FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.

"It looked pretty legitimate," Mueller said Wednesday in a speech at San Francisco's Commonwealth Club. "They had mimicked the e-mails that the bank would ordinarily send out to its customers; they'd mimicked them very well."

In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.

Though he stopped before handing over any sensitive information, the incident put an end to Mueller's online banking.

"After changing our passwords, I tried to pass the incident off to my wife ... as a teachable moment," he said. "To which she deftly replied, 'Well, it is not my teachable moment. However, it is our money. No more Internet banking for you."

Mueller said he considers online banking "very safe" but that "just in my household, we don't use it."

Phishing has evolved into a big problem, not just for banks, but for online retailers and even providers of consumer Web applications such as Facebook and Yahoo.

In June -- the latest month for which figures are available -- the Anti-Phishing Working Group counted nearly 50,000 active phishing Web sites, the second-highest number it has ever recorded.

Late last week, criminals posted tens of thousands of passwords belonging to Microsoft Live Hotmail, Gmail, and Yahoo accounts online. They are all thought to have been stolen via phishing.

Mueller's FBI has had some success in going after phishers. On Wednesday it announced it had arrested 33 people in the U.S. in connection with an international phishing operation. Egyptian authorities have charged 47 in connection with the same scam.

"They targeted American financial institutions and also approximately 5,000 American citizens here in the United States," Mueller said. Dubbed Operation Phish Phry, "it is the largest international phishing case ever conducted," he added.

"Far too little attention has been paid to cyber threats and their consequences," Mueller said. "Intruders are reaching into our networks every day looking for valuable information. Unfortunately they're finding it. "

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

U.S. Federal Bureau of Investigation

Additional Resources

Microsoft

DirectAccess and UAG: Better Together

Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.

Microsoft

Case Study: Energy Firm Tightens Protection, Simplifies IT Work

Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.