Catch Me If You Can is based on the real-life exploits of Frank Abagnale – a fraudster turned FBI consultant, Quanitco instructor and cybercrime consultant. For more than four decades, he has worked with the federal government and private companies to help them combat fraud.
In October of 2017, Abagnale gave a talk as part of Google’s Security and Privacy Month. The video of this talk is embedded above. And the transcript can be found here.
He’s a charismatic, articulate speaker. It’s easy to see how he managed to fly a million miles for free, aboard more than 260 commercial aircraft, visiting more than 26 countries – all on Pan Am’s dime – living a jetsetter lifestyle fueled by confidence schemes and hundreds of thousands of dollars in forged checks.
Negligent Employees are a Cybercriminal’s Greatest Asset
Abagnale points out that companies like Chase Bank spend half a billion dollars annually on upgrades and enhancements to their data security systems.
Hackers cannot easily punch through firewalls, Virtual Private Networks (VPN), or corporate security software. Instead, they leverage time and human fallibility to discover and exploit weaknesses.
Abagnale has played a key role in the investigation of every breach that’s occurred over the past 20 years. He claims that“…every single breach– every breach occurs because somebody in that company did something they weren’t supposed to do, or somebody in that company failed to do something they were supposed to do.”
This could mean that an employee in the accounting department provided bank account and routing numbers to someone on the phone claiming to represent a vendor that wants to electronically transfer a payment. Or IT personnel failed to update their servers with the latest security patch.
When people and technology are operating as they’re designed, hackers are left out in the cold. But failure to follow established procedures exposes the system to vulnerabilities.
To be fair, employees shouldn’t shoulder all of the blame for these breaches. Some of the fault rests on executives that fail to properly communicate with and train key personnel. And cost-cutting measures can negatively impact employee training, or lead to a shortage of people to effectively maintain data security.
A hacker only needs to get lucky once. But companies and law enforcement have to remain vigilant 24 hours a day, 7 days a week, 365 days a year.
The Future of Cybercrime is Heartbreaking
Towards the end of his address, Abagnale draws attention to the dangerous unintended consequences of technological progress. It’s a sobering message, considering his audience is Google’s workforce – an organization that issues bikes to their employees so that they can access the physical structures of their ever-expanding cloud data centers in a timely manner.
Right now, it’s possible for a hacker to hijack a pacemaker from 35 feet away. The FBI tests this equipment at Quantico in order to warn companies of dangerous flaws in cutting-edge technology.
A car that’s evading police can be hijacked by law enforcement – or a sophisticated criminal entity – as long as the attack is executed from within 35 feet.
And for connected devices – think of OnStar, or your wireless enabled security cameras that upload footage to the cloud – the attack can be executed from thousands of miles away.
So, what can we do to protect ourselves from cybercrime?
Cybercrime impacts everyone from bloggers to Fortune 500 corporations. It’s impossible to be 100% secure against identity theft, cybercrime and fraud. But, there are steps you can take to make you and any organization you manage more secure. The name of the game is reducing risk.
Use a Major Credit Card to Complete All Transactions
Abagnale shared that he runs every transaction through a credit card. He does not use debit cards. His reasoning is that any fraud that occurs on a major credit card account is quickly handled by the credit card issuer, without a temporary or permanent loss of funds in a checking or savings account. And, per the terms of most credit card agreements, there is zero liability for fraudulent transactions that take place on a credit card account – this could include goods are services that are paid for, but not delivered or defective.
Take a close look at your credit card’s terms and conditions. You may want to start conducting all of your transactions through this type of account.
Use a Secure Password Manager to Improve Password Hygiene
There are a variety of secure password managers that offer an encrypted home for your various account credentials. Remembering different passwords gets confusing. So, many people try to simplify or standardize their passwords.
This is a bad idea. If one account is breached, all of your other accounts secured by the same password could be breached. I personally use a random password generator for every account that I own. Each account has a unique password. And my password manager allows me to easily copy and paste these complex passwords into online forms for easy login.
Enroll in Identity Theft Monitoring and Protection
Did you know that you can check all 3 credit reports for free? Checking your own credit will not harm your credit score. Experian allows you to create a free online account that will refresh your Experian credit report every 30 days. Transunion has an online request you can fill out every 12 months to view a copy of your Transunion credit report. And Equifax uses the same online request system as Transunion to fulfill their obligation to provide you with a free annual credit report.
Freeze and Unfreeze Your Credit
If you do not plan on making any purchases or transactions that require a credit check, you can freeze your 3 credit reports. This blocks other individuals and organizations from making changes to your credit report. A frozen credit report would result in any requests for new accounts or creditworthiness inquiries to be rejected until the account is unfrozen.
You still continue to receive updates to your credit reports from existing lenders and accounts. So, your score can still change while the report is frozen. The purpose of a credit report freeze is to prevent unauthorized individuals from opening accounts without your knowledge. Of course, you won’t be able to open new credit or lending accounts either without first unfreezing your credit report.
In some states there is a fee – around $15 – that must be paid to freeze or unfreeze your credit reports. Abagnale is against this policy, as he feels it discourages consumers from leveraging every protection they have against fraud.
Companies Should Leverage Password Replacement Technology
The other really cool thing that I learned from Frank’s talk was that we are within a few years of a password-free existence. How is this possible? There is an aggressive technological movement in the works. It started with a private contractor for the CIA. And now it’s moving its way into the retail space.
TRUSONA offers technology that removes the need for static passwords. Instead, it leverages multiple identity verification tools at once. These include multi-factor authentication, device identification and secure communication protocols. All of these different sources of identity verification remove the need for static passwords and give organizations absolute certainty that an authorized user is on the phone, logging into a website or submitting a request.
Companies should upgrade their infrastructure to support this new type of user authentication. It’s been proven in the field by the CIA. My guess is we’ll see this technology roll out to banks and financial institutions next. And innovative companies will quickly realize that everyone is happier and more secure in a post-password world.
To wrap this up, I’ll leave you with this thought: There’s beauty in the fact that Frank Abagnale went from being an adolescent turd to a functional member of society by taking advantage of opportunities provided to him. He makes no excuses. He got up off the ground of his jail cell and followed a productive path that has allowed him to raise a family and serve his country.
I think as entrepreneurs we get lost in the misery of the grind. The advice he offers is solid. And his experiences are fascinating. Hopefully we can all take something productive away from his talk at Google’s campus.