Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why the FBI Director Doesn't Bank Online

Posted by samzenpus on from the crime-almost-paid dept.

angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."

21 of 360 comments (clear)

  1. After reciving an e-mail that appeared... by fluch · · Score: 4, Interesting

    Why does he even consider any such e-mail worth reading?! That is the biggest fail in the chain of his doings....

    1. Re:After reciving an e-mail that appeared... by dgarciam · · Score: 5, Insightful

      Makes you wonder. If the head of the FBI, the guy who knows all the secrets, that sees all the scams all the time almost falls for this, what can we expect from you average house folks? Scams are getting more and more elaborate this days. Not perfect, but getting there

    2. Re:After reciving an e-mail that appeared... by corbettw · · Score: 5, Funny

      My take away from it was that the head of the FBI knows surprisingly little about phishing. Let's hope someone on his staff briefs him on 419 scams before he sends his life's savings to the former finance minister for the deposed Crown Prince of Nigeria.

      --
      God invented whiskey so the Irish would not rule the world.
    3. Re:After reciving an e-mail that appeared... by turing_m · · Score: 4, Informative

      Even though he did stop just short of being taken in, it is apparent that some of his information was already compromised.

      It's not apparent. Dollars to donuts it's far cheaper to send an email targeting a specific bank to a very large number of harvested US email addresses than to somehow find out which email addresses relate to which bank's customers, and send them a targeted email. Emails cost virtually nothing to send.

      --
      If I have seen further it is by stealing the Intellectual Property of giants.
    4. Re:After reciving an e-mail that appeared... by Aladrin · · Score: 4, Insightful

      They didn't. They scattershot the email and hope some of the people that get the email use that bank. I've received phishing attempts for several banks that I've never used. They were all very large banks.

      They look very real and If I did use those banks, I would have been tempted to click... But being savvy, I'd have contacted my bank via phone or the website instead of clicking on anything in the email.

      How do I know? I've done it with other emails. They all turned out to be real, but when money is involved, it makes sense to be careful with email.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    5. Re:After reciving an e-mail that appeared... by Thansal · · Score: 4, Interesting

      I would suspect you are right. I don't really know what Robert Mueller's background is (quick look at wiki says marines and law), but I suspect that he wasn't directly involved in cybercrime of any sort. Sure, he gets to make the ultimate decisions, but with lots of advisers/what not who (hopefully) know their stuff.

      And hey, at least he didn't ACTUALLY fall for it.

      Random note:
      The emails you do get from various online institutions don't look all that more legit than the ones from the scamers. I have received 2 notices that an account of mine had been compromised, and I was prompted to login (via a link) and reset my password. One of these was my EBay account I hadn't touched in years. I nearly just binned the email with out even opening it, but curiosity got the better of me and I read through it, checked the links, etc etc, and everything seemed legit, despite looking like a classic phishing attempt.

      --
      Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
    6. Re:After reciving an e-mail that appeared... by ArsenneLupin · · Score: 5, Informative

      checked the links

      You don't check the links, you don't use them at all. Instead, you access the site through a bookmark, or via typing in the URL manually if you no longer have a bookmark. It's all too easy to confuse an l with an I or a 1. Or rn and m depending on what font you have. Or the attacker might play similar tricks using exotic characters that you do not even know to exist (How similar is a greek capital Rho to a capital P?).

    7. Re:After reciving an e-mail that appeared... by cetialphav · · Score: 4, Insightful

      The question is, why is someone that "non-technical" in charge of cybercrime for the FBI?

      He is not in charge of cybercrime. He is the director of the entire FBI. I imagine that he has a huge amount of knowledge of things you and I know nothing about so I am willing to cut him some slack. We engineers have built a communication system that looks simple and secure to average folk and yet actually requires the detailed knowledge of how it all works to use it securely.

      Every time one of these stories comes up, I am troubled by the attitude that is taken in so many Slashdot comments that the victim (or near victim) must be a complete idiot. We make a system that makes it far too easy to deceive people and then ridicule the victim for being tricked. We will never be able to improve the situation with this attitude.

      It is right to be suspicious of any email claiming to be from your bank, but the fact is that my banks have sent me legitimate emails from them. Those emails have never been digitally signed so verifying their authenticity is tough. So the banks have some responsibility for using email in an unsafe way. But what if they did sign their emails? Well, it still wouldn't matter because Gmail and Yahoo and Hotmail have no provision for verifying digital signatures so the tools used by millions lack a fundamental security feature.

  2. A novel concept... by laughingcoyote · · Score: 4, Insightful

    Unfortunately, this does seem like a novel concept: If you can't use it properly, and are unwilling to take the time to learn, don't use it at all!

    Of course, it's a bit disturbing that the head of a major law enforcement agency can be scammed that easily. I know plenty of people (who aren't in any type of computer/tech field) who know very well that you never, under any circumstances, ever, go to a sensitive website from an email link, and you most certainly never enter any login details unless you've gone directly there. That's pretty common knowledge anymore, and this is a guy you'd expect to know better. Leads you to wonder what other simple concepts he can't get straight.

    --
    To fight the war on terror, stop being afraid.
    1. Re:A novel concept... by donaggie03 · · Score: 4, Insightful

      He wasn't scammed. He was almost scammed. Everyone who uses the internet has "almost" been scammed, for varying degrees of "almost."

      --
      Three days from now?? Thats tomorrow!! ~Peter Griffin
  3. Wait wha...? by alexandre · · Score: 4, Insightful

    The FBI Directors doesn't know to never click on a link from "his bank" in his email?
    So i guess I can call him as his bank and ask him for his password too without him actually calling back to the real number?

    No wonder security is broken ...

  4. There's your problem. by headhot · · Score: 4, Insightful

    All emails from my "bank" get filtered right into the trash. It its important, they will call or send a letter.

    1. Re:There's your problem. by D+Ninja · · Score: 4, Insightful

      ...except, they won't. Many people do everything through online banking. A number of banks have complete "opt-out-of-paper" programs, so you won't see another letter in your life (except maybe major documents that need signed). The real trick here is - when you get an e-mail, don't click on the links. If your bank says you need to take care of something, visit their site by manually typing in the address and then take care of whatever it is.

  5. Yes Dear! by muckracer · · Score: 4, Funny

    Fortunately his wife will continue to use online banking...

  6. My bank does NOT know my email address by Anonymous Coward · · Score: 5, Insightful

    I bank online about once a week. Everytime I connect, I check the HTTPS certificate. Also, my bank does not know my email address. If I get email from my bank, I KNOW it's a fake. period.

  7. Re:Baby with the bath water? by MollyB · · Score: 4, Insightful

    He has more to worry about from targeted attacks than phishing attempts.

    Unfortunately, this quote from him doesn't inspire confidence:

    "Far too little attention has been paid to cyber threats and their consequences," Mueller said. "Intruders are reaching into our networks every day looking for valuable information. Unfortunately they're finding it. "

    It would seem that he is resigned to the situation rather than seeking a remedy for it...

  8. This is good by hairykrishna · · Score: 4, Insightful

    While being an idiot he's obviously not so stupid that he doesn't realise that he's an idiot. Hence the self restriction. If more of the worlds idiots followed his example the internet would be a better place.

    --
    "Physics is to math as sex is to masturbation." -R. Feynman
  9. A few clicks away? by njen · · Score: 4, Insightful

    Everyone is always just a few clicks away from being caught in a phishing scam. In fact, wouldn't it be closer to say that everyone is just one click away (the link from their email)?

    It's like saying, I am a few steps away from a cash register at the supermarket...I came this close to be tempted to steal it. But I've solved the problem: I won't enter any supermarkets ever again. Or that everyone is just a few steps away from death by standing by the side of the road, so to avoid being hit by a car, I will never go near a road ever again.

    Sure there are dangers everywhere, one just needs some education, like: never ever ever click on a link in an email claiming to be from your bank. Just like: you should always look both ways in crossing the street. Seriously, my 16 year old brother know both of those...

  10. Re:Baby with the bath water? by DarthBart · · Score: 4, Insightful

    Bull. There's one simple way to avoid phishing scams. Open up the browser yourself and type in the address yourself.

    Anytime I access financial information, I enter the address manually. If you can't remember something simply like "paypal.com" or "chasebank.com", you don't need a computer.

    A former coworker of mine accessed his bank this way:

    1) Open IE
    2) Go up to the file menu, select "Open Location"
    3) Enter "http://www.google.com/" (The full URL, not just google.com)
    4) search for "Bank Of America"
    5) Click on the first result, which thankfully was the right BoA site.

  11. Re:Baby with the bath water? by TheGratefulNet · · Score: 5, Interesting

    Mueller said. "Intruders are reaching into our networks every day looking for valuable information. Unfortunately they're finding it. "

    wait; who, again, are the bad guys?

    given their MO, I consider the feds and police to be 'bad guys' when it comes to their perceived right to 'sneek and peek' any damned place they want for any reason at all. attach a gps to your car? no problem. and on and on it goes.

    the government is THE WORST INTRUDER in our personal lives, these days.

    I worry much less about criminals. they have a lot less power over me and once they do their deed, they're gone from my life.

    --

    --
    "It is now safe to switch off your computer."
  12. Re:Baby with the bath water? by Zebedeu · · Score: 4, Insightful

    Of course, otherwise you risk one day mistyping bankofamerica.com and ending up in a phishing site which looks just like the real thing.

    If you can't trust your bookmarks, you can't trust your computer. If you can't trust your computer, you shouldn't be accessing your online bank on it in any case.