Mueller confessed in a speech at the Commonwealth Club of California that he had been halfway through responding to an apparently legitimate email purporting to come from his bank when he realised something was wrong and quit. Despite changing all his passwords, he has given up online banking altogether after the phishing incident, according to UK-based identity security vendor Tricerion.
Mueller's personal brush with phishing came in the middle of a major FBI investigation, Operation Phish Phry in October, which saw nearly 100 people charged in Egypt and the US following a conspiracy that netted an estimated US$1.5 million.
According to Tricerion, however, Mueller, and others who have been the targets of phishing and trojan attacks, could have been largely protected if their banks had switched from outdated alphanumeric login protection to an image-based authentication system such as Tricerion’s SafeLogin.
Tricerion director and co-founder Norman Fraser said, “SafeLogin protects us from our own mistakes. If the director's bank used it, he could not accidentally disclose his login details to fraudsters and need not be kept offline.
“And like Mr Mueller, I urge the banking industry and indeed all online businesses to make cybersecurity mission-critical by ditching alphanumerics completely.
“Image-based login protection can't prevent every single scam, but it raises the bar to the point where many if not most of the sort of break-ins such as the phishing attack on Mr Mueller become impractical”, Fraser concluded.