On IncompetenceFollow

You'd think people in charge of efforts to control cybercrime would be smarter.

Oh well, open season I guess.

Also in his defense, phishermen are getting better by the day at it. I've seen some of the e-mails that tricked people when I worked at Dell. While most were fairly easy to spot, there were a couple so close that I might have fallen for them.

That is if I were not so paranoid that I do most of my Facebooking under my online handle and not my real name.

Seriously, if I get an e-mail out of the blue from my bank, my first act is to call my bank if I'm at all concerned. And now, these days with these Cell Phone alerts banks are offering, expect a spike in Cell Phone Phishing attacks.

People are relatively easy to scare and trick.

Even more in his defense, he's essentially in a political position in the FBI. He's unlikely to be remotely what anyone would consider a computer security expert, or even a novice. I'm more surprised that he didn't fall for it, frankly.




There should never be an issue with trying to figure out if an email is legit or not. You *never* follow a link in an email to an existing service you have. Ever. Period. End of story. I get emails constantly from E-Trade telling me that they're doing this, or doing that. It never occurs to me to click the links in the email. If I want to connect to their site, I know the address. There's no need to follow a link from an email. Same with my regular bank. Same with any institution I do business with.


Um... but if you are curious, it's ridiculously easy to catch phishing attempts. You look at the header and/or source. Check the address and domain of the source of the email, and look at the actual address of any links. The most common trick used is no more complex than what we use when linking stuff here. The text of the link does not need to match the actual link. So you think you're going to a legitimate address, but are actually going somewhere else. Most people don't check the actual url bar, and even more people don't know how to read them to figure out where they're actually connected to.



The people working at the banks often don't know what to do, and Phishing attempts are often conveniently pushed out on Friday afternoons (so that they aren't likely to be noticed until the full bank staff comes to work on Monday). I've caught a couple of them and reported them. But in every case, no one's around working at the bank to do anything about it. You fill out a "report" or send them an email with the suspicious information, but no one reads those until the next work week. At least that's been my experience with how banks handle this (or fail to really).



Yup. And it's nothing new. People have been pulling off scams forever. The internet just gives them new ways to do it. It's always funny when someone says something like "You'd never give a stranger your bank account number if they were there in front of you, so why do it online?". The sad reality is that people got scammed out of account numbers and money, and car keys, and whatever else they had on them all the time long before the internet came along. People do make a mistake of trusting others. They do fall for the Nigerian style scam. Scams rely on human nature. It's why they tend to work so well...

If you'd like, I'll put you in contact with my Nigerian Hedge Fund manager. He's making me big bucks, and I'm sure he can do the same for you!!!

I found this rather funny.

It's a leaked restricted document about how to stop information leakages and security breaches.

In their defense, restricted isn't that high up on the information clearance scale.

That's because the former is made up on Democrats and the latter is made up of Republicans. It's all right there in their names!!!