Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why the FBI Director Doesn't Bank Online

Posted by samzenpus on from the crime-almost-paid dept.

angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."

14 of 360 comments (clear)

  1. Re:After reciving an e-mail that appeared... by dgarciam · · Score: 5, Insightful

    Makes you wonder. If the head of the FBI, the guy who knows all the secrets, that sees all the scams all the time almost falls for this, what can we expect from you average house folks? Scams are getting more and more elaborate this days. Not perfect, but getting there

  2. A novel concept... by laughingcoyote · · Score: 4, Insightful

    Unfortunately, this does seem like a novel concept: If you can't use it properly, and are unwilling to take the time to learn, don't use it at all!

    Of course, it's a bit disturbing that the head of a major law enforcement agency can be scammed that easily. I know plenty of people (who aren't in any type of computer/tech field) who know very well that you never, under any circumstances, ever, go to a sensitive website from an email link, and you most certainly never enter any login details unless you've gone directly there. That's pretty common knowledge anymore, and this is a guy you'd expect to know better. Leads you to wonder what other simple concepts he can't get straight.

    --
    To fight the war on terror, stop being afraid.
    1. Re:A novel concept... by donaggie03 · · Score: 4, Insightful

      He wasn't scammed. He was almost scammed. Everyone who uses the internet has "almost" been scammed, for varying degrees of "almost."

      --
      Three days from now?? Thats tomorrow!! ~Peter Griffin
  3. Wait wha...? by alexandre · · Score: 4, Insightful

    The FBI Directors doesn't know to never click on a link from "his bank" in his email?
    So i guess I can call him as his bank and ask him for his password too without him actually calling back to the real number?

    No wonder security is broken ...

  4. There's your problem. by headhot · · Score: 4, Insightful

    All emails from my "bank" get filtered right into the trash. It its important, they will call or send a letter.

    1. Re:There's your problem. by D+Ninja · · Score: 4, Insightful

      ...except, they won't. Many people do everything through online banking. A number of banks have complete "opt-out-of-paper" programs, so you won't see another letter in your life (except maybe major documents that need signed). The real trick here is - when you get an e-mail, don't click on the links. If your bank says you need to take care of something, visit their site by manually typing in the address and then take care of whatever it is.

  5. My bank does NOT know my email address by Anonymous Coward · · Score: 5, Insightful

    I bank online about once a week. Everytime I connect, I check the HTTPS certificate. Also, my bank does not know my email address. If I get email from my bank, I KNOW it's a fake. period.

  6. Re:Baby with the bath water? by MollyB · · Score: 4, Insightful

    He has more to worry about from targeted attacks than phishing attempts.

    Unfortunately, this quote from him doesn't inspire confidence:

    "Far too little attention has been paid to cyber threats and their consequences," Mueller said. "Intruders are reaching into our networks every day looking for valuable information. Unfortunately they're finding it. "

    It would seem that he is resigned to the situation rather than seeking a remedy for it...

  7. This is good by hairykrishna · · Score: 4, Insightful

    While being an idiot he's obviously not so stupid that he doesn't realise that he's an idiot. Hence the self restriction. If more of the worlds idiots followed his example the internet would be a better place.

    --
    "Physics is to math as sex is to masturbation." -R. Feynman
  8. A few clicks away? by njen · · Score: 4, Insightful

    Everyone is always just a few clicks away from being caught in a phishing scam. In fact, wouldn't it be closer to say that everyone is just one click away (the link from their email)?

    It's like saying, I am a few steps away from a cash register at the supermarket...I came this close to be tempted to steal it. But I've solved the problem: I won't enter any supermarkets ever again. Or that everyone is just a few steps away from death by standing by the side of the road, so to avoid being hit by a car, I will never go near a road ever again.

    Sure there are dangers everywhere, one just needs some education, like: never ever ever click on a link in an email claiming to be from your bank. Just like: you should always look both ways in crossing the street. Seriously, my 16 year old brother know both of those...

  9. Re:After reciving an e-mail that appeared... by Aladrin · · Score: 4, Insightful

    They didn't. They scattershot the email and hope some of the people that get the email use that bank. I've received phishing attempts for several banks that I've never used. They were all very large banks.

    They look very real and If I did use those banks, I would have been tempted to click... But being savvy, I'd have contacted my bank via phone or the website instead of clicking on anything in the email.

    How do I know? I've done it with other emails. They all turned out to be real, but when money is involved, it makes sense to be careful with email.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  10. Re:Baby with the bath water? by DarthBart · · Score: 4, Insightful

    Bull. There's one simple way to avoid phishing scams. Open up the browser yourself and type in the address yourself.

    Anytime I access financial information, I enter the address manually. If you can't remember something simply like "paypal.com" or "chasebank.com", you don't need a computer.

    A former coworker of mine accessed his bank this way:

    1) Open IE
    2) Go up to the file menu, select "Open Location"
    3) Enter "http://www.google.com/" (The full URL, not just google.com)
    4) search for "Bank Of America"
    5) Click on the first result, which thankfully was the right BoA site.

  11. Re:Baby with the bath water? by Zebedeu · · Score: 4, Insightful

    Of course, otherwise you risk one day mistyping bankofamerica.com and ending up in a phishing site which looks just like the real thing.

    If you can't trust your bookmarks, you can't trust your computer. If you can't trust your computer, you shouldn't be accessing your online bank on it in any case.

  12. Re:After reciving an e-mail that appeared... by cetialphav · · Score: 4, Insightful

    The question is, why is someone that "non-technical" in charge of cybercrime for the FBI?

    He is not in charge of cybercrime. He is the director of the entire FBI. I imagine that he has a huge amount of knowledge of things you and I know nothing about so I am willing to cut him some slack. We engineers have built a communication system that looks simple and secure to average folk and yet actually requires the detailed knowledge of how it all works to use it securely.

    Every time one of these stories comes up, I am troubled by the attitude that is taken in so many Slashdot comments that the victim (or near victim) must be a complete idiot. We make a system that makes it far too easy to deceive people and then ridicule the victim for being tricked. We will never be able to improve the situation with this attitude.

    It is right to be suspicious of any email claiming to be from your bank, but the fact is that my banks have sent me legitimate emails from them. Those emails have never been digitally signed so verifying their authenticity is tough. So the banks have some responsibility for using email in an unsafe way. But what if they did sign their emails? Well, it still wouldn't matter because Gmail and Yahoo and Hotmail have no provision for verifying digital signatures so the tools used by millions lack a fundamental security feature.