Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why the FBI Director Doesn't Bank Online

Posted by samzenpus on from the crime-almost-paid dept.

angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."

3 of 360 comments (clear)

  1. Re:After reciving an e-mail that appeared... by turing_m · · Score: 4, Informative

    Even though he did stop just short of being taken in, it is apparent that some of his information was already compromised.

    It's not apparent. Dollars to donuts it's far cheaper to send an email targeting a specific bank to a very large number of harvested US email addresses than to somehow find out which email addresses relate to which bank's customers, and send them a targeted email. Emails cost virtually nothing to send.

    --
    If I have seen further it is by stealing the Intellectual Property of giants.
  2. Re:After reciving an e-mail that appeared... by Aceticon · · Score: 3, Informative

    419 scams and phishing are completely different sorts of scenarios:
    - The first is an appeal to a person's greed that happens to be done via e-mail
    - The second is a forged and somewhat alarmist e-mail providing a link to access what appears to be your bank's system to correct a problem.

    419 scams are just a common type of scam only done "via e-mail" and should be easily detectable to anybody knowledgeable in the ways of deceit (the appeal to one's greed makes it very obviously).

    Phishing involved a forged e-mail (which means one needs to be aware that e-mails can be forged) demanding nothing of value from the recipient (just some time to check and correct a "problem") and providing a helpful link to the relevant site (said link looking ok for a non-technical person). The helpful link to the site is a common feature in e-mails from many companies (for example MySpace) and thus an e-mail with a link fits one mental pattern of "how these things usually work" and triggers no mental alarms if you're not aware of how phishing works.

    Thus I'm not at all surprised that a non-technical member of the intelligence/law community could fall for a phishing e-mail.

  3. Re:After reciving an e-mail that appeared... by ArsenneLupin · · Score: 5, Informative

    checked the links

    You don't check the links, you don't use them at all. Instead, you access the site through a bookmark, or via typing in the URL manually if you no longer have a bookmark. It's all too easy to confuse an l with an I or a 1. Or rn and m depending on what font you have. Or the attacker might play similar tricks using exotic characters that you do not even know to exist (How similar is a greek capital Rho to a capital P?).