Frank Abagnale: "Hackers don't cause breaches, people do."

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] thank you so much for joining us here at risk minded my pleasure thanks for having me you've obviously been immersed in the anti fraud and crime prevention world now for nearly half a century during that time there's been huge advancements in terms of technology and thickness but what would you say remains the same at the heart of that sort of crime well technology certainly has made it 4,000 times easier to do what I did today than when I did it 40 years ago or 50 years ago however the criminal mind has not changed you know that's the one thing stays consistent I just written a I've written several books but I just wrote my first consumer book that I was actually commissioned to write and that was about scams and in that book I looked at every single scam that's perpetrated from the most amateur to the most sophisticated and when I concluded all the research for the book I realized these are the same scams that went on 50 60 70 years ago it's just technology's made it a lot easy to do and unfortunately for the criminals made a lot safer for them to commit those crimes as well so what would you say the key lessons to be learnt off an industry like this that are looking to mitigate risk well I've had the benefit of being at the FBI for 43 years I've also part of my duties as being teaching at the FBI Academy and I've talked to generations of FBI agents so obviously crime has changed a lot here 40 years ago was all about counterfeiting embezzlement financial crimes the last 20 years I've spent is all on cyber related crimes and I've worked every breach in the United States back to 15 years ago t.j.maxx a department store up until recently Capital One Bank Facebook and Marriott Hotels breach the one thing that I comes the same in every single breach every breach happens because somebody in that company did something they weren't supposed to do or somebody in that company failed to do something they were supposed to do hackers don't cause breaches of people do so in the case of Equifax they fail to update their system they fail to install their security Hatcher's Microsoft sent them they were very lacks for the hacker got in sat there for several months to decide what the steal thence told 148 million identities 12 million driver's licenses this is typical in every breach and I'm consequently this is a problem you know people always think the battle is the criminal the battle is for people in this business or CISOs to get companies to actually understand the threat they don't want to spend the money the board doesn't want to spend the money they don't think it's a real threat they think it can't happen to me so this just makes it much easier for criminals to get into all these systems and breach all this data that is out there today because we're not doing a really good job of protecting it so would you say that the industry's just haven't been quick enough to adopt you know the structures that are so key to preventing this there's been slow from arc if you like yeah I think that the the people who are in the business the risk management the seaso the people who have to do it for a living they understand that but unfortunately the people they have to try to get money from to make the system better the system work by the proper technology to safe safe keep that data they don't get that cooperation from that side so obviously it's a very difficult job in the United States the average seaso lasts about 14 months and is gone now or they're as good as till their next breach occurs so it's not so much that we're not we're not really fighting the real fight and that is to get these systems into these places to protect the data we're not doing a very good job of that so that's data and that's big companies what would you say to the general public about fraud prevention now and obviously there's areas like social media that are kind of rich pickings we live in a way too much information world and I should say that I'm not on any social media whatsoever not LinkedIn nothing of that nature I always remind people that if you tell me on Facebook where you were born and your date of birth that's 98% of me stealing your identity that's what we call the basement information I need to get your identity so if you're foolish enough to tell me that then you're just basically miles will say come steal my identity but we go way beyond that people everything about this that where they're going where they're vacationing what they do for a living who they're married to who it is just absolutely unbelievable to me the information that people give away and then wonder why someone has come and stolen their identity or taken over their name so what would your advice be and what do you tell your children and potential grandchildren about what they should do to protect themselves I tell them to do just what I do myself and first of all I basically I do shred everything I use a proper shredder which we call a security micro cut shredder which turns paper into like rice a seed piece of rice so you can't put it back together again we can put straight shredders back together we can put crisscross shredders back together we can't put those types of shredders back together again and over in Europe they don't write a lot of checks anymore but they still do in America I explain to them every time you write a check and hand it to someone they take the check and on the checks your name and address and phone number your bank's name and address your account number at your bank your routing number into your account that you're wiring instructions your signature on your signature card at the bank and then the clerk is written on the cheque your driver's license number and your date of date of birth in America you don't get the cheque back we live in truncation so you get only an image of the cheque we do up until a year ago in the United States you could only eight states allowed you to freeze your credit otherwise all the other states there was a fee you had to pay the credit bureau so it was ten dollars to freeze at fifteen dollars to unfreeze at ten dollars to freeze it back again very costly because that's multiplied by three credit bureaus Equifax Experian TransUnion and for seniors it was very complicated so basically Congress passed a federal law last September now that allows everyone in America from the age of 16 up to freeze their credit and it's free you can freeze it and unfreeze it a million times so when your credits froze and nobody can see it without your permission so if you have to go buy a car you unfreeze it to the dealer so they can run the credit to sell you the car but other than that nobody can see it so I highly recommend that in America we recommend that people freeze their credit and finally I don't use a debit card I've never owned a debit card and never allowed my three sons to possess a debit card a long time ago when writing one of my books as I got to the last chapter I asked myself really what is the safest form of payment that exists and that is a credit card credit card not credit debit credit card Visa MasterCard American Express Discover Card every day of my life I literally spend the credit card companies money I don't spend my money they don't even know where my money is because it's never exposed to anyone so I go the drycleaner I give my credit card go the grocery store I get McCready get on the plane to come over here I give my credit card I would do everything in my best to protect my number but if someone gets it and charges a million dollars on my credit card tomorrow under federal law I have zero liability no liability I love to shop online but if I buy an expensive camera and it comes broken and their manufacturer refused to take it back credit card company covers it if I buy it from a fictitious site credit card company covers it when I use my credit card and I pay the bill or the minimum due every month my credit score goes up so I raise my credit score when you use a debit card every time you use it you're exposing the money in your account and they're stealing your money so when we've had these breaches and retail environments that typically is about three months before the customer ever gets their money back that's all the money out of their savings are all out of the money out of their account which they don't have access to for three or four months while they investigate in a credit card I haven't paid them yet so I literally say I didn't make these charges they're fraudulent and I don't pay it up front so I don't have that that loss and of course when I use my credit card I build my credit when I use a debit card I do nothing for it so yes there are a lot of people in America especially young people who need to use a debit card because they're not good at handling money but by the same token a lot of young people use a debit card out of convenience and they go to college for four years that's all they have as a debit card they graduate they get a great job but when they go to rent an apartment they say son you have no credit you don't even have a credit file with the credit bureau so your parents will have to co-sign the leads so I've started my voice app when they were 18 with a credit card that I guarantee so that every month that they're aware college and I paid the bill went on their credit so it's a lot about education people I mean whose responsibility do you believe anti-fraud measures are it is it the responsibility of the big institutions or is it the responsibility of the potential victims whose responsibility it's a little bit of those we have to be a little smarter today little wiser consumer than we did 20 years ago we have to make sure we're learning and education is truly the most powerful tool to fighting crime I learned that in my many many years of experience doing this but also I believe there should be liability if I've entrusted my information to a bank or credit bureau or retailer I'm entrusting them to keep my information safe if they're negligent in doing so then I should have the right to recover losses from that company and because those things are not in effect really or the fines are so small that a company's doesn't really care about the fine they're not going to do a lot about protecting that that data but if the fines were a big percentage of their company's value I think you'd see a lot less of the negligence on behalf of companies because that's what I find most of the time is they're not doing the things they're supposed to do it's the same way with technology we develop a lot of great technology but we never asked the final question and the final question is how would someone misuse this and let's close that door we're so interested on return on investment marketing it out to the price so if you look in a typical household your Samsung TV or Samsung remote control those are accessed for hackers your cameras around your house or accessed for hackers the device that you talk to and ask it what time of day it is what's the weather order me this from Amazon can easily be switched or I can listen to everything you say in your house all because the manufacturer didn't take that into consideration and close that door before ever putting that product on the marketplace so a lot of that could be prevented but it needs to be it needs to be people paying a little more what they're doing so you have to become quite cynical quite suspicious minded person if what you're saying you have to be you have to look at things and say to yourself you know how would how would this be used against me or how would I be making mistake to give this information how could someone misuse that the truth is the majority of people are honest thank God and because they're honest they don't have a deceptive mind so they're not sitting there thinking well I wonder what someone would do with that information or why are they asking me these questions on the phone and what would they do with it I'm looking back you're an extraordinary position in a way because of that period of life that you led in your sort of formative years where you were on the other side and people were even so much more trusting back there that they didn't question anything but I think is there nothing wrong with being skeptical skepticism is a virtue so a smart person has always looks at something and asked the question am i doing the right thing is this a mistake I deal with a lot of crimes against seniors and elderly folks billions and billions of dollars in losses every year in the United States I just dealt with a woman in Iowa that lost she's 92 lost $400,000 or her life savings to a sweepstakes game in Jamaica so I asked her did you enter the sweepstakes I know well then how could you have won the sweepstakes but she was paying money because they told her she won and she get the money she had to pay money up front but again if you educate people and you say here's the scam this is how it works which I did in this book basically you read the book then you understand how those scams work so when you get that call or you get that email you know up front that that's probably a scam so finally what message do you hope that the audience here at risk minds international will take away from what you've had to say today what's the key message I hope that the key message really is not so much to the people that are here because they're the CISOs they're the security people they're the risk management people the message is to the people they work for that basically you have to give them money to secure the information in the data you have to work with them to secure that data instead of taking attitude that you don't want to spend the money or if you never happened to me and I'll be honest with you I would never write cyber insurance if I was an insurance company unless I sat down in that policy and said you have to do every one of these things and have them in place but if I come back to find out there's a breach and you didn't do one of these things then that policy is invalid and if you're going to write cyber insurance I think there's that's very important for an insurance company but again the battle I've always found is not so much with the people that are here they're doing the job they're educating themselves they're fighting a very difficult fight they're dealing with criminals all over the world not just domestically but they're also dealing fighting with their own company to say I can't do this unless you give me the assets to do it with and give me the things to do it with and that's even a bigger fight than fighting the criminals Frank it's been absolutely fascinating talking to you thank you so you
Info
Channel: RiskMindsTV
Views: 1,389
Rating: undefined out of 5
Keywords: #RiskMinds, RiskMinds, RiskMinds International
Id: FsXlThlI7Ic
Channel Id: undefined
Length: 14min 8sec (848 seconds)
Published: Wed Jan 15 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.