Reformed Con Man Frank Abagnale Now Works to Plug IT Security Holes
Abagnale said that companies rarely take the time to really run employees through the scenarios they should expect when someone is trying to find a way into their company. He said that employees need to know what to expect when they get typical leading questions from a variety of sources. Not only should they be aware of phishing emails, for example, but they should be aware of leading questions on the phone. He used a conversation his wife had had with a sales agent when she was ordering something online. He noticed, for example, that she gave her age and her place of birth as part of the conversation. "This is part of what you need for identity theft," he said he pointed out to his wife. The same thing can happen at any organization in which seemingly innocent conversations can provide a caller with pieces of information which, when combined with other pieces gathered at different times and from different sources, can provide everything needed to take someone's identity long enough to create a breach. Unfortunately, cyber-criminals are getting better every year. Abagnale said that one way this is happening is that call center workers are being paid large sums of money to request personal information, such as social security numbers and birth dates, when they take orders over the phone as part of their jobs.It's things like this and situations where a criminal pretends to be a legitimate caller from the IRS, a bank, or another source that people are comfortable with and then ask for personal information. The fact is, they aren't with the bank or the IRS and the personal information ends up being used for fraud, and in many cases, for use in a breach of an otherwise secure system. Abagnale explained that the real problem in many cases isn't having access to secure technology. It stems from the lack of a security mindedness. Because employees aren't trained adequately, they don't know how to spot a potential problem and they don't know what to do if they find one. He said that employers need to show employees what they should expect, but he added one more thing. "Employees will work to help prevent breaches once they understand what they can do," he said. It pays huge dividends if the employees also realize that their job is important and that they play a critical role in helping keep their organization secure. "The majority of people are honest," he said.
Then after they place the order with their employer, they pass the information, including the personal data that they gathered in addition to cyber-criminals and collect a nice additional paycheck.