FBI director won’t bank online
October 29, 2009 by Valerie HelmbreckPosted in: Budgets and spending, In this week's e-newsletter, Latest News & Views, Web 2.0, Web sites, cybercrime, e-commerce, e-mail
When one of the nation’s top cops says he’s not banking online anymore, maybe the rest of us should pay attention.
FBI director Robert Mueller was the recent target of a phishing scam that used an e-mail supposedly sent by his bank.
Only it wasn’t. While the message looked authentic, Mueller quickly figured out that it was from cybercriminals trying to get the username and password to his bank account.
The upshot: Mueller says he’s not going to do his banking online anymore.
When a high profile law enforcement official such as Mueller makes such a dramatic statement, it undoubtedly causes those of us without a badge to pause and reconsider our own exposure to criminal threats.
Mueller says he showed the e-mail to his wife as a “teachable” moment, and it was the missus who decided the family could do without online banking in the future.
If others follow Mueller’s lead, the banking industry could take a considerable hit in its already hurting pockets. Online banking saves banks millions — if not billions — annually because it reduces the need for branch staff to process transactions manually.
When banks have to start paying for more in-person service, the cost will likely be passed along to a group that can probably afford it even less: Customers.
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.
Click here to sign up and start your FREE subscription to FinanceTechNews!
Tags: banks, director, FBI, online banking, phishing, Robert Mueller, scam
October 13th, 2009 at 9:55 am
Yes – let’s all stop using the technology because there are bad guys out there.
Notice – the FBI Director did not fall for the phishing scam. He tried to educate his spouse and she decided to stop using the service. (possibly saying more about the Director’s wisdom than his fear of cybercriminals. And by wisdom I mean wisely saying “yes dear” – which is most often the easier road to travel.) But really – is it better to avoid than educate?
Let’s all sell our cars and stop driving. There are car thieves out there after all.
October 13th, 2009 at 10:17 am
Just because he works for the gooberment doesn’t mean he is qualified.
October 13th, 2009 at 11:12 am
There are real concerns regarding just how secure the web is at present. Reports arrive regularly informing us that even legitimate websites are being infected with malware. We hear that banks are having a hard time setting up proper security. Potentially the bank sites could also become infected with malware. All it takes is getting infected by a trjojan once to have your passwords and user names stolen. We also hear that there is a new virus out that most anti-virus companies are having a hard time detecting. They only find it about 23% of the time. It doesn’t exactly give you a warm fuzzy feeling regarding your safety on the web. Certainly doesn’t make you feel secure and does raise the question of whether Banking online right now is the safe thing to do. I am knowledgeable and do a lot of different things to secure my personal computer including putting up with annoying prompts from my firewall whenever I install software. How many are willing to do that or even understand enough to use such a firewall? I do certain things on the web because there is no other choice but I do have a choice regarding Banking online and I am leaning toward the FBI Director’s stance. I believe my computer is secure because of all the steps I take to keep it that way but what if, despite my best efforts, I get infected? Do I want to take that chance? I am not sure.
October 13th, 2009 at 11:51 am
I’ve been banking online for many years without a problem. It provides me with accurate up to date information regarding my accounts, provides me with free bill payer (no more stamps or delayed payments due to postal service issues), and I have an electronic receipt for every transaction (no more wasted paper).
If you educate yourself about the scams and don’t fall for them, online banking is a safe, convenient and cost effective way to do business. I personally love it.
Meuller’s wife probably doesn’t work and has all the time in the world to drive to her local branch every time she needs to do banking. I do not have that luxury.
October 13th, 2009 at 1:07 pm
I agree with Joyce and DJ- how ridiculous to completely stop using technology because someone out there abuses the process. Should we stop going to convenience stores because they get robbed?
Rather than stopping the online banking the Director would be better off examining his passcodes for security, updating his protective software in his computer and keeping his kids out of sites where they don’t belong and that probably left his computer open to attack to begin with.
As to the decision to “stop using the service” – if she wants to run to the bank periodically and stick stamps on envelopes, I suppose that’s her choice – I love my online banking – I would be hard-pressed to think about giving it up!
October 13th, 2009 at 1:18 pm
Unless there is more to this story than revealed, it would seem the former director lacks the self-confidence to distinguish legitimate and illegitimate bank correspondence. Most financial institutions plainly tell customers they do not and will not use email for such business transactions or correspondence. Email is notably different from the secure network protocols used for online banking transactions. The truest lessons to be learned are never use email to transmit private information, do not use online banking unless you know enough to identify a secure network exists, and if ever in doubt, contact your financial institution directly by phone or in person before acting.
October 13th, 2009 at 1:19 pm
The bottom line is you either trust using technology or you don’t. It’s a personal decision. My sister is a forensics accountant. Based on what she knows she said she will NEVER use online banking. If someone really wants your info — it’s out there, and it will take you years to clear everything up. It’s a risk… some people are willing to take the risk and others are not.
October 13th, 2009 at 1:24 pm
I 100% agree with everyone’s comments. It is kind of scary that a top FBI official is going to these extreme measures to “avoid” being scammed. Doesn’t he know that scams come in different forms besides online? I work at a bank and I personally see more customers being scammed via mail and over the phone than online. It is all about the education of prevention not avoidance of the product/system.
It is possible the Director had a “yes Dear” moment like DJ suggested…but why make such a bold statement like that? Either way the Director looks like an idiot.
October 13th, 2009 at 9:02 pm
I bank online. My wife banks online.
That said, I also am enough of a realist to know that over the years we’ve banked online (and used ATMs, credit cards, and other forms of “information-based” money) some of our protected information has already been stolen in one way or another.
Most of the scams that I’ve encountered (and easily avoided) are amazingly poorly conceived and written. But you can count on the fact that there are others that are very slick. As with disease vectors, the most successful do not actually cause illness, or even upset the host.
My reasoning for carrying on, then, essentially amounts to “herd safety”… my lost information is among so many others’ that only a small percentage is actually being used. By the anecdotal evidence I’m aware of (most people I know can cite the same lack of trouble that Joyce has had) , I’m about as safe as I am driving a car – a risk most of us tell ourselves we understand well enough to accept.
I agree that to turn one’s back on a technology only because of a weakness in it is not the answer, but a high profile shake-up like what the Director has done may also help bring improvements to a system that could use a few.
October 14th, 2009 at 6:35 am
Clearly there are security risks and our current methods are not up to the task. Time for better methods. (As previously stated – avoidance is not a security improvement.) Unfortunately – technological advance is not the holy grail. Education of the users of technology is paramount.
Here is a very good article on username/password (the antiquated and inadequate first line of security defense): http://arstechnica.com/business/news/2009/10/30-years-of-failure-the-user-namepassword-combination.ars – a good discussion on how that particular model fails, not because the method is flawed, but because humans can’t exercise the method well enough to make it work.
I have to say, James, the reasoning you stated is virtually identical to my own. I educate myself and my family on the risks and methods – and then try to run in the middle of the herd.
October 15th, 2009 at 10:11 pm
Some thoughts about the lions watching our herd:
If I were on the wrong side (thankfully, I was raised to have scruples, so I’m not), I think I’d maintain that neither email nor password construction are really at issue. If I wanted bank access, I wouldn’t use email, and bank customers would willingly type their passwords for me, either on my own copy of their bank site, or into the keystroke recorder that might be working their computer on my behalf. Both of these are inflictable as code from a third party’s legitimate but unknowingly tweaked site (these are kind of common, I’m told).
As for deflecting the Web method, discerning the difference between a real bank site’s login screen and a well crafted evil facsimile will take time that’s rarely in abundance when trying to move quickly through a day’s routine tasks. Aside from being smart enough to avoid the obvious scams, safety involves checking the details of a secure site/URL at absolutely every log in. The telling detail might be only a single character in the URL – or none, even, if you happen to be using WiFi and the not-so-honest person can camp with equipment in range of the signal (that’d be further away than you might think).
Still, I bank online. This stuff takes concerted effort, and there can’t be that many really skilled lions.
Then again, I also ride a motorcycle.
October 16th, 2009 at 7:09 am
Yamaha VStar 1100. What can we say?
OK – here’s an idea for our herd. Burn a bootable linux OS onto a CD (read ONLY) When you want to bank (or shop) online – boot your system with the CD – go directly to your banking or shopping site. Complete your transaction. Shut down. No email. No surfing. (That means *you* Facebookoholic!) This makes our herd a much more difficult meal to chase down. Lions move on to other parts of the savannah. Just saying.
Happy Friday Y’all – and have a great weekend!
October 27th, 2009 at 10:16 am
Yes, I have received emails that look like my bank sent them, asking me to verify my password, give them personal information, etc. I delete them and contact my bank. So far, in 10 years, I have enjoyed fraud-free on-line banking and am stubborn enough to not let the terrorists win!
October 27th, 2009 at 4:33 pm
Are you going to stop using your credit cards? Millions of numbers are stolen through online phishing as well as a variety of “real life” methods. Are you going to stop using email and the web? Any site you go to can be compromised & data stolen from your computer (or your computer turned into a spam factory). Are you going to stop using doctors, insurance companies, and major providers of daily services like electricity, water & gas? They all store terabytes of data about you & your usage patterns (and your billing data) electronically. I suspect the answer to all these questsions is “NO” — and it should be. I’ve actually interrupted a guiy “shoulder surfing” a little old lady’s banking info while standing in line; in college I worked in retail with someone (eventually picked up by our own store’s security) who not only admitted occasionally “borrowing” someone’s credit card info but showed me how to do it in under 15 seconds, and that was back in the late 1970s. You need to be careful, be sensible, and maybe just a little bit paranoid — but just because something’s online doesn’t mean it’s less (or more) secure than anything else.
November 3rd, 2009 at 9:56 am
When you get those spammed requests to supply banking information, just fill out the form with crap. The perps don’t know if its real or not and have to try to use it so make a buck and wind up wasting their time.
The more time they have to fight through crap, the less time they’ll have picking your pockets.
November 3rd, 2009 at 10:35 am
The fact that the banks allow web transactions at all leave everyone vulnerable weather you yourself bank online or not. It the database gets hacked your information is available along with the rest.
November 3rd, 2009 at 11:05 am
You are only as secure as your financial institution is willing to back. Know your bank’s policy regarding account fraud and identity theft. Most banks will cover 100% in a fraud event. Monitor your credit report for activity that has not been generated by you. NEVER give up any PII (Personal Identify Information), PCI (Payment Card Industry) or PAN (Personal Account Number) data – you financial institution alreay has that data and will only ever ask you to verify 4 key components to ensure they have the contacted the correct account holder. The bank will never send your account number and password in the same communication.
Do not stop using technology because of the fear of theft. If we followed every fear we would never step outside our front door. Apply common sense. there are scammers everywhere, just be wise.
November 3rd, 2009 at 12:12 pm
It’s a crazy way to react. Lets see, has he stopped using ATMs? After all there have been numerous technical scams to get your ATM info. Has he stopped using his email, because after all, there are a bunch of Nigerian guys trying to scam your bank info. Has he stopped using his telephone? I could go on and on.
Email is the problem here not the technology behind on-line banking. Find a way to track the the email scams and everyone would be happy!
November 3rd, 2009 at 3:53 pm
Why has he stopped banking online?
It’s obviously the email phishing scam that is the problem.
He should just stop using email.
February 25th, 2010 at 6:13 pm
You would think that the director of the FBI would know better than to follow an email from a bank no matter how authentic it looks. You go to the bank URL directly not via the link. This is web security 101 and just really makes you lose further confidence in those in charge of keeping us safe.