In a recent speech given by Robert S. Mueller, III, Director of the FBI, he claimed that he had almost been the victim of a phishing attack targeting his bank account. Mueller went on to say that at his wife insistence he has since given up on-line banking. The article I saw was http://www.eweek.com/c/a/Security/FBI-Director-Nearly-Hooked-in-Phishing-Scam-Swears-Off-Online-Banking-616671/.
It’s a shame that he decided to give up on-line banking for that reason. It is like a typical response to terror attacks. After 9/11 some people were afraid to fly. In reality it was still safer to fly than to drive. There is no such thing as completely secure, but you can manage risk.
When it comes to phishing, one of the best defenses is to not follow links in email. If I get an email from my bank I will not log into my account by clicking on the link in the email. I will type the URL for my bank into the browser so that I have a reasonably good idea that I really went to my bank.
Not using online banking may prevent you from becoming a victim of some types of phishing attacks, but it does nothing to educate you about how to avoid the broader category of social engineering attacks. There are phishing attacks against PayPal, Hotmail, Yahoo, Google, Facebook, Twitter, World of Warcraft, and many other companies. Do you give up and stop using the web? I don’t I like the value that the Internet adds to my life… at least I would if I had a life ?
The proper response is to be educated about how the social engineering attacks work so you can enjoy the benefits the web has to offer while effectively managing your risk.
Director of Technical Education
Author ESET Research, We Live Security