpace) and thus an e-mail with a link fits one mental pattern of "how these things usually work" and triggers no mental alarms if you're not aware of how phishing works.
Thus I'm not at all surprised that a non-technical member of the intelligence/law community could fall for a phishing e-mail.
Re:From the wikipedia entry on Mueller (Score:3, Informative)
Re:Baby with the bath water? (Score:3, Informative)
Er, or you could type it in once and bookmark it?
Re:There's your problem. (Score:3, Informative)
Some banks, instead of sending you the message outright in email, instead have a sort of message system within their online banking, and if they send you something there, they send you an email notice to go check your messages.
Its a decent idea, as long as they 1. Dont include any links, and instead let you enter the bank site yourself and 2. Absolutely use it *ONLY* for directly personal information related to *your* account (eg no ads, promotions or newsletters)
Oh, and it helps if you try to avoid using insecure software such as MSIE or Windows when doing your online banking, too, but of course no individual bank has the ability to prevent you from doing that. Sure, they could refuse to allow you to login, but the cattle would probably switch banks before switching software.
Re:After reciving an e-mail that appeared... (Score:5, Informative)
checked the links
You don't check the links, you don't use them at all. Instead, you access the site through a bookmark, or via typing in the URL manually if you no longer have a bookmark. It's all too easy to confuse an l with an I or a 1. Or rn and m depending on what font you have. Or the attacker might play similar tricks using exotic characters that you do not even know to exist (How similar is a greek capital Rho to a capital P?).
Robert Mueller (Score:3, Informative)
He's someone good at playing the politics neccessairy to get and hold the position. I would be shocked if he had any experience at all in criminal investigation, much less cybercrime, at anything other than a manager-of-investigators (or higher) level.
Robert Mueller [wikipedia.org] served in the Marine Corp then earned his Juris Doctor (J.D.) degree. "He then served for 12 years in United States Attorney offices." He was chief of the criminal division for the Northern District of California before moving to Boston. There "he investigated and prosecuted major financial fraud, terrorism and public corruption cases, as well as narcotics conspiracies and international money launderers."
Falcon