There are so many security features built into the computers and other technology we use, that most of us feel protected from cybercrimes. Unfortunately, this is a mistake that often proves to be costly. Skillful criminals are constantly on the prowl for victims – and they just may be targeting you.
That’s the opinion of Frank Abagnale, a former con man par excellence who now works as an FBI Academy instructor and expert at preventing cybercrimes.
“I tell CEOs and CIOs that the most important job they have is protecting the information that’s been entrusted to them,” he says. But many employees, including those in senior positions, are not adequately trained. As a result they are duped by phishing scams – attempts to obtain sensitive information by posing as someone trustworthy – or social engineering scams – psychologically manipulating people into divulging confidential information. “People are basically honest and don’t have a deceptive mind. When they see an email that is very official-looking they assume that it’s real.”
Abagnale has been an instructor at the FBI Academy for more than 43 years and what amazes him is how much easier it is to commit crimes now than it was when he engaged in crime 50 years ago. “It’s actually 4,000 times easier now because back then all of the technology that’s available today didn’t exist. Technology absolutely breeds crime. It always has, and there will always be people who will use technology in a negative, self-serving way.”
While the number of tech-related crimes being committed is amazing, even more incredible is that some of the largest firms have been successfully targeted. For example, last December a breach at a Marriott reservation system compromised personal information of about 500 million people; a security breach at Facebook last September affected 50 million users. And as a result of a security failure at Equifax, one of the nation’s largest credit-reporting companies, more than 145 million US consumers face a heightened risk of identity theft.
According to Abagnale, every breach in security occurs because someone in a company did something they weren’t supposed to do, or someone in that company failed to do something they were supposed to do. “Hackers do not cause these problems, people do. All hackers do is look for weak points to get in.”
Equifax, for example, didn’t update their systems, nor did they fix their security patches; hackers took advantage of these lax security measures and both the companies and their clients paid and are still paying the price.
Clearly, the numerous security systems in place are not getting the job done, and at the top of that list is the use of passwords. “They are a 1964 technology and are for tree houses,” he says, “They were developed when I was 16 years old [he just turned 71] and we’re still using them.” In his opinion, the shortcomings and weaknesses of passwords are the reason for most of the malware, ransomware, and related cybercrimes.
How To Play Password
Abagnale has spent the past five years working on a project that would eliminate the use of passwords in all the places they are used now. Initially, sites will offer users a choice of using a password or not using a password. Either way they will be phased out and this process has already started.
Fifty years ago, Abagnale used a very primitive form of social engineering to get a Pan Am uniform as part of a scam he planned; in those days the only way of doing that was by using a telephone. Today, by contrast, there are many high-tech options for scamming people, some using telephones.
Here’s an updated version of that scheme. Someone calls a phone company and claims to be you. He gets answers to all of the security they could ask, and then tells them the SIM card in his phone is broken and he needs another one. The company readily sends a replacement, and at that point the caller essentially has your phone as well as all of your contacts, banking, and other information.
Even if that rep was suspicious, he or she can only ask questions that have been programmed on the computer, like, “What’s your social security number?” or “What’s your mother’s maiden name?” According to Abagnale, the answers to these questions are easily found on social media.
Years ago the FBI was focused mainly on domestic criminals, which means they had the power to investigate and even to arrest them. Today there are about 5,000 phishing emails every day. Most of the money scammed, about $12 billion a year from phishing emails, goes to 115 countries around the world – Russia, China, India – where those phishing emails are initiated. What this means is that even if the FBI knows who the cyber criminals are and has their addresses, it doesn’t have the power to arrest or extradite them.
“That’s why prevention has become much more important over the years, because once your money is stolen you’re probably never going to get it back again,” he says. “The main thing is not to let them steal your money to begin with. We have great technology. The problem is that most companies don’t use it.”
And the problem with individuals is that they are too trusting. By having an attitude that “this will never happen to me,” or “Why should I worry, I’m not a big company,” or “I don’t want to spend the money on the software,” you open the door for hackers to get in and that’s exactly what they’re hoping for.
Individuals often make another mistake: they choose easy-to-hack passwords like “ABCDEF” or “123456.” While easy to remember, these are also easy to hack or even to guess. Unfortunately, too many people have learned this lesson the hard way.
Sources: techrepublic.com; usatoday.com; wikipedia.com; wired.com