FBI chief barred from online banking by wife America's chief spook has been banned from internet banking by his wife after nearly falling prey to a common email phishing scam. FBI Director Robert Mueller was in San Francisco on Wednesday to advocate public vigilance against cybercrime. Speaking to the non-profit public affairs org, the Commonwealth Club of California, …
Why, not long ago, while some staffers and I were reading some of your emails, (and having a good chuckle too, I might add) I myself received an email purportedly from my boss that looked "perfectly legitimate." The email requested I tell him my login name and password to teh sekrit database. I obliged with the instructions and just before clicking "send" I realized "this might not be such a good idea." Well, to tell you the truth, if it hadn't been for a junior staffer shouting at me, I never would have suspected a thing. Whew! He really saved my bacon!
After writing a disciplinary case against the junior staffer for insubordination, (I appreciate his advice, but he shouldn't have called me an eff-ing idiot!) I quickly changed all my passwords and tried to pass the incident off to as a "teachable moment." I've now implemented a new agency-wide security policy that all inter-agency email communications must be printed, and read aloud over the telephone to the recipient. Live and learn I say!
I wish that I could say it surprises me when I read things like this.
He's director of the FBI and actually clicked a link in a 'bank email'.
Oh well, it's not like he's in a position to do anything about it: our banks suck because they're allowed to and it's the bank regulations that need to change - the FBI can't do jack.
It is kind of funny - the car warranty scammers calling a senator on the floor of the senate and now this - we don't do a damn thing unless someone in power is affected.
I don't suppose has his email address to hand? You see he recently inherited $100 million from a relative he may not be aware of in Nigeria. Unfortunately, wouldn't you know it but there's a small issue with transferring the funds to a bank in the US, various fees that need to be met first. Anyway I'm sure he'd appreciate the good news, but he should be sure not to contact anyone else because he could end up getting scammed.
I've gotten a few of those, too - you think he's gotten any? That'd be kinda funny... presumably he wouldn't fall for one of those!
Anyway, it's not TOO awful - he's the bureaucrat who sets policy for his department; it's not really his main area. If he were a CTO at a bank, it'd be REALLY bad - this is embarrassing, but not hypocritical, per se.
If he did click on the link, I hope he hosed his system and rebuilt it because if his AV (if he had one installed) didn't pick up a drive-by virus then he's most likely got a nasty on his system.
If he didn't then I hope he doesn't mind his fellows a the FBI logging his porn website passwords.
He may have changed the password, but if he had one of those one time number doohickys he wouldn't need to because each login would be different.
Every bank account I've ever had, has those keyfob things, or a printed sheet of one time numbers. Except for UK ones, never had one with UK bank accounts.
Although I got the feeling that he will soon regret being so forward in his communication. Telling people how you "almost" got caught by a phish is like telling people you had an uncontrolled bowel movement that made you run to the bathroom to clean up - it's embarrassing, not educative.
because this shows me that 'the US government has struck "a pretty good balance" between respecting civil liberties and stewarding national security' by being incompetent at both.
Dear Big Brother
A distant relative of yours recently died in a plane crash and...
"We know the game plan of our adversaries. They will keep twisting the doorknobs and picking the locks until they find a way in. But we must not let them in. We must change the locks. We must bar the doors. And we must sound the alarms when we notice anything out of the ordinary."
Yeah, stay at home, you loonie, bar the doors, shoot at anyone knocking at the door, never get out, die alone, paranoid and as stupid as one can ever be.
Is it really that difficult to do online banking with your password only in your brain, and no compulsive click on whatever shite comes into your mailbox ?
Geez, I'm glad my security has nothing to do with the FBI. No way I stay in a country which security is even remotely influenced by a moron told by his wife: "It is not my teachable moment. However, it is our money. No more internet banking for you!"
Almost falling for a scam like that, and admitting to it!
Is he a card-carrying member of the local 1D10T group?
US Banks.
I believe they don't use onetime pads or 'dohickeys' because they're too difficult for the average American to understand...
Of course, a lot of banks that DO use the 'dohickeys' implement the service incorrectly.
Usually, if it's the type where the code changes automatically, they define a 'bracketing' scheme, allowing the next or previous code to work instead of the 'correct' one(as defined by the server clock) to account for the cheap electronics, temperature variations and user fumbling.
Except...
Some banks set up a WIDE window, of maybe 5 or 7 allowed codes both ways.
This means that YOUR 'unique' code may be valid for 5 or 7 minutes(or more, if the clock in the dohickey is much off) where that one code is still valid and can be used to log in another session.
A GOOD bank setup is 1 or 2 minute brackets, then all transfers out of your accounts must be verified by a DIFFERENT code, and it must automatically disallow the code from being reused until the next time it cycles in naturally.
I know my bank follows the first two points. The third I haven't tested... yet...
@AC - Are you joking???????
You mean, the UK banks don't have the 'one-time-pad' system???
(Climbs back on bar stool, after having apoplectic fit laughing)
Really?? Fuc*k me, I suppose the UK still uses cheques. Plus, "Three working days". If there is any work still over there.
Myst-all-chucking-frighty. Wish I could add multiple icons. Actually, one of a steaming dog-turd would get my vote. With a Union Flag sticking out of it.
Indeed I only need a single username and password, an customer number and and 2 pieces of memorable data to login to my bank account here in blighty. None of which is one time.
However in order to actually transfer any money, or make any payments I need a card reader and my bank card, and my bank card PIN so I am fairly happy that it is as secure as needs be.
Also, as long as I take reasonable care with my cards, passwords, PINs and computer then the bank will be liable to return any fraudulently removed money anyway. They might try to weasel out of it but they would have to cough up in the end.
What is the problem with cheques? I admit I only write a few each year but they are safer than sending cash and easier than setting up transfers.
The problem with cheques are that they are an utterly pathetic, primitive and backwards way of sending money that only continue to exist because of brain-dead semi-literates and companies who like to rob their customers of legitimate refunds. In most civilized countries they long since went the way of other historical relics like rotary-dial telephones, sash windows and black&white TV.
I honestly have not dealt with a single cheque in 3-4 years that has not come from some company hoping to benefit by erecting an inconvenience barrier to getting my own money back. Even my 68 year old mum can manage one-off money transfers - what's your excuse for continuing to inflict cheques on people?
"What is the problem with cheques? I admit I only write a few each year but they are safer than sending cash and easier than setting up transfers"
My ex. sometimes runs out of money. When she's in the city. She 'phones me up, and asks if I can lend her €20. Of course, I reply. We're good friends.
So then I access my 'puter - using the one-time bank codes, natch, and electronically mail her the 20 euros. Takes me a few seconds. I phone her and tell her "It's done" and she goes back to the ATM - 20 seconds later - and takes the cash out.
Beats the shit out of waiting for a postal strike to end....or cheques to clear.
(Lee - Feisty Wife hasn't arrived yet. Guess "she's in the post". Oh, yeah. Forgot. Stuck at Basildon's depot due to the strike, no doubt.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
