Phishing Scam Spooked FBI Director Off E-Banking
In announcing a crackdown on "phishing" e-mail scams that netted one of the FBI's largest cyber crime cases ever, FBI Director Robert Mueller on Wednesday offered a candid revelation: A personal close call with a phishing scam has kept his family away from online banking altogether.
Addressing the Commonwealth Club of California in San Francisco, Mueller spoke at length about the insidiousness of cyber crime, and how cyber criminals had affected him personally.
Not long ago, the head one of our nation's domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea.
It turned out that he was just a few clicks away from falling into a classic Internet "phishing" scam--"phishing" with a "P-H." This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. Yet he barely caught himself in time.
He definitely should have known better. I can say this with certainty, because it was me.
After changing all our passwords, I tried to pass the incident off to my wife as a "teachable moment." To which she replied: "It is not my teachable moment. However, it is our money. No more Internet banking for you!"
So with that as a backdrop, today I want to talk about the nature of cyber threats, the FBI's role in combating them, and finally, how we can help each other to keep them at bay.
Mueller's comments are an interesting contrast to the views expressed by the former director of the FBI's cyber division, James Finch, who said he wasn't going to let cyber thugs deprive him of the efficiencies and convenience that online banking have to offer.
The following is an excerpt from an interview I had with Finch last August:
Q: Do you do online banking?
A: Yes, I do.
Q: How long have you been doing that?
A: Maybe 10 years?
Q: And you don't get freaked out by what you see every day? I certainly do.
A: Yeah, so does my wife. I do online banking. I pay my bills online. I file my taxes online. I truly believe in the Internet. Do I believe it's a scary place? Without a doubt. I'm in law enforcement, and I run the cyber division for the FBI. I don't want to say that I'm so intimidated by the bad guys that I am going to allow them to dictate taking full advantage of what I consider to be the benefits of the Internet. Yes, there are people who are targeting online bank accounts on a regular basis, but not to the point where it's going to cause me to stop using it.
As a consumer, having your online banking account credentials stolen -- either via phishing or through password-stealing malicious software -- can be a harrowing experience, but it is usually not a costly one. The federal Electronic Funds Transfer Act ("Regulation E"), limits consumer liability for unauthorized transactions to $50, provided notice is given within 10 business days, or to $500 provided notice is given within 60 business days. Even so, retail banks often will work to make whole those customers who are victims of cyber fraud.
On the other hand, business that bank online enjoy hardly any such protection. The precise obligations of a commercial bank and their business customers are spelled out in the agreement that those companies sign, but generally business customers agree to notify their bank of any suspicious or unauthorized transactions on the same day that the transaction in question occurs. Even then, there is no guarantee that the bank will be able to block or reverse any fraudulent transfers.
Regardless of whether you bank online as a consumer or business customer, here are a few recommendations to help avoid becoming a victim of cyber thieves.
-Do not click on links or attachments in unsolicited e-mail.
-Junk any e-mail communications that claims to come from your bank alerting you that you need to sign in or update your information. Due to threats like phishing e-mails, few banks use this medium any more to communicate with customers. But If you find yourself wondering whether an e-mail you received really was about a problem with your account, pick up the phone and call your bank.
-Keep your computer, Web browser and other software up-to-date with the latest software security updates: Many data-stealing malware threats arrive via hacked Web sites that leverage outdated or insecure browser plug-ins.
-Keep a close eye on your checking and savings account balances. Notify your bank immediately of any suspicious charges.
A copy of Director Mueller's remarks is available here.
October 8, 2009; 3:15 PM ET
Categories: Fraud , From the Bunker , Safety Tips , U.S. Government | Tags: fbi, online banking, phishing, robert mueller
Save & Share: Previous: Latest FBI Crackdown on Phishing Targets 100 Defendants in U.S., Egypt
Next: Adobe Warns of Critical Threat to Reader, Acrobat Users
Posted by: tojo45 | October 8, 2009 4:00 PM | Report abuse
Posted by: AZBROKER | October 8, 2009 5:53 PM | Report abuse
Posted by: josephadeo | October 8, 2009 6:05 PM | Report abuse
Posted by: firstname.lastname@example.org | October 9, 2009 12:48 AM | Report abuse
Posted by: email@example.com | October 9, 2009 12:55 AM | Report abuse
Posted by: firstname.lastname@example.org | October 9, 2009 1:15 AM | Report abuse
Posted by: email@example.com | October 9, 2009 1:17 AM | Report abuse
Posted by: brewstercounty | October 9, 2009 5:32 AM | Report abuse
Posted by: thardman | October 9, 2009 7:14 AM | Report abuse
Posted by: Sadler | October 9, 2009 8:49 AM | Report abuse
Posted by: jabreal00 | October 9, 2009 9:06 AM | Report abuse
Posted by: nadie1 | October 9, 2009 9:37 AM | Report abuse
Posted by: redoil | October 9, 2009 9:38 AM | Report abuse
Posted by: arthurrussell1 | October 9, 2009 11:01 AM | Report abuse
Posted by: Beacon2 | October 9, 2009 11:07 AM | Report abuse
Posted by: hairguy01 | October 9, 2009 12:33 PM | Report abuse
Posted by: neversaylie | October 9, 2009 2:25 PM | Report abuse
Posted by: cab50151 | October 9, 2009 4:46 PM | Report abuse
Posted by: rhsimard | October 9, 2009 7:24 PM | Report abuse
Posted by: Mcgruff1 | October 9, 2009 9:24 PM | Report abuse
Posted by: MichaelSeese | October 10, 2009 12:16 AM | Report abuse
Posted by: SecurityLuddite | October 13, 2009 11:07 AM | Report abuse
The comments to this entry are closed.