Today, cybercrime is chiefly about financial fraud. Tomorrow, it will focus on the destruction of human life. That’s what teenage fraudster turned FBI consultant Frank W. Abagnale of “Catch Me If You Can” fame tells ThinkAdvisor in an interview. “Technology will get very scary,” he warns.
(Related: A Broker Who Broke Bad)
Abagnale’s 1980 autobiography inspired the feature film “Catch Me If You Can,” starring Leonardo DiCaprio, released in 2002. From ages 16 to 21, Abagnale, a native of Bronxville, New York, brazenly and successfully posed as an airline pilot, a physician, an attorney and more, while cashing $2.5 million in forged checks in every U.S. state and 26 foreign countries.
For 40-plus years, he has been consulting to the FBI, after serving jail time in France, Sweden and the U.S. The bureau released him after five years of a 12-year sentence on condition that he work with the agency as an unpaid consultant.
Abagnale’s knowledge about identity theft, cybersecurity and fraud prevention has benefited some 14,000 financial institutions, corporations and government agencies. A popular speaker, he is AARP’s Fraud Watch Network ambassador; and his Abagnale & Associates clientele includes the American Institute of Certified Public Accountants, Bank of America, Fiserv, Goldman Sachs and Morgan Stanley, among numerous other firms.
In the interview, Abagnale, 70, stresses that ever-new technologies and internet insecurity have created a perfect storm for making cybercrime easier.
Indeed, the U.S. Cyber Command is reportedly taking a more aggressive stance against international cyber threats in the face of increased attacks. Cyber threat is the country’s No. 1 risk, the Defense Department said this past February.
ThinkAdvisor recently interviewed Abagnale, speaking by phone from his Washington, D.C., office. He discussed his dark cybercrime forecast, how he tries to prevent his own identity from being stolen, what he thinks of former FBI director James Comey and why he refused three presidential pardons. He also points out that today’s tech would make all the fraud he committed 50 years ago 4,000 times easier. “People are still writing 38 billion checks a year,” he notes.
Here are highlights of our conversation:
THINKADVISOR: Is a devastating cyberattack looming?
FRANK W. ABAGNALE: Of course. We expect to see about $6 trillion worldwide in cybercrime by the year 2020. Now it’s all about stealing money, but technology will get very scary as time goes on because of its capability to perpetrate cybercrime.
What do you mean?
Years from now, I see technology more as a terrorist tool doing bodily harm to people. Right now we’re able to shut off someone’s pacemaker or commandeer a car from 35 feet away. In five years, could you do those things — like lock someone in their car — from 500 or 5,000 miles away?
Do you foresee similar disastrous uses of social media?
It will go the same way. Someday people will realize that Facebook and Instagram weren’t good things: Any time you’re controlling the psychology of 2 billion people, it becomes really dangerous. We certainly give away too much information on social media: date of birth, birth place, mother’s maiden name [etc.] Then we wonder why people steal our identity. One day we’ll wake up and know that wasn’t a good thing to do.
What should financial advisors keep top-of-mind to protect clients from identity theft and hacking of sensitive account information?
Based on the fact that over a billion identities have been stolen, you have to assume that by now everybody’s identity has been stolen.
So many hackers out there!
Hackers do not cause breaches; people do. All hackers do is look for doors to open and take advantage of open ones that are available. Every breach occurs because somebody in a company did something they weren’t supposed to or failed to do something they should have.
Is that why the huge Equifax breach occurred last year?
Eventually over 200 million people will report being victimized by that breach. It happened because someone at Equifax didn’t do what they were supposed to: didn’t fix their technology or update patches [bug fixes] sent by Microsoft, [etc.]. Consequently, that negligence let the hacker get in.
Any other similar examples?
Someone hacked into the Charleston, South Carolina, tax revenue office and stole 3.8 million citizens’ tax returns, including mine [I live in Charleston]. It turned out that an employee at the office had taken home a laptop they weren’t supposed to and went online in an unsecured environment. The hacker got in and stole all those returns.
When someone’s information with a retailer is hacked, is it good for them to sign up for a credit monitoring service for a year?
It’s absolutely worthless. If I breach Target or Home Depot, say, and steal credit card information, I have to get rid of that [data] right away. It has a very short life span. But if I steal your name and Social Security number, the longer I hold onto that information, the more valuable it is when I go to sell it. That’s why we typically don’t see that sort of data surface for three or four years.
If someone knows or suspects their identity has been stolen, what should they do?
You can freeze your credit [and at no charge, as of Sept. 1, 2018, nationwide]. If, one day you want to buy a car, say, you can tell the bureau to unfreeze your credit for the purpose of that purchase. Then you can freeze it back when the purchase is completed.
Any other methods?
You can use a credit monitoring service. I’ve used one since 1992. I’m a big believer in taking responsibility for myself. I pay $12 or $14 a month and can look at my credit reports from Equifax, Experian and Transunion on my computer screen and see in real time if anyone is attempting to get my credit.
What do you use personally to protect yourself from identity theft?
I shred everything. For example, if you get a catalog and just throw it away, on the back cover is your name, address, a bar code, a source code and an I.D. number. That’s all I need to become you. What people think is worthless can be of great value to [criminals].
What kind of shredder do you use?
Only a security micro-cut shredder, which turns paper into confetti. There’s no ability to put that back together. Crisscross shredders cut paper into little boxes, but criminals can put those back together.
What else do you do to protect your own identity?
I don’t write a lot of checks. If I go to Walgreen’s and write a check for $9, it will have on it my name, address and phone number, my bank’s name and address, my account number, my routing number at the bank. Anyone who would see the face of that check could write down all the information and draft on my bank account or do an account takeover [phony-up checks to look like mine] and write debits against my account. So I’m not overly paranoid — I’m just very careful.
Additional precautions that you take?
I don’t own a bank debit card. Every time you use one, you’re exposing the money in your bank account. The most secure payment in the world that removes all liability is a credit card: Visa, Mastercard [etc.] So every day of my life I spend the credit card’s money, not my money. My money sits in a money market account earning interest, and no one knows where it is because it’s not exposed. If someone gets my credit card number and charges $1 million on it, by federal law my liability is zero.
How can financial advisors help older clients to avoid being scammed?
The majority of people are honest, thank God. But because they’re honest, they don’t have a deceptive mind. So when they get a phone call and the Caller I.D. says it’s [for example] the Baltimore Police Department, they believe it — until you explain to them that Caller I.D. is easily manipulated and that scams are perpetrated that way. If I show people their risks and how scams work, they’re smart enough to make sure they don’t fall for them.
Turning to new technology, IBM, for one, is touting that “blockchain can do for business what the Internet did for communication.” What do you think of blockchain?
An amazing concept with a great future. There are some social issues. For instance, if you’re in a witness protection program, you won’t be able to change your name because once it’s entered in the blockchain, it’s on the record permanently. But blockchain is getting more and more accepted by banks and accounting firms, and it will be very successful because [it won’t allow you to] alter figures. As with any new technology, there are things to be worked out; but there are a lot of good uses for it.
For the crimes you committed, you refused pardons from three presidents: George H.W. Bush, Bill Clinton and George W. Bush. Why did you decline?
I take responsibility for doing what I did, and I served my time in prison. So I don’t think somebody giving me a piece of paper saying, “I forgive you for this” makes a lot of difference: No rights were taken away from me; I’m not going to run for office. I hope that people will judge me on what I’ve done for the last four decades, not on what I did as a teenage boy 50 years ago.
When you posed as a Pan American pilot, did you ever fly a plane?
No. All I did was ride around in the jump seat [for free]. And I purposely never rode on Pan Am because its pilots might have [been suspicious of my fake ID, etc.]. I deliberately rode on all the other airlines so I wouldn’t get asked questions.
Were you ever told to take over a plane’s controls?
No. Because I wasn’t an employee of any of those airlines [therefore, I wasn’t permitted to]. And I wasn’t worried about one of the pilots having a heart attack and my being told to take over because I knew there were [always] three [actual] pilots onboard.
When you posted a sign on a bank’s night-deposit box telling people to give their money to the uniformed guard instead — you masquerading — what were you thinking?
I was so young when I did all that. The idea just came to me and I thought, “I wonder if it’ll work?” Being so young, I didn’t think about the consequences as an adult would. I think being an adolescent was really the biggest tool in my success doing those things. I had no fear of being caught; I saw all of them as opportunities.
Were you betting that the authorities would never nab you?
I always knew I’d get caught. You have to be a fool to think that you can continually break the law and not get caught. After 42 years of working on [the right] side of the law, I’ve come to realize that the law sometimes sleeps, but it never dies. Sooner or later they’re going to get you, especially if you keep doing it.
You’ve been associated with the FBI for a long time now. Have you ever been an employee there?
No, always a consultant. I never wanted to be employed because I wanted to be able to do other things — work with banks and companies.
Your eldest son is an FBI employee. What does he do?
He’s been in the bureau for about 12 years and is a supervisory agent running a team of agents out of Quantico [Virginia] that deals with [U.S.] citizens who are kidnapped overseas.
What are your thoughts about the Russia investigation?
[First FBI director] J. Edgar Hoover was very political. After he left, all that stopped. But then we ended up with a director — James Comey — who was very political. I don’t know if he was [extremely] ambitious or what his motive was when he started dragging the FBI into political [issues] that he shouldn’t have gotten involved in. But my opinion is that [matters] got too political, and I’m hoping we don’t go back there ever again.
— Check out Jordan Belfort, the ‘Wolf of Wall Street,’ Offers (Ethical) Sales Tips for Advisors on ThinkAdvisor.