Cybersecurity

Cybercrime from the inside out

FBI white-collar crime expert Frank Abagnale explains why employees are a major cyber risk.

By Paul Studebaker

CT1610 Yokogawa Header8

“Most have never met me, but they all told my story from their point of view,” said Frank Abagnale, FBI consultant and subject of the book and film, "Catch Me if You Can," depicting his brief career as a check forger and confidence man who successfully posed as an airline pilot, lawyer and surgeon. Then he was caught, convicted, served years in prison and eventually won partial release to consult as an insider white-collar crime expert for the FBI.

“It has been reported that I had written $10 million, $8 million and $5 million worth of bad checks,” Abagnale told attendees of his presentations at the 2016 Yokogawa Users Conference this week in Orlando. “The actual amount was $2.5 million.” He committed his crimes between the ages of 16 and 21, and served time in prison in France, Sweden and the United States. Now, “I have been married for over 25 years and I am the proud father of three sons,” he said. “We all grow up. Hopefully, we get wiser. Age brings wisdom and fatherhood changes one's life completely. I consider my past immoral, unethical and illegal. It is something I am not proud of. I am proud that I have been able to turn my life around and in the past 25 years, helped my government, my clients, thousands of corporations and consumers deal with the problems of white collar crime and fraud.”

October is National Cyber Security Awareness Month, so this time of year Abagnale is particularly busy, giving presentations at employee gatherings of large banking and insurance companies. “I’m there to tell them the most important part of their job is cyber security,” he said. “When I arrive, I park in the employee lot and strew around some USB drives marked ‘confidential.’ The drives have software that allows me to track them, and invariably, by the time I’m presenting, several have been opened. I tell them it was a test, and they failed.

What happened to ethics?

“We live in an extremely unethical society. We don’t teach ethics at home or at school—it’s almost impossible to find a college course on ethics. Every year, ‘Who’s Who Among American High School Students’ interviews 16,500 graduating students, all with 4.0 grade averages. They ask five questions, with yes or no answers, and one of them is, ‘During the past three years of high school, did you cheat, lie, copy or plagiarize?’ Eighty percent say yes, and it’s been that way for the past three years.”

The Wall Street Journal surveyed thousands of 12-year-olds and asked if it was OK to get on a computer and hack into another computer to commit an illegal act. “Forty percent said it was OK,” Abagnale said. “They use cell phones and the internet to cheat on tests. In the UK, only 53% of children think hacking is illegal. Only 50-100 universities have honor codes, and 56% of graduate MBAs have cheated.”

What Abagnale did 50 years ago is much easier to do today, with the internet. “Crime will continue to become more global, easier to commit and more common,” he said. “In 1988, I predicted the rise of identity theft. In 1996, as the word was becoming known, 750,000 people filed police reports, with $2 billion in losses. Now, it’s happened to almost everyone. It is so simple, so easy to do. By the end of this year, more than 1 billion people will have had their identities stolen. That’s virtually everyone.”

Everyone’s responsibility

Every breach occurs because someone in that company did something they weren’t supposed to do, or didn’t do something they were supposed to do. “There is no magic hacker in Russia,” Abagnale said. “All they have to do is get one person to make a mistake.” Cyber soft spots are everywhere—99% of ransomware attacks start with someone opening an email message and clicking on a link.”

Abagnale described many ways that criminals can easily obtain enough information to steal your identity (or your child’s), which you can read about in free publications at abagnale.com. One that applies to any business is through the hard drives on digital copiers. Used copiers, including leased machines, have hard drives that store every document ever copied. “Criminals buy them for the drives,” Abagnale said. “The CBS news story about it is a YouTube video—look for ‘CBS Evening News digital copiers.’ It’s your responsibility to remove, clean or encrypt those drives.”

Despite the rise in cyber crime, check forgery is still very common. “Over the past 10 years, there’s been a 10% decrease in the use of personal checks, but only a 2% decrease in business checks.” Abagnale said. “We’ll see a paperless society when we see a paperless toilet.” He described in detail how it used to be done, and how much easier it is today with laser-printed checks, loosely-adhered toner, easily obtained chemicals and commonly available scanners, printers and software. “You can call any company in America and get their bank information by asking Accounts Receivable where to wire them money. You can get the officer’s signatures off the company annual report,” he said.

Abagnale suggested that check writers use a uni-ball 207 gel pen. “It uses Japanese pigmented ink – it resists everything, and costs just $2,” he said. For better check security, “Intuit checks are sensitive to many solvents and if you write only a few checks a month, they’re very reasonable.”

To further prevent fraud, businesses that write a lot of checks should consider Positive Pay. “Every day, the issuer gives a list of written checks to their bank. It’s just a match file, and any check not in the file will not be paid. A perfectly altered check will be rejected,” Abagnale said.

Personal take-aways

Abagnale concluded by telling attendees some of the ways he protects himself:

1. Use a “security micro cut’ shredder. Straight shreddings are easy to put back together, and diamond-cut shredders can be defeated with ePuzzler software.

2. Use a credit monitoring service. “That allows me to access all three credit bureaus any time I want, as often as I want, so I can check the score and more important, recent inquiries. And they monitor it for me,” he said. Children don’t have credit records, but their social security numbers can be appropriated. “LifeLock can monitor children’s social security numbers at the wishes of the parent.”

3. Be careful with checks. “I don’t write a lot of checks anymore,” Abagnale said. “They have too much information on them and today, they are converted into an electronic debit. Then the check sits in a warehouse until it’s sent out to be destroyed. Anyone can intercept it and have matching checks made. I’m very careful who I write a check to these days, and not from a retirement or investment account where there’s a lot of money.”

4. Instead, “Use the safest form of payment on earth: a credit card,” Abagnale said. “Not a debit card. With a credit card, I spend their money while mine sits in my account. If you use a debit card, every time you use it, you expose your money, and you earn no credit rating.” Instead of letting your children use a debit card, “Give your college-age kids a card in their name, guarantee it, pay the bill, and that way, you get to review the charges. When they graduate, they’ll have a credit record, and a score of about 800.”