Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why the FBI Director Doesn't Bank Online

samzenpus posted more than 4 years ago | from the crime-almost-paid dept.

Security 360

angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."

cancel ×

360 comments

Sorry! There are no comments related to the filter you selected.

After reciving an e-mail that appeared... (4, Interesting)

fluch (126140) | more than 4 years ago | (#29679355)

Why does he even consider any such e-mail worth reading?! That is the biggest fail in the chain of his doings....

Re:After reciving an e-mail that appeared... (5, Insightful)

dgarciam (1291598) | more than 4 years ago | (#29679393)

Makes you wonder. If the head of the FBI, the guy who knows all the secrets, that sees all the scams all the time almost falls for this, what can we expect from you average house folks? Scams are getting more and more elaborate this days. Not perfect, but getting there

Re:After reciving an e-mail that appeared... (5, Funny)

corbettw (214229) | more than 4 years ago | (#29679469)

My take away from it was that the head of the FBI knows surprisingly little about phishing. Let's hope someone on his staff briefs him on 419 scams before he sends his life's savings to the former finance minister for the deposed Crown Prince of Nigeria.

Re:After reciving an e-mail that appeared... (0, Troll)

clemdoc (624639) | more than 4 years ago | (#29679693)

And spoil us an epic laugh? Anr rob Slashdot of a 'haha see toldyouso' summary whose article doesn't even have to be read?

Re:After reciving an e-mail that appeared... (4, Interesting)

Thansal (999464) | more than 4 years ago | (#29679849)

I would suspect you are right. I don't really know what Robert Mueller's background is (quick look at wiki says marines and law), but I suspect that he wasn't directly involved in cybercrime of any sort. Sure, he gets to make the ultimate decisions, but with lots of advisers/what not who (hopefully) know their stuff.

And hey, at least he didn't ACTUALLY fall for it.

Random note:
The emails you do get from various online institutions don't look all that more legit than the ones from the scamers. I have received 2 notices that an account of mine had been compromised, and I was prompted to login (via a link) and reset my password. One of these was my EBay account I hadn't touched in years. I nearly just binned the email with out even opening it, but curiosity got the better of me and I read through it, checked the links, etc etc, and everything seemed legit, despite looking like a classic phishing attempt.

Re:After reciving an e-mail that appeared... (1)

commodore64_love (1445365) | more than 4 years ago | (#29679583)

This is why I've been pulling back from online banking and other online accounts. It makes no sense to leave half a million dollars sitting on the internet, with nothing to protect it except a password. I moved the money to a different account that can not be accessed unless I physically walk into the bank's building and display photo ID.

Re:After reciving an e-mail that appeared... (2, Funny)

Anonymous Coward | more than 4 years ago | (#29679629)

Photo ID, pffft.

My bank will only allow access to my account when presented with my erect penis.

Re:After reciving an e-mail that appeared... (1, Funny)

Anonymous Coward | more than 4 years ago | (#29679659)

It should be your flaccid penis. Erect penises give away eager identity thieves.

Re:After reciving an e-mail that appeared... (2, Funny)

v1 (525388) | more than 4 years ago | (#29679725)

but that's only for making deposits? and watch out for the penalty for early withdrawl....

Re:After reciving an e-mail that appeared... (1, Funny)

Anonymous Coward | more than 4 years ago | (#29679841)

They keep a microscope at every branch?

-sorry had to :(

Re:After reciving an e-mail that appeared... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29679683)

A half million dollars? Okay, troll.

Re:After reciving an e-mail that appeared... (1)

quantumplacet (1195335) | more than 4 years ago | (#29679861)

yea, anyone who claims they took half a million dollars out of a single online savings account because of concerns about password security is someone who has quite obviously never had a half million dollars.

Re:After reciving an e-mail that appeared... (1)

Zironic (1112127) | more than 4 years ago | (#29679699)

I thought all banks used security tokens for online banking.

Re:After reciving an e-mail that appeared... (1)

jimicus (737525) | more than 4 years ago | (#29679783)

I am told this is the case in some countries.

In many, however, it is the exception rather than the rule. My bank's just issued me a security token (yay!) but they, er, don't use it for the logon process. They only use it for transferring money out of the account.

Which is well and good but the telephone banking system quite often relies on a question like "Can you name a recent transaction on your account please?".

Re:After reciving an e-mail that appeared... (1)

Jedi Alec (258881) | more than 4 years ago | (#29679793)

I thought all banks used security tokens for online banking.

Not in the US...why do you hate freedom(of the banks)?

Re:After reciving an e-mail that appeared... (1)

Publikwerks (885730) | more than 4 years ago | (#29679765)

This is why I've been pulling back from online banking and other online accounts. It makes no sense to leave half a million dollars sitting on the internet, with nothing to protect it except a password. I moved the money to a different account that can not be accessed unless I physically walk into the bank's building and display photo ID.

If you have half a million just sitting in the bank, your an idiot. Without starting up some sort of flameware about how to invest your money, needless to say just leaving it in a bank is nobodies top option.

Re:After reciving an e-mail that appeared... (1)

BiAthlon (91360) | more than 4 years ago | (#29679911)

If he's got 10 million invested, having 500k in the bank is a reasonable percentage. You don't want all your money tied up in non-liquid assets.

Re:After reciving an e-mail that appeared... (1)

2.7182 (819680) | more than 4 years ago | (#29679713)

What it makes me wonder is why someone who is so out of touch is the head of the FBI. Granted many people fall for such things, but for example, probably most readers here wouldn't. The head of the FBI should know better.

Re:After reciving an e-mail that appeared... (2, Interesting)

AvitarX (172628) | more than 4 years ago | (#29679773)

I will admit to almost falling for one the other day.

I marked the e-mail as phishing and it has since been deleted, but it came from "bank of america" and linked to a quite formal looking page asking for info.

it came simoultenious to my having trouble with Bank of America online system (they took over my mortgage account and it has been a pain getting into the online payment since).

I was looking at it, frustrated it was only a solution for credit card issues, and then realized the site was support.com not bank of america.

Maybe I am particularly stupid, but I don't think so.

Re:After reciving an e-mail that appeared... (0)

Anonymous Coward | more than 4 years ago | (#29679781)

Makes you wonder. If the head of the FBI, the guy who knows all the secrets, that sees all the scams all the time almost falls for this, what can we expect from you average house folks? Scams are getting more and more elaborate this days. Not perfect, but getting there

You can expect that he manages expenses, just like any other top executive. Only the workers in the lowest level, of their department, actually do the work. The rest merely monitor and distribute the work. The further up the chain, the more it becomes about numbers.

Re:After reciving an e-mail that appeared... (0)

K. S. Kyosuke (729550) | more than 4 years ago | (#29679525)

Why does he even consider any such e-mail worth reading?!

Because of the brain damage he once suffered when he was beaten by someone at night in a park renowned for the presence of thugs. Rumor has it that an illuminated area was just a few meters away.

Re:After reciving an e-mail that appeared... (2, Funny)

Anonymous Coward | more than 4 years ago | (#29679561)

"FBI director too dumb to use the Internet"

Hilarious. Great headline.

Re:After reciving an e-mail that appeared... (1)

camperslo (704715) | more than 4 years ago | (#29679565)

Even though he did stop just short of being taken in, it is apparent that some of his information was already compromised. How else would they know which of all the banks out there was one he was using?

Re:After reciving an e-mail that appeared... (4, Informative)

turing_m (1030530) | more than 4 years ago | (#29679623)

Even though he did stop just short of being taken in, it is apparent that some of his information was already compromised.

It's not apparent. Dollars to donuts it's far cheaper to send an email targeting a specific bank to a very large number of harvested US email addresses than to somehow find out which email addresses relate to which bank's customers, and send them a targeted email. Emails cost virtually nothing to send.

Re:After reciving an e-mail that appeared... (4, Insightful)

Aladrin (926209) | more than 4 years ago | (#29679633)

They didn't. They scattershot the email and hope some of the people that get the email use that bank. I've received phishing attempts for several banks that I've never used. They were all very large banks.

They look very real and If I did use those banks, I would have been tempted to click... But being savvy, I'd have contacted my bank via phone or the website instead of clicking on anything in the email.

How do I know? I've done it with other emails. They all turned out to be real, but when money is involved, it makes sense to be careful with email.

Re:After reciving an e-mail that appeared... (1)

Chris Mattern (191822) | more than 4 years ago | (#29679837)

There's no real evidence that they did. I get phishing attempts all the time claiming to be about my account on banks I don't do business with. When you send out millions of phishing mails, you can just pick a bank at random. Some of your targets will have accounts with that bank.

Re:After reciving an e-mail that appeared... (0)

Anonymous Coward | more than 4 years ago | (#29679621)

Exactly what I was thinking!

Email from ANY bank? Straight in the trash! No reading! No questions! No options! IN THE TRASH!

You are in charge of a gov org that amongst other things, deals with fraud and such like and you took something at face value? You sir are a prat of the highest order!

I had my bank call me the other day, asked me for details on my account and said they were chasing a fraud scam! I said "Excuse me, but how do I know you are who you say you are?" The bint on the other end of the phone was very put out and started getting shirty! "You call me up and expect me to accept you are from my bank's fraud dept and ask for my personal details? See it from my point of view!". She told me that very few people bother questioning the word of a bank employee when they call up!!! I asked for the dept and got the number of the head office from directory enquiries, called them back. As it turned out it was genuine and I had to cancel my cards and all that malarky!

why can't he use GMail? (1)

shareme (897587) | more than 4 years ago | (#29679695)

Why can't he use GMail? It has this neat feature..it blocks 9.99999999999999999999999999999999999% of all email phishing bank scams..

Re:why can't he use GMail? (1)

smartbei (1112351) | more than 4 years ago | (#29679845)

10% does not seem like something to brag about.
:-)

Re:why can't he use GMail? (0)

Anonymous Coward | more than 4 years ago | (#29679913)

but what about the 91.1111111111111111111111111111111111111111% it doesn't block?

Re:After reciving an e-mail that appeared... (1)

hesaigo999ca (786966) | more than 4 years ago | (#29679735)

I agree, ALL banks tell you they will not communicate with you through email to confirm anything, they will tell you to come down or call, so for you to get an email stating we need to verify something is a scam, PERIOD!
The fact that this guy is even letting us know he came this close to screwing up is not something I would want our
FBI director to be acknowledging! You will hopefully find a letter of resignation soon on someone's desk.

This guy might have thought coming out about this would help tell people "hey, even I got almost nabbed" thinking
it would help solidify the threat level, but the only threat level I see, is the fact we got a dolt running things at the FBI!

Baby with the bath water? (2, Insightful)

grasshoppa (657393) | more than 4 years ago | (#29679371)

I don't meant to deride the director of such an important agency, but seriously? He has more to worry about from targeted attacks than phishing attempts.

A little knowledge goes a long way.

Re:Baby with the bath water? (4, Insightful)

MollyB (162595) | more than 4 years ago | (#29679475)

He has more to worry about from targeted attacks than phishing attempts.

Unfortunately, this quote from him doesn't inspire confidence:

"Far too little attention has been paid to cyber threats and their consequences," Mueller said. "Intruders are reaching into our networks every day looking for valuable information. Unfortunately they're finding it. "

It would seem that he is resigned to the situation rather than seeking a remedy for it...

Re:Baby with the bath water? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29679767)

neatly sidestepping the fact that a lot of attention *has* been paid to it, but people like him have always chosen to ignore it.

Re:Baby with the bath water? (1)

FlyingBishop (1293238) | more than 4 years ago | (#29679625)

There have been a variety of studies that people who think they know better fall for phishing scams, reasonably well crafted, just as much as everyone else.

This includes people like everyone who tagged this story 'idiots' derisively imagining that they would never be so stupid.

All it takes is one day, you're in a hurry, you don't notice that the URL bar is still white, and you're toast.

Re:Baby with the bath water? (2, Insightful)

grasshoppa (657393) | more than 4 years ago | (#29679749)

Well, and for you to enter your login information.

Common sense dictates that you don't follow links from your email to anything financial; you either type it in yourself or you use a bookmark. I know my bank and credit cards don't send me links to click, but even if they did I wouldn't use them.

Re:Baby with the bath water? (4, Insightful)

DarthBart (640519) | more than 4 years ago | (#29679823)

Bull. There's one simple way to avoid phishing scams. Open up the browser yourself and type in the address yourself.

Anytime I access financial information, I enter the address manually. If you can't remember something simply like "paypal.com" or "chasebank.com", you don't need a computer.

A former coworker of mine accessed his bank this way:

1) Open IE
2) Go up to the file menu, select "Open Location"
3) Enter "http://www.google.com/" (The full URL, not just google.com)
4) search for "Bank Of America"
5) Click on the first result, which thankfully was the right BoA site.

A novel concept... (4, Insightful)

laughingcoyote (762272) | more than 4 years ago | (#29679403)

Unfortunately, this does seem like a novel concept: If you can't use it properly, and are unwilling to take the time to learn, don't use it at all!

Of course, it's a bit disturbing that the head of a major law enforcement agency can be scammed that easily. I know plenty of people (who aren't in any type of computer/tech field) who know very well that you never, under any circumstances, ever, go to a sensitive website from an email link, and you most certainly never enter any login details unless you've gone directly there. That's pretty common knowledge anymore, and this is a guy you'd expect to know better. Leads you to wonder what other simple concepts he can't get straight.

Re:A novel concept... (1, Funny)

Anonymous Coward | more than 4 years ago | (#29679491)

He's a the top manager. Is he expected to know anything? That's for the underlings to take care of.

Re:A novel concept... (1)

quantumplacet (1195335) | more than 4 years ago | (#29679897)

No, if you RTFA, he's a man. Is he expected to know anything? That's for the wife to take care of.

Re:A novel concept... (2, Insightful)

Demetris (852051) | more than 4 years ago | (#29679589)

Of course, it's a bit disturbing that the head of a major law enforcement agency can be scammed that easily.

I would put it a bit differently: It's a bit disturbing that a person that can be scammed so easily is the head of a major law enforcement agency.

Re:A novel concept... (1)

mcgrew (92797) | more than 4 years ago | (#29679851)

Leads you to wonder what other simple concepts he can't get straight.

Well, if you're tired enough it's easy to fuck up and do something stupid when you actually know better. The moral of the story is make sure you finish drinking your coffee before you check your email.

I hope this guy finishes his coffee before he drives to work. You, too. I found this article [newscientist.com] interesting; it seems one can be both asleep and awake at the same time. It explains Mueller's near fuckup.

Wait wha...? (4, Insightful)

alexandre (53) | more than 4 years ago | (#29679405)

The FBI Directors doesn't know to never click on a link from "his bank" in his email?
So i guess I can call him as his bank and ask him for his password too without him actually calling back to the real number?

No wonder security is broken ...

The I in FBI is "Investigation", not intelligence. (0)

Anonymous Coward | more than 4 years ago | (#29679411)

E-mails from banks should always result in a break of medium: Call them (and not at a number mentioned in the e-mail). Perhaps that will teach banks not to send e-mails with links in them, or at least not unsigned e-mails.

Re:The I in FBI is "Investigation", not intelligen (0)

Anonymous Coward | more than 4 years ago | (#29679655)

I've been wondering for years why the banks have not pushed signed e-mails. But no, they continue sending HTML-mails with links being passed through doubleclick.com's traffic analyzer. It's their own fault if people can't tell e-mails apart! The same is true for e-bay, paypal and the rest of them.

My recommendation to those companies: Ban any type of HTML-mail, sign all mails (this way, at least people with knowledge will be able to use this feature), NEVER use third-party domains (tracking.doubleclick.example/relink/bla.asp?flightid=3323523453425), and make all your links of the type mybank.example/shortlink, not blabla3.server15.mybank-links.example/deep/directory/structure/index.asp?token=2039820582435&linkid=2309542350&sender=23532&ie=utf-8

One more thing... (0)

Anonymous Coward | more than 4 years ago | (#29679739)

I forgot, also give out a big rebate/better interest rates to customers who use NoScript (which is easy to check during logon). The worst banks in this regard are Citibank and ING-DIBA (shudder).

Really? (1)

MrSmith0011000100110 (1344879) | more than 4 years ago | (#29679415)

I think the real question is why he would admit to A) Not using a bank B) Almost falling for a phishing scam. The director of the FBI and he doesn't know to check headers or ignore direct communication from such an institution? FAIL. He should direct himself to the back of the unemployment line and the FBI should hire someone with a clue. Wait, what are you doing here?? Get away from tha....

There's your problem. (4, Insightful)

headhot (137860) | more than 4 years ago | (#29679417)

All emails from my "bank" get filtered right into the trash. It its important, they will call or send a letter.

Yes Dear! (4, Funny)

muckracer (1204794) | more than 4 years ago | (#29679421)

Fortunately his wife will continue to use online banking...

Re:Yes Dear! (-1, Offtopic)

arndawg (1468629) | more than 4 years ago | (#29679573)

This is the FBI. He's too busy chasing aliens to have a wife...

In other news (3, Insightful)

Viper23 (172755) | more than 4 years ago | (#29679423)

Chinese and Russian governments scramble to create look-alikes for the FBI's intranet.

EMail Robert Mueller pretending to be from tech support.

Re:In other news (1)

Runaway1956 (1322357) | more than 4 years ago | (#29679815)

Hmmmm. Now I'm curious whether we could slashdot the FBI's website. They'd probably investigate us like we were 4chan, LMAO

My bank does NOT know my email address (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29679427)

I bank online about once a week. Everytime I connect, I check the HTTPS certificate. Also, my bank does not know my email address. If I get email from my bank, I KNOW it's a fake. period.

My bank doesn't do account info through email (1)

blackchiney (556583) | more than 4 years ago | (#29679449)

It was a pain to setup because their refusal to send anything important by email, but I guess it's for the best. The only email I receive from my bank is offers for more credit. Anything related to my account is done with registered mail and a phone call.

And now for something completely different. (0)

Anonymous Coward | more than 4 years ago | (#29679457)

This caused a brainfart: It'd be nice if banks were savvy enough to negotiate encryption in email. Say, I give them a public key and they give me one, and their systems will automatically encrypt-and-sign with the agreed-upon keys.

As it is, even joe average cannot do something that simple, because the way the crypto-hippies provided it, it isn't simple at all. So, we'll be stuck with no encryption until governments mandate it, and then it'll be hierarchical and a good chance key escrow got built in right from the start.

Car Accident (2, Insightful)

Crock23A (1124275) | more than 4 years ago | (#29679461)

I almost got into a car accident when someone cut me off on the way to work this morning. By the logic suggested by TFS, I should stop using the public roadways.

Re:Car Accident (1)

damn_registrars (1103043) | more than 4 years ago | (#29679551)

I almost got into a car accident when someone cut me off on the way to work this morning. By the logic suggested by TFS, I should stop using the public roadways.

I wish people where I live would apply that logic, my drive to work would be a lot safer.

Although I think we could probably make a positive change in the situation by actually making the driver license test difficult. However the state makes more revenue from the people who drive than those who do not...

Re:Car Accident (0)

Anonymous Coward | more than 4 years ago | (#29679557)

There's one thing you're missing from that logic: are you willing to take the chance? You should stop using public roadways if you're not willing to take any chance at getting in a car accident.

Disease: Gullibility - Cure: None Known (1)

iYk6 (1425255) | more than 4 years ago | (#29679709)

Someone cutting you off isn't your fault. This is more like you almost getting into an accident because you had a narcoleptic episode. In which case, you shouldn't drive.

You could say that the FBI director could be cured with knowledge, but knowledge doesn't cure gullibility, only ignorance. It is rare that people recover from gullibility.

A fool and his money, are soon parted (1)

Dogbertius (1333565) | more than 4 years ago | (#29679463)

Anyone who falls for these scams really, really, shouldn't be using a computer for online banking. Heck, on one occasion I'm almost certain I got a fake call from the bank as well, considering the bizarre questions that were being asked to "verify my identity" prior to offering me some insurance package. Fortunately, being Link of Hyrule didn't seem to stop my interviewer from proceeding to sign me up for some awesome house insurance. Wonder how he got my alias on file...

Re:A fool and his money, are soon parted (1)

agentgonzo (1026204) | more than 4 years ago | (#29679577)

...considering the bizarre questions that were being asked to "verify my identity" prior to offering me some insurance package...

This is one area which most people (including the banks) fail to see the security weakness - phonecalls from banks. I've had many calls from my bank (or phone company/ISP) which start with "This is such and such bank calling for Mr XXX. Can you just confirm your identity with the following security questions..."

I refuse to answer the questions until they have convinced me that they are the bank - afterall, I could call up a random person pretending to be the bank/insurance provider etc many times over the course of a few weeks asking different security questions until I know all their answers to all their security questions, then just phone up their bank claiming to be them and transfer all their money to me. In many cases, this results in an impasse as there is no number I can look up on the internet/yellow pages to call them back so I know that they are the bank, and they are unwilling to offer any information to me to prove who they are until I've verified who I am, which I won't do until I know who they are...

My friend has gone through a verification of their address with the bank with her saying the first line, then the bank saying the next line and alternating like this such that they both acknowledge the authenticity of the other party before proceeding. In that case it was just offering insurance so why they needed to verify her identity I have no idea. She hung up about 30 seconds after the 5 minute verification procedure when she realised they were just cold-calling her.

authenticated e-mails (1)

muckracer (1204794) | more than 4 years ago | (#29679467)

I am wondering, what's so hard about fixing this issue once and for all. We've had e-mail signing for a couple decades now available to everybody. Since most folks will happily stick any "Installation CD" they get into their machines, why can't, for example, one be given out to each new bank customer which then adds a certificate or public key etc. to his e-mail. Hell, they could even install their own e-mail and browser app for exclusive use with their online services. If I had a bank I'd be ashamed for making customers hop through nonsensical procedures like forced password changes or automatic account disabling (my bank disabled my login after me not having used it for more than 90 days!), yet providing no secure communication channel via e-mail nor phones!

Re:authenticated e-mails (0)

Anonymous Coward | more than 4 years ago | (#29679605)

Where's that copy-and-paste "you have advocated a ... solution" form letter? That thing cracks me up every time. On the other hand, it is about time to fix this once and for all!!

Re:authenticated e-mails (1)

muckracer (1204794) | more than 4 years ago | (#29679689)

So what's the solution you advocate? :-)

Re:authenticated e-mails (1)

Dudibob (1556875) | more than 4 years ago | (#29679705)

You what!? Banks install software on a machine? Whats to stop the fraudsters from doing this and having access to the whole machine *shudders*

Re:authenticated e-mails (1)

muckracer (1204794) | more than 4 years ago | (#29679733)

> Banks install software on a machine? Whats to stop the fraudsters from doing this

Well, the fraudster is unlikely to sit on a desk at your bank shuffling your account opening papers around. And if s/he is, you have other problems than your computer being taken over :-)

Re:authenticated e-mails (1)

Arlet (29997) | more than 4 years ago | (#29679721)

Once you get infected with a trojan (which happens to a lot of people), it is trivial to put some fake public keys on your machine, or to insert a fake e-mail straight into your inbox.

My bank uses a better solution: they send me regular mail. They don't even have my e-mail address, so I can ignore any mail that claims to be from them.

Instead he should... (2, Insightful)

MikeRT (947531) | more than 4 years ago | (#29679481)

Be calling for legislation that makes banks responsible for identity theft and any subsequent damage to consumer credit ratings. That would make the FBI's job much easier since the banks would never send emails, among other things, to make sure that they are diligent about identity theft.

Re:Instead he should... (1)

Rocketship Underpant (804162) | more than 4 years ago | (#29679889)

Considering how little he apparently knows about phishing and the Internet in general, it would probably be a catastrophe if he pushed for a law based on that ignorance.

Re:Instead he should... (0)

Anonymous Coward | more than 4 years ago | (#29679921)

That would make the FBI's job much easier since the banks would never send emails, among other things, to make sure that they are diligent about identity theft.

You're assuming that people would actually pay attention to the banks when they say they'll never ask you for personal information. Restricting how the banks communicate with customers won't solve the problem because the problem isn't entirely with the banks, it's also with people who don't take the time to think about *why* they're being asked for sensitive information, or who exactly is asking for it.

The bank I use goes to huge lengths to make it clear that they'll not ask you for information, but if people won't read that information then there will always be a few customers that get conned. With your solution you'd end up with situations where a bank that genuinely tried to stop this happening still gets hammered by the law because some of their customers are idiots, and then the banks would probably end up severely restricting some of the incredibly useful services they offer online to protect themselves.

This is good (4, Insightful)

hairykrishna (740240) | more than 4 years ago | (#29679485)

While being an idiot he's obviously not so stupid that he doesn't realise that he's an idiot. Hence the self restriction. If more of the worlds idiots followed his example the internet would be a better place.

Re:This is good (2, Insightful)

Runaway1956 (1322357) | more than 4 years ago | (#29679893)

That might be the most insightful post yet. We ALL do stupid shit - no matter HOW SMART we are. A freaking genius rocket scientist might be to spastic to drive safely. That's cool, as long as the genius realizes that he's a spaz, and can't drive. If he doesn't figure it out - well, there's a fine line between genius and idiocy. The idiot will kill himself, or someone else.

Everyone on slashdot who has NEVER done anything stupid, not once in their lives, should sign in below. Ever searched for you glasses, just to find them on your face? Searched for your car keys, just to find them in your pocket, or in the ignition? BRAIN FART!! We're all prone to have them, some more often than others.

New anti phishing HTML tag (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29679489)

1) the text displayed must equal the the link

for example www.yahoo.com points to www.yahoo.com
you cannot make links such as www.yahoo.com pointing to www.phish.com

2) the link can only consist of a-z, A-Z and .

So my genius idea solve this stupid phishing problem.

Ironic -- cops exist to reduce fear! (1)

redelm (54142) | more than 4 years ago | (#29679519)

Beyond throwing the baby out with the bathwater, this is deeply ironic -- the head of the FBI, arguably the US top policeman, giving into fear of criminals rather than fighting them.

Viewed on a negative basis, police deter lawbreaking by catching offenders so they can be punished downstream in the judicial system. From a positive basis, police create a climate where the people do not need to fear crime and so can be less stressful and more productive. Rather important.

The one thing police should never do is show fear or give into crime. It is a fundamental abdication of responsibility and encourages the lawless. (some inner city areas). If they do, then what is their justification for SWAT -- heavy armament and aggressive tactics? They should just turn tail and run.

A few clicks away? (4, Insightful)

njen (859685) | more than 4 years ago | (#29679523)

Everyone is always just a few clicks away from being caught in a phishing scam. In fact, wouldn't it be closer to say that everyone is just one click away (the link from their email)?

It's like saying, I am a few steps away from a cash register at the supermarket...I came this close to be tempted to steal it. But I've solved the problem: I won't enter any supermarkets ever again. Or that everyone is just a few steps away from death by standing by the side of the road, so to avoid being hit by a car, I will never go near a road ever again.

Sure there are dangers everywhere, one just needs some education, like: never ever ever click on a link in an email claiming to be from your bank. Just like: you should always look both ways in crossing the street. Seriously, my 16 year old brother know both of those...

Re:A few clicks away? (1)

characterZer0 (138196) | more than 4 years ago | (#29679631)

I bet he actually typed some information into a web form, but did not click the submit button. Little does he know that some javascript already sent what he typed in anyway.

Re:A few clicks away? (0)

Anonymous Coward | more than 4 years ago | (#29679909)

That is why javascript needs to die. Noscript though not perfect, is really nice. A page doesn't work without javascript? Don't go to it.

best anti-phishing : language other than English (0)

Anonymous Coward | more than 4 years ago | (#29679529)

When I receive a phishing from a paypal scammer, I know it, because it's in English, while the true paypal know that I speak French.

Technical Issue (3, Funny)

Viper23 (172755) | more than 4 years ago | (#29679539)

Robert Mueller,

There has been a technical issue we need to resolve with your account at counter-intel.fbi.gov [fsb.gov.ru] .

Please click on the above link and fill in your details. Follow the on screen instructions and the error will be corrected.

Thank you and have a good day,

FBI Technical Support

...And he's in the know (1)

realsilly (186931) | more than 4 years ago | (#29679569)

It's any wonder why Americans are such targets of such scams. If someone who really knows what to look for almost falls into the traps, how can the Americans who aren't as tech savy survive such scams and be held at fault? How about some good old public broadcasting on the TV's telling folks about such emails. We warn people about drugs to educate them, lets do that with some of these cyber scams and smarten up some people. Let's become less targets and more careful.

Woah... (2, Funny)

Azuaron (1480137) | more than 4 years ago | (#29679581)

Robert Mueller's the guy I keep getting emails from asking me to accept some money from Nigeria. He's always claimed to be the head of the FBI, but I never believed him. Man, all this time I've been risking arrest and denying myself several hundred thousand US dollars just because I thought it was a scam! I guess you shouldn't be skeptical of everything you get in your inbox.

Not a surprise (3, Insightful)

AndGodSed (968378) | more than 4 years ago | (#29679585)

I am not surprised.

The director of any agency does not necessarily deal with all the scams and most likely not with IT. He runs the business/admin side of things, and he has people working under him to take care of things like security etc.

What seems to be missed is that phishers has the e-mail address of the director of the FBI. Either it is a personal e-mail address - and I am not even sure people in that position are allowed to have personal/web e-mails. OR it is his FBI address - and that is more worrying than that he almost fell for a scam.

Another thing that worries me is that he takes nothing away from this experience - almost got caught, so I won't bank online anymore. Heck I would expect someone of his stature to go - Almost got caught, yikes better make sure that does not happen again.

The direct effect of this is that the director of the FBI is now going to either bank by phone (and that is a security hole right there) or going to wait in the qeue at the bank - exposing him to other risks.

I would've thought that higher up officials such as him had access to alternative more secure methods of doing things like bankin - how does the President of the USA do it, for instance?

No telephones at FBI headquarters? (1)

HangingChad (677530) | more than 4 years ago | (#29679597)

He couldn't use the telephone to do 2 minutes of investigation before biting? He runs an agency with "investigation" in their name yet accepts email at face value? Let me guess, all their phones have been disconnected because they're a security risk.

Besides, if he was checking on his accounts regularly, he'd know if there was any unusual activity.

This says a lot about the head of the FBI, none of it particularly flattering. He accepts whatever comes across his desk at face value, doesn't do any actual fact checking himself and doesn't stay on top of things.

Yeah, I'm inspired with confidence.

Resignation accepted... (0)

Anonymous Coward | more than 4 years ago | (#29679599)

Mueller should step aside and let Fox Mulder take over as director. He was that guy from the nineties reality TV show; no way he'd be gullable enough to fall for something like this!

You sir should Quit (1, Troll)

retech (1228598) | more than 4 years ago | (#29679611)

While I admire his honesty, I must say that someone who is chock full of this much stupid should not be in any position of authority.

This is a prime example of why we need laws to weed out the ignorant.

Re:You sir should Quit (1)

characterZer0 (138196) | more than 4 years ago | (#29679637)

Nobody not chock full of that much stupid would get themselves into that kind of position of authority.

Re:You sir should Quit (1)

mwburden (134847) | more than 4 years ago | (#29679727)

Agreed.

Rule #1: Your bank does not email you about important stuff.

Rule #2: If your bank emails you, don't follow links in the email, just go log in like you normally do.

Two simple rules. This isn't rocket science!

The head of the FBI isn't an MIB (1)

ShooterNeo (555040) | more than 4 years ago | (#29679653)

The head of the FBI isn't a superman, or an expert on every form of crime. It's entirely possible the man spent his investigative entire career focusing on a particular type of crime, before working his way up through management. Furthermore, the computers the FBI uses are probably quite similar to the ones used in a bank or comparable corporate activity. One would hope that their records security is at least as good as a bank. Unlike a bank, the FBI is mostly not subject to liability if they screw up, nor do they receive a larger budget if they do a better job one year. (in fact, Congress might CUT the FBIs budget if they do exceptionally well a particular fiscal cycle)

It's a popular meme in the media to give federal agents of all stripes super skills and technology that ordinary citizens don't have. Yet, for the most part, I suspect this isn't the case. (the exception to the rule is that the FBI DOES have enormous power to spy on and harass ordinary citizens who are never charged with a crime, and has abused this power many, many, many times in the past)

Emails sent for free, letters cost you Â&poun (1)

germ!nation (764234) | more than 4 years ago | (#29679671)

I don't even know why anyone would even read emails from any bank. They tell you that any important messages are sent to the in-account message system and at the very least, in the UK anyway, if anything is so wrong with your account that a bank deems is necessary to get in contact with you instead of the other way round then they will gladly sent you a letter that costs you £25.

It amazes me at the level at which people can't even stop and think.

Re:Emails sent for free, letters cost you Â&a (1)

jimicus (737525) | more than 4 years ago | (#29679859)

My bank (and I'm also in the UK) has recently taken to sending me emails. Complete with "click here to check your account" links.

Yes, I've checked. They were genuine, not a phishing attempt.

Yes, I asked my bank what the hell they thought they were doing.

No, I didn't get a sensible reply.

OK, so he doesn't bank online.. (2, Interesting)

Idaho (12907) | more than 4 years ago | (#29679677)

..because he does not understand simple concepts about human nature and, resulting from this, the way in which modern banks conduct their business (e.g. never sending out mails about internet banking/passwords), and is apparently oblivious to the concept of such scams even though it has been reported in the mainstream press over and over again.

Somehow, it worries me that such a person would be the head of the FBI. Good thing I don't live in the States then, although I have reason to expect [youtube.com] things aren't much different where I live.

That link is in Dutch, but you can still gather the idea from watching the movie. What you see is the prime minister (at the time) of the Netherlands who clearly has no clue whatsoever what a computer mouse is for and how it should be used (he attempts to use it like a TV remote). A six year old (!!) girl (!) then helps him out in sending an e-mail. This happened about 10 years ago, but mice had been 100% mainstream for at least a decade then (since Windows 3.11 at least - I mean, if six year old girls know, you can be pretty sure it was well out of nerd-territory by then).

The scary thing is that *these* are also the kind of persons in positions to come up with laws and regulations regarding the internet, filesharing, etc.

He should resign (0)

Anonymous Coward | more than 4 years ago | (#29679691)

It's so comforting to know that the Director of the FBI is so stupid as to (nearly?) click on a link in an email just because it claims to be from his bank. Doesn't he have direct links to his bank bookmarked in his browser? Oh wait, he's probably using IE 6 anyway... He still has his job?

Bank of America (1)

LtGordon (1421725) | more than 4 years ago | (#29679755)

I have a Bank of America account and, to be honest, my experience with their customer service has been average at best; what keeps me a customer is the quality of their web management.

SiteKey-like authentication should be the industry norm. I have to prove who I am to access my account, they should also have to prove to me who they are if they want my info. It just makes sense. Granted, I did read a study that showed that a well-crafted phishing site asking for a standard login/password was still fairly effective. That's not to say that SiteKey isn't a good idea, but that education is still half the battle.

Disclosure: I've previously had accounts with WaMu (now Chase), Wachovia, and a local credit union. Customer service has been meh no matter the bank, but BoA by far has had the best web site. IANACSA (Computer Security Analyst), but I do play one on the internet.

Gullable is a four-syllable word, look it up! (1)

daivd (1649297) | more than 4 years ago | (#29679779)

This may be famous last words and all.. but falling for an official looking email is stupid. It is not stupid for someone who knows nothing about the Internet to do so, but if you know anything about how scams and/or email work it is a sign that you may be dense. There are real dangers online. Dangers such as hackers, DDOSers, getting your WLAN or router eavesdropped, DNS poisoning, etc. Fake emails with an authentic logo (ooooh!) are not one of them.

I don't normally criticize random people online, but maybe he is not suitable to be the director of something.

media mix (1)

Tom (822) | more than 4 years ago | (#29679803)

And you'd think the head of the friggin FBI knows a little more than that. Maybe he should go and talk with his friends at the NSA?

There's a straightforward solution to this so simple that it hurts. Don't mix media. I have a bookmark for my online banking. If I ever receive a mail from my bank with some "important information about my account", I will click on that bookmark, never on the link in the e-mail, and if the info is real, it'll be there in my online banking message box.

Same with PayPal, Amazon, ebay and any other site. It really is so simple, I think I could explain it to my grandma, and she's demented.

pussy whipped (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29679839)

FTFA:

"After changing our passwords, I tried to pass the incident off to my wife ... as a teachable moment," he said. "To which she deftly replied, 'Well, it is not my teachable moment. However, it is our money. No more Internet banking for you."

ATMs and mugging? (2, Insightful)

Jason Levine (196982) | more than 4 years ago | (#29679865)

So he's not using online banking because some phisher sent him an e-mail and he almost fell for it? If he took some money out of an ATM and then someone tried to mug him, would he refuse to use ATMs from then on? If he saw a report of a bank robber killing someone during a robbery attempt, would he not go into a bank's branch to do his banking? Just because the phishing attempt occurred doesn't necessarily mean that his bank's online banking system is insecure.

is it so difficult to.. (1)

Pvt_Ryan (1102363) | more than 4 years ago | (#29679901)

just type the url or your bank into the address bar?

www.mybank.com <- wow typing that nearly gave me rsi..

I was one click further away than him (1)

davidwr (791652) | more than 4 years ago | (#29679919)

I got an email but did NOT click on it!

Now that I've switched to First Mattress Bank that won't be a problem anymore.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>