FBI Director Robert Mueller has apparently sworn off online banking after nearly falling victim to a phishing attack.
During a speech Oct. 7 at the Commonwealth Club of California in San Francisco, Mueller recounted being "just a few clicks away from falling into a classic Internet phishing scheme."
A transcript of the speech is posted here. In it, Mueller notes that the phishing e-mail that almost tricked him looked "pretty legitimate."
"They had mimicked the e-mails that the bank would ordinarily send out to its customers; they'd mimicked them very well," he said.
He stopped short of falling for it, but that didn't stop his wife from drawing the line, he told the audience.
"After changing all our passwords, I tried to pass the incident off to my wife as a "teachable moment," he said.
His wife, he added, replied thusly: "It is not my teachable moment. However, it is our money. No more Internet banking for you!"
Mueller's confession came the same day as a massive roundup by law enforcement after the completion of a two-year investigation into an Egyptian-based phishing ring that was targeting American banks. In all, 100 people in the United States and Egypt were charged with crimes in connection to the rings activities. The joint investigation represented the largest cyber-crime sweep in U.S. history, FBI officials said.
"Phishing attacks continue to gain in sophistication," said John Harrison, group product manager of Symantec Security Technology and Response, in comments to eWEEK. "It used to be they were obvious to spot with grammar errors or incorrect graphics. Today with the automated phishing toolkits pulling content and images directly from the real Websites, phishing attacks can be very difficult for a trained eye to see."
In its October "State of Phishing" report (PDF), Symantec found a 5 percent decrease in phishing attacks in September as compared with August. Still, Harrison advised users to be wary and noted that having law enforcement shut down cyber-crime rings is often easier said than done.
"Knowing how global, complex and spread out phishing attacks can be, it is great to see progress in shutting down and arresting people behind these acts," he said. "The more law enforcement and security companies make it so these attacks are less successful, the more these criminals may consider not doing attacks moving forward."