Slashdot Mirror
Why the FBI Director Doesn't Bank Online
angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."
Why does he even consider any such e-mail worth reading?! That is the biggest fail in the chain of his doings....
I don't meant to deride the director of such an important agency, but seriously? He has more to worry about from targeted attacks than phishing attempts.
A little knowledge goes a long way.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Unfortunately, this does seem like a novel concept: If you can't use it properly, and are unwilling to take the time to learn, don't use it at all!
Of course, it's a bit disturbing that the head of a major law enforcement agency can be scammed that easily. I know plenty of people (who aren't in any type of computer/tech field) who know very well that you never, under any circumstances, ever, go to a sensitive website from an email link, and you most certainly never enter any login details unless you've gone directly there. That's pretty common knowledge anymore, and this is a guy you'd expect to know better. Leads you to wonder what other simple concepts he can't get straight.
To fight the war on terror, stop being afraid.
The FBI Directors doesn't know to never click on a link from "his bank" in his email?
So i guess I can call him as his bank and ask him for his password too without him actually calling back to the real number?
No wonder security is broken ...
E-mails from banks should always result in a break of medium: Call them (and not at a number mentioned in the e-mail). Perhaps that will teach banks not to send e-mails with links in them, or at least not unsigned e-mails.
I think the real question is why he would admit to A) Not using a bank B) Almost falling for a phishing scam. The director of the FBI and he doesn't know to check headers or ignore direct communication from such an institution? FAIL. He should direct himself to the back of the unemployment line and the FBI should hire someone with a clue. Wait, what are you doing here?? Get away from tha....
All emails from my "bank" get filtered right into the trash. It its important, they will call or send a letter.
Fortunately his wife will continue to use online banking...
Chinese and Russian governments scramble to create look-alikes for the FBI's intranet.
EMail Robert Mueller pretending to be from tech support.
I bank online about once a week. Everytime I connect, I check the HTTPS certificate. Also, my bank does not know my email address. If I get email from my bank, I KNOW it's a fake. period.
It was a pain to setup because their refusal to send anything important by email, but I guess it's for the best. The only email I receive from my bank is offers for more credit. Anything related to my account is done with registered mail and a phone call.
This caused a brainfart: It'd be nice if banks were savvy enough to negotiate encryption in email. Say, I give them a public key and they give me one, and their systems will automatically encrypt-and-sign with the agreed-upon keys.
As it is, even joe average cannot do something that simple, because the way the crypto-hippies provided it, it isn't simple at all. So, we'll be stuck with no encryption until governments mandate it, and then it'll be hierarchical and a good chance key escrow got built in right from the start.
I almost got into a car accident when someone cut me off on the way to work this morning. By the logic suggested by TFS, I should stop using the public roadways.
Anyone who falls for these scams really, really, shouldn't be using a computer for online banking. Heck, on one occasion I'm almost certain I got a fake call from the bank as well, considering the bizarre questions that were being asked to "verify my identity" prior to offering me some insurance package. Fortunately, being Link of Hyrule didn't seem to stop my interviewer from proceeding to sign me up for some awesome house insurance. Wonder how he got my alias on file...
I am wondering, what's so hard about fixing this issue once and for all. We've had e-mail signing for a couple decades now available to everybody. Since most folks will happily stick any "Installation CD" they get into their machines, why can't, for example, one be given out to each new bank customer which then adds a certificate or public key etc. to his e-mail. Hell, they could even install their own e-mail and browser app for exclusive use with their online services. If I had a bank I'd be ashamed for making customers hop through nonsensical procedures like forced password changes or automatic account disabling (my bank disabled my login after me not having used it for more than 90 days!), yet providing no secure communication channel via e-mail nor phones!
Be calling for legislation that makes banks responsible for identity theft and any subsequent damage to consumer credit ratings. That would make the FBI's job much easier since the banks would never send emails, among other things, to make sure that they are diligent about identity theft.
While being an idiot he's obviously not so stupid that he doesn't realise that he's an idiot. Hence the self restriction. If more of the worlds idiots followed his example the internet would be a better place.
"Physics is to math as sex is to masturbation." -R. Feynman
1) the text displayed must equal the the link
for example www.yahoo.com points to www.yahoo.com
you cannot make links such as www.yahoo.com pointing to www.phish.com
2) the link can only consist of a-z, A-Z and .
So my genius idea solve this stupid phishing problem.
Viewed on a negative basis, police deter lawbreaking by catching offenders so they can be punished downstream in the judicial system. From a positive basis, police create a climate where the people do not need to fear crime and so can be less stressful and more productive. Rather important.
The one thing police should never do is show fear or give into crime. It is a fundamental abdication of responsibility and encourages the lawless. (some inner city areas). If they do, then what is their justification for SWAT -- heavy armament and aggressive tactics? They should just turn tail and run.
Everyone is always just a few clicks away from being caught in a phishing scam. In fact, wouldn't it be closer to say that everyone is just one click away (the link from their email)?
It's like saying, I am a few steps away from a cash register at the supermarket...I came this close to be tempted to steal it. But I've solved the problem: I won't enter any supermarkets ever again. Or that everyone is just a few steps away from death by standing by the side of the road, so to avoid being hit by a car, I will never go near a road ever again.
Sure there are dangers everywhere, one just needs some education, like: never ever ever click on a link in an email claiming to be from your bank. Just like: you should always look both ways in crossing the street. Seriously, my 16 year old brother know both of those...
When I receive a phishing from a paypal scammer, I know it, because it's in English, while the true paypal know that I speak French.
Robert Mueller,
There has been a technical issue we need to resolve with your account at counter-intel.fbi.gov.
Please click on the above link and fill in your details. Follow the on screen instructions and the error will be corrected.
Thank you and have a good day,
FBI Technical Support
It's any wonder why Americans are such targets of such scams. If someone who really knows what to look for almost falls into the traps, how can the Americans who aren't as tech savy survive such scams and be held at fault? How about some good old public broadcasting on the TV's telling folks about such emails. We warn people about drugs to educate them, lets do that with some of these cyber scams and smarten up some people. Let's become less targets and more careful.
Life takes interesting turns, but the most interest is when you're off the beaten path.
Robert Mueller's the guy I keep getting emails from asking me to accept some money from Nigeria. He's always claimed to be the head of the FBI, but I never believed him. Man, all this time I've been risking arrest and denying myself several hundred thousand US dollars just because I thought it was a scam! I guess you shouldn't be skeptical of everything you get in your inbox.
I'm a psychologist (amongst other things).
I am not surprised.
The director of any agency does not necessarily deal with all the scams and most likely not with IT. He runs the business/admin side of things, and he has people working under him to take care of things like security etc.
What seems to be missed is that phishers has the e-mail address of the director of the FBI. Either it is a personal e-mail address - and I am not even sure people in that position are allowed to have personal/web e-mails. OR it is his FBI address - and that is more worrying than that he almost fell for a scam.
Another thing that worries me is that he takes nothing away from this experience - almost got caught, so I won't bank online anymore. Heck I would expect someone of his stature to go - Almost got caught, yikes better make sure that does not happen again.
The direct effect of this is that the director of the FBI is now going to either bank by phone (and that is a security hole right there) or going to wait in the qeue at the bank - exposing him to other risks.
I would've thought that higher up officials such as him had access to alternative more secure methods of doing things like bankin - how does the President of the USA do it, for instance?
Seven Days with Ubuntu Unity
He couldn't use the telephone to do 2 minutes of investigation before biting? He runs an agency with "investigation" in their name yet accepts email at face value? Let me guess, all their phones have been disconnected because they're a security risk.
Besides, if he was checking on his accounts regularly, he'd know if there was any unusual activity.
This says a lot about the head of the FBI, none of it particularly flattering. He accepts whatever comes across his desk at face value, doesn't do any actual fact checking himself and doesn't stay on top of things.
Yeah, I'm inspired with confidence.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Mueller should step aside and let Fox Mulder take over as director. He was that guy from the nineties reality TV show; no way he'd be gullable enough to fall for something like this!
While I admire his honesty, I must say that someone who is chock full of this much stupid should not be in any position of authority.
This is a prime example of why we need laws to weed out the ignorant.
The head of the FBI isn't a superman, or an expert on every form of crime. It's entirely possible the man spent his investigative entire career focusing on a particular type of crime, before working his way up through management. Furthermore, the computers the FBI uses are probably quite similar to the ones used in a bank or comparable corporate activity. One would hope that their records security is at least as good as a bank. Unlike a bank, the FBI is mostly not subject to liability if they screw up, nor do they receive a larger budget if they do a better job one year. (in fact, Congress might CUT the FBIs budget if they do exceptionally well a particular fiscal cycle)
It's a popular meme in the media to give federal agents of all stripes super skills and technology that ordinary citizens don't have. Yet, for the most part, I suspect this isn't the case. (the exception to the rule is that the FBI DOES have enormous power to spy on and harass ordinary citizens who are never charged with a crime, and has abused this power many, many, many times in the past)
I've been wondering for years why the banks have not pushed signed e-mails. But no, they continue sending HTML-mails with links being passed through doubleclick.com's traffic analyzer. It's their own fault if people can't tell e-mails apart! The same is true for e-bay, paypal and the rest of them.
My recommendation to those companies: Ban any type of HTML-mail, sign all mails (this way, at least people with knowledge will be able to use this feature), NEVER use third-party domains (tracking.doubleclick.example/relink/bla.asp?flightid=3323523453425), and make all your links of the type mybank.example/shortlink, not blabla3.server15.mybank-links.example/deep/directory/structure/index.asp?token=2039820582435&linkid=2309542350&sender=23532&ie=utf-8
I don't even know why anyone would even read emails from any bank. They tell you that any important messages are sent to the in-account message system and at the very least, in the UK anyway, if anything is so wrong with your account that a bank deems is necessary to get in contact with you instead of the other way round then they will gladly sent you a letter that costs you £25.
It amazes me at the level at which people can't even stop and think.
..because he does not understand simple concepts about human nature and, resulting from this, the way in which modern banks conduct their business (e.g. never sending out mails about internet banking/passwords), and is apparently oblivious to the concept of such scams even though it has been reported in the mainstream press over and over again.
Somehow, it worries me that such a person would be the head of the FBI. Good thing I don't live in the States then, although I have reason to expect things aren't much different where I live.
That link is in Dutch, but you can still gather the idea from watching the movie. What you see is the prime minister (at the time) of the Netherlands who clearly has no clue whatsoever what a computer mouse is for and how it should be used (he attempts to use it like a TV remote). A six year old (!!) girl (!) then helps him out in sending an e-mail. This happened about 10 years ago, but mice had been 100% mainstream for at least a decade then (since Windows 3.11 at least - I mean, if six year old girls know, you can be pretty sure it was well out of nerd-territory by then).
The scary thing is that *these* are also the kind of persons in positions to come up with laws and regulations regarding the internet, filesharing, etc.
Every expression is true, for a given value of 'true'
It's so comforting to know that the Director of the FBI is so stupid as to (nearly?) click on a link in an email just because it claims to be from his bank. Doesn't he have direct links to his bank bookmarked in his browser? Oh wait, he's probably using IE 6 anyway... He still has his job?
Why can't he use GMail? It has this neat feature..it blocks 9.99999999999999999999999999999999999% of all email phishing bank scams..
Fred Grott(aka shareme) http://mobilebytes.wordpress.com
Someone cutting you off isn't your fault. This is more like you almost getting into an accident because you had a narcoleptic episode. In which case, you shouldn't drive.
You could say that the FBI director could be cured with knowledge, but knowledge doesn't cure gullibility, only ignorance. It is rare that people recover from gullibility.
I forgot, also give out a big rebate/better interest rates to customers who use NoScript (which is easy to check during logon). The worst banks in this regard are Citibank and ING-DIBA (shudder).
I have a Bank of America account and, to be honest, my experience with their customer service has been average at best; what keeps me a customer is the quality of their web management.
SiteKey-like authentication should be the industry norm. I have to prove who I am to access my account, they should also have to prove to me who they are if they want my info. It just makes sense. Granted, I did read a study that showed that a well-crafted phishing site asking for a standard login/password was still fairly effective. That's not to say that SiteKey isn't a good idea, but that education is still half the battle.
Disclosure: I've previously had accounts with WaMu (now Chase), Wachovia, and a local credit union. Customer service has been meh no matter the bank, but BoA by far has had the best web site. IANACSA (Computer Security Analyst), but I do play one on the internet.
This may be famous last words and all.. but falling for an official looking email is stupid. It is not stupid for someone who knows nothing about the Internet to do so, but if you know anything about how scams and/or email work it is a sign that you may be dense. There are real dangers online. Dangers such as hackers, DDOSers, getting your WLAN or router eavesdropped, DNS poisoning, etc. Fake emails with an authentic logo (ooooh!) are not one of them.
I don't normally criticize random people online, but maybe he is not suitable to be the director of something.
And you'd think the head of the friggin FBI knows a little more than that. Maybe he should go and talk with his friends at the NSA?
There's a straightforward solution to this so simple that it hurts. Don't mix media. I have a bookmark for my online banking. If I ever receive a mail from my bank with some "important information about my account", I will click on that bookmark, never on the link in the e-mail, and if the info is real, it'll be there in my online banking message box.
Same with PayPal, Amazon, ebay and any other site. It really is so simple, I think I could explain it to my grandma, and she's demented.
Assorted stuff I do sometimes: Lemuria.org
FTFA:
"After changing our passwords, I tried to pass the incident off to my wife ... as a teachable moment," he said. "To which she deftly replied, 'Well, it is not my teachable moment. However, it is our money. No more Internet banking for you."
My bank (and I'm also in the UK) has recently taken to sending me emails. Complete with "click here to check your account" links.
Yes, I've checked. They were genuine, not a phishing attempt.
Yes, I asked my bank what the hell they thought they were doing.
No, I didn't get a sensible reply.
So he's not using online banking because some phisher sent him an e-mail and he almost fell for it? If he took some money out of an ATM and then someone tried to mug him, would he refuse to use ATMs from then on? If he saw a report of a bank robber killing someone during a robbery attempt, would he not go into a bank's branch to do his banking? Just because the phishing attempt occurred doesn't necessarily mean that his bank's online banking system is insecure.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
just type the url or your bank into the address bar?
www.mybank.com <- wow typing that nearly gave me rsi..
I got an email but did NOT click on it!
Now that I've switched to First Mattress Bank that won't be a problem anymore.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
According to the wiki, Robert Mueller is a lawyer. He received his law degree in 1973, and spent a good chunk of his career as a federal prosecutor. Prosecutors in general are vicious people who use their power to extort guilty pleas from defendants. ('plead guilty and take the deal for 3 years, or I'll ask for a life sentence')
The man has no direct investigative experience, nor any training or work experience with computers. I would suspect he barely knows how to turn one on and to open up powerpoint, word, or outlook.
He specifically is one of the key men who CARRIED OUT the warrantless wiretapping, while declining to tell the public that he had broken his Oath to the Constitution of the United States.
Furthermore, he was the lead prosecutor on the Lockerbie bombing case. That's the one that sent Abdelbaset Ali Mohmed Al Megrahi to prison for life, under evidence SO WEAK that the Scottish courts released this alleged mass murderer from prison under compassionate release. (the main reason this man was convicted came from the 'testimony' of a man paid 2 million dollars to give it, and of course Mueller had to have been right in the middle of this)
Based on their past problems replacing their IT systems, my guess is that it's because he can't find his computer's "on" switch.
My bank has recently sent me a Chip & PIN Card Reader for use with their Online banking service.
IMHO their security was already good; you don't login with a simple username and password but have to answer one of several preset questions and pick digits from a PIN number and characters from your password (in other words you never transmit all of the information all at the same time). Now, however, if I want to make changes or transfer funds I have the additional security of using my bank card, at home, in their card reader.
Basically it works like this, I login to my online bank account as normal and when I try and make a change that needs further authentication the server generates a unique number. At this point I put my bank card in the card reader and authenticate with my PIN number, then I type in the unique number which the card reader uses to produce a new number. I enter the new number online and I've just proved I've physically got the bank card and PIN number for this account.
Sure, I can still be stupid and give phishers all sorts of information but now I also have to physically give them my bank card (and the reader).
Simple rule, if I didn't initiate contact with my bank then whoever I'm dealing with isn't getting any details from me at all.
Moore's law is not a law. Theory, yes; Predictable trend, certainly; Law, no.
The article quotes him as saying online banking is "very safe." Well, if it's so safe, why doesn't he use it? Either he is glaringly, abysmally stupid, or he is a fucking hypocrite who is too much of a pussy to call out the banking and computing (read: Microsoft) industries for perpetuating an inherently insecure system. And then you've got companies like PayPal that try to silence people who dare proclaim that the Emperor Has No Clothes.
But forgive me for being but a lowly member of the hoi polloi, for I should simply continue to believe everything that the government and multinational corporations tell me. "Do as I say, not as I do" is not exactly an appropriate framework by which one goes about fixing problems, much less enforce the law. Oh wait...police officers routinely and frivolously violate the very same laws the rest of us are held to. So I guess this is just business as usual.
..I didn't have to physically visit the place at the time I opened the account.
Right there, they could give people key fingerprints so people can certify the identity. Then, when you get an email from someone claiming to be "Bank of America" you just need to check the signature.
But I know .. I know .. this tech which solves everything is already so old all the patents have expired, so there's no longer any reason to use it.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
He can report this attempted crime to the FBI Cybercrime office and they will take care of everything!
This post expresses my opinion, not that of my employer. And yes, IAAL.
There is an elite in this country, a revolving door for people to float between senior positions in government, industry and the media. The same people remain at the top, no matter how much or how often they screw up. The problem is not so much the injustice of it, the real problem is that these "elite," for lack of a better term, are so disconnected from everyday life and everyday people that incidents like this are par for the course. He didn't even have enough shame to keep his mouth shut about it. People like this don't even have the awareness to know how stupid they're being, yet the public still respects their "right" to tell us what we can and can't do with our lives. The man should be replaced upon demonstrating such naïveté, but it won't be thought twice of in a government so racked by incompetence and corruption. Incidents like this should inspire people to have more faith in themselves and less in their "leaders."
Oh, wait, I guess that's still true. :)
Really!
It's not that hard to fucking sign an email. Why do people and institutions refuse to 'get it'?
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Phishers try to get your data with these emails, how about people respond with false information? If 99.99% of the information given phishers is false, it'll protect the .01% of people who are dumb enough to give real information.
Furthermore, if phishers make a lot of attempts at fraud with incorrect/false information, they'll stick out like a sore thumb and perhaps get caught.
You could even imagine a volunteer-based "white" botnet which, when a bona-fide phishing attempt is found, phucks the phisher up by feeding him millions of instances of incorrect "identity" data.
It seems like we could make phishing a thing of the past by doing this.
BTW, as an aside, I am NOT in favor of laughing at the exploitation of foolish/stupid/careless people. First, not everyone is a domain expert in everything: can you save yourself from your own knowledge from being ripped off on your car? Your doctor? Your bank account? Your computer? The law? Second, being smart/knowledgeable is IN PART a function of being BORN with a GOOD BRAIN. That's pure luck. If you're lucky enough to be have a good brain, how about giving the less fortunate compassion, understanding, and help rather than scorn? And if you're smart now, you should realize that a stroke (or other medical problem) can take your intelligence from you in an instant. Last, who among us has NEVER had a moment of carelessness?
Best,
--PeterM
It should not be why he does not bank online, its should be why he is not allowed online. What a fool. Why don't we license people to be on the interwebs?
Going on means going far
Going far means returning
This discussion primarily proves that the socially dyslexic slashdot crowd didn't get the main message:
The wife didn't want Online Banking anymore.
It lost the "no brainer" status. And
it lost the all-important Women Acceptance Factor in one go.
Old guy falls for phishing email, clicks link. Film at 11:00.
"The ferrets, they're every where I tell you!"
Of course, it's a bit disturbing that the head of a major law enforcement agency can be scammed that easily
The type of person who will easily fall for a run-of-the-mill bank-phishing scam is also rather likely to fall for others. How about a a little social networking?
"Hello, Mr. Director. This is John from the IT Department. We need to do some security updates on your laptop. Oh yes, and we'll need your password to login and apply the updates"
Seriously. Ignore all e-mail claiming to be from your bank. And if you find out they did send something, seriously consider banking elsewhere (they could be fooled into sending stuff to the wrong address, or the mail could be intercepted -- bad bank -- no cookie!). The only circumstance where the rule could be reconsidered is if the mail is properly encrypted.
For me, this rule is simple to implement because I've never given my bank my e-mail address and I never will. No matter how legitimate an e-mail might pretend to be, it's almost certainly bogus.
You shouldn't have to be the director of the FBI to figure this out.
This is the same guy who, as US Attorney, had Dmitry Sklyarov arrested because Adobe wanted to punish Elcomsoft. Mueller apparently just can't grasp the modern world. Sure, not everyone knows not to answer unsolicited emails from banks, etc., but Mueller is no more likely to know that than an average citizen.
He's a figure head, not a hacker. Of course he almost got caught.
The guys that know everything aren't running the FBI :) They're doing the real work under his management at the FBI.
He's just a figure head.
And all info messages from them are electronically signed.
... then he'd quit law enforcement? Same logic.
Edith Keeler Must Die
of the director of FBI
who did not call his experts to counter this phishing attack!
and who failed to expect such a thing happeninhg to hijm too!!
see the next article - the director is not up to his job!
They're a bunch of fucking lamers.
If you get a mail from your bank, you don't click the fucking links. You dig up your OWN link and click on that instead. or type it yourself.
Once, my credit card company called me and said there was a security problem with my card. They left a number. I called the number they left, and their auto answer requested my Social Sec number. I hung up and dialed the number on the back of my credit card instead. When I got a manager on the line, I explained the situation to him. What morons.
Oh yea, that was a Bank of America card. Fuck those people.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Why do banks do this? My bank sends me a 'you have a message email' and I then read the email on the online banking site. Simple, I never expect email from my bank since they don't send email to me.
They'd haphazardly gone after a few of them in the past but it seems like they're making a more concerted effort now. I wonder if this is why. Seems like if you're a phisher and you want to stay under the radar, don't mail the fucking head of the FBI.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's not that hard to fucking sign an email.
I keep trying, but my pen doesn't write on the screen very well.
I don't bank and do anything with money online (nor do I have a credit card) either.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Was that before or after he sent that check to Nigeria ?
He's someone good at playing the politics neccessairy to get and hold the position. I would be shocked if he had any experience at all in criminal investigation, much less cybercrime, at anything other than a manager-of-investigators (or higher) level.
Robert Mueller served in the Marine Corp then earned his Juris Doctor (J.D.) degree. "He then served for 12 years in United States Attorney offices." He was chief of the criminal division for the Northern District of California before moving to Boston. There "he investigated and prosecuted major financial fraud, terrorism and public corruption cases, as well as narcotics conspiracies and international money launderers."
Falcon
Should there be a Law?
What it makes me wonder is why someone who is so out of touch is the head of the FBI. Granted many people fall for such things, but for example, probably most readers here wouldn't.
The head of the FBI has more to worry about than cybercrime, like terrorism. Is he supposed to be an expert in all of them? No, that's why he has assistants who should be experts in those fields. As others have pointed out above the head of the FBI can't be expected to know everything.
Falcon
Should there be a Law?
Another bank I know, the computer makes up the security questions and the person in the call centre just relays them and keys in the answer the customer gives. Too many wrong answers, and computer says no.
My bank does that for online banking. When you sign up for online banking you're asked a bunch of questions, some questions you can choose, you then supply answers. When you try to login you're asked those questions and you have to answer them. I went through a hassle once because I couldn't recall a right answer. I made up some answers because someone who knew me could guess the answers, such as "what is your favorite animal?" or "what is your pet's name?"
Falcon
Should there be a Law?
> The emails you do get from various online institutions don't look all that
> more legit than the ones from the scammers.
Sadly true. My bank's email's don't look all that legit either; fortunately, they have a "messages" button on my account page. If I go to the site and click that, any email they sent is also on the web site.
I've gotten into the habit of deleting the emails unread and then logging in to my account to see what the message is.
...to discover that the director of the FBI considers himself too stupid to safely operate a web browser.
-I like my women like I like my tea: green-
That's what my bank does (desjardins). They never send an email to me for any reason whatsoever.
They do, however, contact me via regular postal mail, or they rather send me an internal message from within their online banking system. Therefore, I have to logon to my bank in order to receive messages from that bank.
Anything preventing me from logging on will have to be resolved the old fashion way, phone or in person.
Banks should just all together, and at once, tell all of their customers "We will never email you. Ever. For any reason." and instead rely on regular mail or internal mail to contact the user.
This only makes sense.
And what if you can't login? Not often but I have gotten email from my bank, such as when I screwed up logging in, I got an email saying someone tried to login.
Falcon
Should there be a Law?
I assume they at least have aides skimming it for stuff to scream at the other side about, but who knows what all is in there
If the average person has trouble reading and understanding the whole bill then there's something wrong with the bill, if someone getting paid to voted on bills can't read the whole thing then it's too long or they need to get another job. And aids are no substitute for knowing what a bill says. I will not sign anything I have not read the whole of and I expect nothing less from those who are supposed to represent me.
Falcon
Should there be a Law?
My bank- actually a credit union- in Vancouver, BC- has had in place for over a year now anti-phishing technology. It works like this: when it was first set up, as an online banking user, one was invited to do two things to customize the page display of the banks homepage in a way that would be difficult for a phisher to do. First thing was select a graphic from a palette of 20 or so. Second thing was to make your own custom phrase that would be reflected to the web site login pages after the request of account number and prior to the request for account password. My phrase is "we are the wonder family, more or less" and I made it up myself. My graphic is of Chinese jewelery chest. This information a phisher would need to have in order to make a login page sequence that would convince me I am at the proper web site. As this information has until now not been made available to phishers (I presume it is kept with similar security measures as my other sensitive banking information) it has not been available to them where they to attempt to simulate/forge the login process to my account.
This methods adds only one extra button click in the login process.
If your financial institution has not instituted such a process, I would say that speaks volumes to their customer care attitude.
Vocation does make a difference, there were millions who had their ID's or credit card numbers stolen. What makes the FBI director any different?
If you don't, you really don't need to be in a position of authority.
So you wouldn't want doctors who had their ID stolen treating you either? How about a teacher teaching?
Falcon
Should there be a Law?