25madison Lunch and Learn Series: Frank Abagnale & The State of Security in 2020
About The 25madison Lunch & Learn Series: Once a month, 25madison brings in a special guest speaker to address our team, partners, and investors on a broad range of subjects. Our motley crew of guest speakers hail from all industries and backgrounds — gathered under the common goal of sharing insights that are timely and relevant. Here are the key takeaways from this month’s speaker.
May 2020 Guest Speaker:
FRANK W. ABAGNALE (Ab’-big-nail)
Author, Lecturer and Consultant
Frank W. Abagnale is one of the world’s most respected authorities on the subjects of forgery, embezzlement and secure documents. For over forty years he has lectured to and consulted with hundreds of financial institutions, corporations and government agencies around the world.
Abagnale’s story inspired the Academy Award-nominated feature film, Catch Me If You Can (2002), starring Leonardo DiCaprio as Abagnale and Tom Hanks as the FBI agent pursuing him, as well as a Broadway musical of that name, both of which are based on the book Catch Me If You Can.
Frank, thanks for joining us.
Q: I think we can all agree that you’ve had an incredible life. You have spent the past 40 years helping companies and our government with a full range of security issues. What have you been up to most recently?
A: I spend time with large corporates and small tech companies — telling companies where there are weak spots in the software they’re developing. Many companies don’t go the final step to understand how their product could be defeated by identifying loopholes, etc. Many companies take new products to market too quickly and overlook important security gaps in a race to deliver ROI.
Q: What are you currently most concerned about?
A: I’m concerned that we have the power to interfere with all these remotely wired devices everywhere. For example, we can shut off people’s pacemakers. Currently, technology exists that allows you to shut off or speed up pacemakers within 35 feet. Similarly, you can get within 30 feet of a vehicle and turn off and on any computer function — shut off the motor, lock the windows or doors, turn on the air bags. On average, a car has 240 computer functions each of which could be targeted. Right now, the technology is constrained to these capabilities when you’re within 35 feet, but in 5 years what if that is 300 feet? 1 mile? 5 miles? I’m afraid that in the next few years this remote technology will be used as a terrorist tool to take people’s lives. Attacks are going to expand beyond financial crimes.
Q: Besides reading your book, “Scam Me If You Can,” how else are you teaching people to protect themselves?
A: I spent my entire life with the FBI and consulting, on investigating and preventing crimes against our government & institutions, and then the AARP asked me to help protect their 38 million customers. For this, I worked to develop video training & materials and spoke to 50,000 seniors around the country. This is why I wrote “Scam Me If You Can” — it’s written for the AARP. For this book, I looked at every scam: scams against millennials, bitcoin scams, scans against seniors — I tried to cover everything. We found that millennials are actually scammed most often, but seniors lose more money because they have more money. It’s a rude awakening to understand the depth of crimes that take place all the time.
Q: Can you share some example stories or scams worth sharing?
A: The most common scam that millennials fall for are via computer malware. They’ll receive a malware notice with a message to call an 800 number to fix the issue. When you call, the scammers get a credit card and/or try and take over your computer.
For seniors, phone scams are most common. Scammers will manipulate the caller ID to be local and will have very specific storylines like “this is sergeant Jones at the local jail. We’re holding your grandson for DWI. We didn’t want to call his parents, so we called you instead. If you don’t post his bail he’ll spend the weekend in jail. Give us your credit card to get him out.” These scammers will give very specific information like the make and model of the grandson’s car, or the name of his girlfriend — grabbing all of this information from social media.
Q. How about scams at companies?
A: A CEO of a large tech company received an email from the company’s CFO. The email was a personal note, thanking the CEO for a great dinner with him and his wife the night before. It mentioned an upcoming conference that the CFO was attending that they’d also discussed the night before. At the end of the note, the CFO said he was out of the office at the conference, and asked the CEO to wire $38 million to a particular account, which of course was a fraudulent accountThis is an example of the consequences of living in an era of public information on social media. The scammer pulled together information about the dinner from Facebook, and the conference the CFO was going to was mentioned on his LinkedIn profile. This allows for very targeted and specific scams to be pulled off in a very believable way.
This type of fraud is called “social engineering” and it takes the failure of a person to be successful. It takes education to prevent social engineering crimes. Education is the most powerful tool to prevent crime, but we see very little education by employers to protect their businesses. There is no technology that can defeat social engineering. Education is hugely missing to help people understand the possible threats. People want to know how to protect themselves but there is a huge gap. Every breach occurs because someone at the company failed.
Q: Everyone uses Venmo & PayPal & other digital currencies. How can we protect ourselves?
A: I have no problem with those payment systems as long as you have backed them by a credit card, not a debit card or bank account. I’ve never owned a debit card. I’ve never allowed my sons to have a debit card. I solely use a credit card. By federal law, I have no liability. When I pay the bill, my credit score goes up. When you use a debit card, directly or through one of these payments platforms, every time you use it you expose your account. It is VERY hard to get money back if taken from your bank. To get cash, just use an ATM card, not a debit card.
Q: Do you have an opinion on crypto currency?
A: I’m not big on crypto — it’s another way to launder money. Instead of making it easy, we should be making it more difficult for people to launder money. We have to close loopholes — and that goes for bitcoin/crypto. I look at a lot of these tech companies and try and think of ways to defeat it. If I can do that, so can others.
Q: Where are some of the biggest vulnerabilities with new tech? Are there places people should be paying attention and aren’t?
A: Get concerned with anything coming out of China because the government puts in cameras or tracking devices. For example, cameras on your property, smart refrigerators, etc. Those cameras can be flipped and controlled by people wanting to surveil. People generally think this won’t happen — but many technologies being used by consumers can be manipulated.
Q: How come iPhones can’t be penetrated?
A: They can, for the authorities it’s a matter of how long it takes vs. being given the access information. There is not a foolproof system. If you think there is — you’ve failed to give credit to the creativity of con people.
Q: Mark Zuckerberg has tape over his camera. Are these cameras available to be accessed?
A: They can be. When not using it, I push my camera down. Even if it isn’t on, hackers can activate it and turn off the light to show its not on. It’s amazing what can be done and amazing what people give away.
For example, there was an app made in China, “Age Me,” 80 million Americans signed up and never read the contract that says the company can store, use, and sell your picture. So, China has 80 million photos of what people look like now and what they’ll look like years from now. We do things because no one told us not to.
I never sell anything; I just give people information. Young people are very security conscious but want to be told what to do. A good piece of advice: remove the date of birth and where you were born from any social media apps. This gives away two very valuable pieces of information to hackers.
We live in an era of information sharing. There is a huge problem of linking apps to Facebook and Google. There is a reason an app is free — the app is either collecting data or marketing information. Sometimes it’s harmless, but sometimes it is very harmful. Often, young people don’t understand the threat.
Q: Curious what you think of 1 billion people using TikTok:
A: I’m very, very scared.
We have a tremendous number of cameras in buildings — all Chinese made. You have to be naïve if you don’t think China is tracking it. For any app out of China, I would be very suspicious that there’s a reason for the app. Could be tracing, could be gathering information. I would be very concerned about TikTok and any face altering apps.
We all know about identity theft, yet there isn’t a forcing function to get people to take action and change their behavior. Sometimes you have to scare people to get them to act. Banks have tried to use optimism to get people to take security seriously and it didn’t work. But scaring people into the reality to understand the risks does work. It’s not my intention to scare people, but once you open people’s eyes to it, they’re quick to want to protect themselves.
Q: What is the bigger threat — rogue individuals, organized groups, or states?
States are the biggest threat.
I believe the next big breach will come when attackers breach everyone’s search engines. They’ll target high profile individuals and hold millionaires ransom by threatening to disclose their search history.
I’m an advocate for discretion. we live in an era of way too much freedom of information. People don’t have a deceptive mind and don’t look at it through a negative lens. People want to know but don’t have access to this information. A key to fighting crime is education.
Q: One of our biggest vulnerabilities is our power grid. How is our power grid in terms of safety?
A: 25 years ago, I sat in on meetings to protect the electrical grid. 25 years later they have done nothing to protect it. I would trust my bank 10x more than I’d trust my government. We allow so much fraud to go on — $100million in fraudulent Medicare claims, $300 million in unemployment fraud, food stamp fraud… and it only gets worse. There is no company in the US that could lose $400 million and keep going, but the federal government allows it — the systems are antiquated. These systems are 50–60 years old and there are no longer people that are able to work on these systems. Hackers think to themselves “Who has the most money and who is easy to hack? The federal government.”
We can protect our grids, but we have to have people come together to protect it. There are so many utility companies and so many government agencies. It can be done but needs good minds behind it.
Taking down the power grid is a target for countries that want to cause us harm. Terrorism is going to a black cyber world that will come along in the next 5–10 years. This is more of a threat than scam artists (even though fraud is up 300% in our current COVID-19 environment).
If the economy is bad, people get desperate and do things they wouldn’t normally do.
Q: What’s optimistic about the future of security?
A: Being proactive is very important. I’m encouraged about a future with no passwords. I think they’ll be eliminated in a few years around the world, which will make our systems more secure and more convenient. Not to mention it will be touchless and will make it much more difficult to breach. I’m optimistic about anything to help people protect themselves and understand their risks.
Q: How much of the movie “Catch Me If You Can” is true and what was missed?
A: I saw the movie 2 times and really liked it. I actually liked the Broadway musical better. In real life I had siblings. In real life my mother never remarried. In real life I never saw my father. In real life I only wrote to my mother one way, so she’d know I was ok. In real life I escaped thru the kitchen galley on the airplane. My biggest issue is that the movie made my father look like a con man, when I saw him as the opposite of that — an honest man and a hard worker. Other than that, the movie stayed very close to the truth.
Q: From the movie, did you pass the MCATs or LSATs?
A: Louisiana at the time didn’t require a law degree — so I took the prep courses for 2 weeks, and I had a photographic memory, so I passed the bar.
Q: Have you recruited protégées the same way you came in to the FBI?
A: Actually, I’m the only person the FBI has done that with. I get mail from hackers in jail saying they’d like to come out and do good things like I’ve been able to do. And I say that’s great, but it’s going to take a lot of time to build trust and credibility — it’s a long haul and very frustrating — even today 44 years later many people don’t trust me based on my reputation. I tell people don’t expect it to happen quickly.
Q: Thanks, Frank!
FRANK W. ABAGNALE (Ab’-big-nail)
Author, Lecturer and Consultant
Frank Abagnale is one of the world’s most respected authorities on forgery, embezzlement, and secure documents and cybersecurity. For over 40 years he has worked with, advised, and consulted with hundreds of financial institutions, corporations and government agencies around the world. Mr. Abagnale’s rare blend of knowledge and expertise began more than 50 years ago when he was known as one of the world’s most famous con men. His riveting story provided the inspiration for Steven Spielberg’s 2002 film, Catch Me If You Can, starring Leonardo DiCaprio as Abagnale and Tom Hanks as the FBI agent fast on his heels. The Tony-Award winning musical, Catch Me If You Can, directed by the legendary Jack O’Brien, opened on Broadway at the Neil Simon Theatre in April of 2011.
“I chose to immortalize him on film because of what he’s done for the country for more than 30 years.” -Steven Spielberg
Mr. Abagnale has been associated with the FBI for over 40 years. He lectures extensively at the FBI Academy and for the field offices of the Federal Bureau of Investigation. He is a faculty member at the National Advocacy Center (NAC) which is operated by the Department of Justice, Executive Office for United States Attorneys. More than 14,000 financial institutions, corporations and law enforcement agencies use his fraud prevention programs. In 1998, he was selected as a distinguished member of “Pinnacle 400” by CNN Financial News — a select group of 400 people chosen on the basis of great accomplishment and success in their fields. In 2004 Mr. Abagnale was selected as the spokesperson for the National Association of Insurance Commissioners (NAIC) and the National Cyber Security Alliance (NCSA). He has also written numerous articles and books including The Art of the Steal, The Real U guide to identity Theft and Stealing Your Life.
“Abagnale’s lecture may be the best one-man show you will ever see.” -Tom Hanks
Mr. Abagnale refuses to accept payment for any of his government work. Today, the majority of his income is derived from consulting with major corporate clients such as LexisNexis, Intuit, AARP, and Experian and his public speaking engagements. Mr. Abagnale has conducted over 3,000 seminars on identity theft, cyber crime and fraud worldwide. Mr. Abagnale works as an advisor to a number of print and technology companies around the world. He spent 20 years as an advisor to the Standard Register Company, creating security features for negotiable instruments, car titles, etc. He spent 10 years as an advisor to the 41st Parameter which developed fraud detection technology, now used in 80 countries around the world and recently purchased by Experian. Today, Mr. Abagnale is an advisor to Trusona (www.trusona.com) in developing the world’s first and only insured authentication platform.