Citing cybercrime, FBI director doesn't bank online

Robert Mueller was recently targeted by phishers

The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt.

FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.

"It looked pretty legitimate," Mueller said Wednesday in a speech at San Francisco's Commonwealth Club. "They had mimicked the e-mails that the bank would ordinarily send out to its customers; they'd mimicked them very well."

In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.

Though he stopped before handing over any sensitive information, the incident put an end to Mueller's online banking.

"After changing our passwords, I tried to pass the incident off to my wife ... as a teachable moment," he said. "To which she deftly replied, 'Well, it is not my teachable moment. However, it is our money. No more Internet banking for you."

Mueller said he considers online banking "very safe" but that "just in my household, we don't use it."

Phishing has evolved into a big problem, not just for banks, but for online retailers and even providers of consumer Web applications such as Facebook and Yahoo.

In June -- the latest month for which figures are available -- the Anti-Phishing Working Group counted nearly 50,000 active phishing Web sites, the second-highest number it has ever recorded.

Late last week, criminals posted tens of thousands of passwords belonging to Microsoft Live Hotmail, Gmail, and Yahoo accounts online. They are all thought to have been stolen via phishing.

Mueller's FBI has had some success in going after phishers. On Wednesday it announced it had arrested 33 people in the U.S. in connection with an international phishing operation. Egyptian authorities have charged 47 in connection with the same scam.

"They targeted American financial institutions and also approximately 5,000 American citizens here in the United States," Mueller said. Dubbed Operation Phish Phry, "it is the largest international phishing case ever conducted," he added.

"Far too little attention has been paid to cyber threats and their consequences," Mueller said. "Intruders are reaching into our networks every day looking for valuable information. Unfortunately they're finding it. "

Tags securityphishingfbi

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

19 Comments

Peter

1

The key is to look carefully at any link you're about to click

Treat any email "from your bank" as suspicious. Hover your mouse over the link. If what you see doesn't agree with what's shown as the link text, don't click it.

Even better, call your bank and talk to someone. Ask them if the email's genuine, and if they can resolve the issue by phone.

Or, just try logging in to your account the same way you always do (from your bookmarks, not from any link in an email). Odds are you'll have no problems at all, and then you'll know the email was a phishing scam.

Anonymous

2

It's simple, really....

If it in any way concerns financial or sensitive matters, then one simple rule will suffice:

NEVER EVER CLICK ON A LINK IN AN EMAIL...

Always type the URL in yourself or log into your bank the way you always do (bookmarks, etc.)

Gary Gendel

3

Another anti-phishing method

Learn to read email headers. Any sensitive emails I validate that the email came directly from the legitimate mail server. This does not mean look at the "From" field, but analyze the "Recieved:" header information.

I've seen some really good replicas of legitimate emails, but none have passed the header analysis. Any that fail I send to the appropriate authorities.

And like Robert, I NEVER click a link in the email to get to a login page, but use my bookmarked link.

Not Peter

4

Looking at the link can still fail

Due to some scripting tricks, the 'hover your mouse' advice can be badly flawed; in certain browsers and email clients, scripting can be used to change the hover/statusbar text to be misleading as well.

ALWAYS type the URL yourself, or use your own bookmarks. A good practice in general for any site you want to visit, to make more certain you're going to the authentic site and not a phishing site. This doesn't only apply to banks! Especially given that most people do not bother to use multiple passwords... their Facebook account has the same password (and even user-name in some cases) as their bank. Steal one, access all.

John

5

Simple and easy: Never trust email from your bank.

I don't understand why people fall for these things. One amazingly simple rule is all you need:

<strong>Never trust email from your bank. Ever.</strong>

If you follow this one basic rule, then you will NEVER fall victim to a phishing scam. It's really just that easy.

Some hints:
<ol>
<li>If the email asks you to click a link, <em>close the email</em>. Then fire up your web browser and type in the bank's website yourself. Or look it up on Google. It's really not that hard.</li>
<li>If the email asks you to call your bank, <em>close the email</em>. Then go to your bank's web site (type it in yourself) and look up their "Contact Us" page. Use that phone number to call.</li>
<li>If the email asks you to reply by email, <em>close the email!</em> If you <em>really</em> need to check your account status, follow hints 1 and 2.</li>
</ol>

See the pattern here?

Patrick

6

Old School Works Wonders

And my bank wonders why I insist on paper copies?

Paper copies means notices must be sent by post rather than email. Phishing through the USPS is certainly possible, but hardly profitable.

Unless you target Warren Buffet.

Anonymous

7

Seems that finanicial institutions should get proactive

Seems that financial institutions, or any commercial transaction should get proactive about default RSA encryption/verfication of email

Anonymous

8

well, don't allow html email except from trusted sources. which should not have to use it either.

Mike

9

Bank emails and phishing

Why stop banking electronically...it's not that process which is unsafe it's the continual issue of people clicking on links in emails and submitting personal information...just delete emails from your bank then and go directly to the site and log in...

anyone who thinks dealing with fellow human beings is any safer is quite naive...people fell for scams long before electronic banking....why do you think the teller at your bank or the person you hand your credit card to for purchasing services or products is any more trustworthy than an electronic process?

Don't toss the baby out with the bath water...just adjust how you manage financial transactions....

Anonymous

10

RE; MIKE

"After changing our passwords, I tried to pass the incident off to my wife ... as a teachable moment," he said. "To which she deftly replied, 'Well, it is not my teachable moment. However, it is our money. No more Internet banking for you."

It's not that he doesn't trust online banking, more that his wife thinks he's a moron and likely to fall for that kind of scam. He didn't make a decision to stop using it, his wife has forbidden him to use.

Anonymous

11

I have to agree with the previous anonymous poster -- I can't believe he'd be so foolish.
Should he be in charge if he is old and out of touch? Well, perhaps he is better at the very top as a figurehead, where he can do less damage, than as someone who has to work daily with the secure databases and information his underlings need to use.

p.s. anyone else reminded of Agent Gill from the movie "Hackers?"

Anonymous

12

FBI Director = Full of Fail

He just told the world his wife wears the pants in his family. She thinks he's a moron and unable to handle the task of keeping their own stuff secure.

Ant

13

Me either.

I don't bank and do anything with money online (nor do I have a credit card) either.

Anonymous

14

Good riddance. If you almost fall for a phishing scam, you'd better take your name out of the game. The Internet doesn't need any more idiots hanging around...

concerned

15

power grid is also a vector

i don't even have electricity.

Anonymous

16

Seriousness of banking fraud tears at being functional Americans

As we teach our young children, our elderly relatives, and general non-computer users to bank online, we learn that suddenly there are all these pitfalls.

There's a very large group of people out there with no money who are simply waiting to take advantage of youngsters, elderly relatives, and newbie computer users in a way so serious that it could cost them their livelihood of living in America.

That is serious enough to go and extract the offenders from other countries - for these foreigners are actually in essence a type of terrorist - they are remotely trying to rob Americans of their life, liberty, and pursuit of happiness.

Anyone doing this domestically is in effect a domestic terrorist, in my opinion.

The FBI director now has experienced firsthand what could happen to any unsuspecting American citizen. I say to you all - be suspect of all electronic communications.

I also suggest to never allow a company to eliminate your paper communications, even if they offer you some type of discount to go completely electronic.

It's that serious.

Anonymous

17

Time you set up the Great Firewall of USA to protect yourselves!

Your reasoning is very logical and the only possible conclusion is that USA, (like China) needs a Great Firewall to protect US citizens from the cyber-robbers, -muggers and -terrorists of the world.

Good luck!

Anonymous

18

Too late ...

It may be too late once you opened the e-mail. If it contained a virus that over-rode the DNS code on your computer, then all your following steps are compromised. Typing the name of the web-site into your browser won't help if your computer now thinks that www.yourbank.com is served by IP address aaa.bbb.ccc.ddd which actually belongs to the phishers.

Anonymous

19

Re: Terrorism Comment

I agree that phishing is serious, but it is important to differentiate criminal acts from terrorist acts. In your comment you consider them indistinguishable because in both cases the effect is to deprive someone of basic rights. The difficulty with this argument is that almost all criminal activity does that so both words lose their unique meanings. Another difficulty with the argument is that government can use different powers, police vs. war, depending on whether an act is criminal or terrorist. If normal criminal behavior is conceptualized as terrorist behavior then the basic restrictions on government use of power (e.g. 5th amendment, 14th amendment) will not necessarily apply.

I don't think anything is lost by just calling cybercrime crime rather than terrorism.

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?