Hacker News new | past | comments | ask | show | jobs | submit login
Frank Abagnale on the death of the con artist and the rise of cybercrime (wired.co.uk)
153 points by cryptozeus 4 days ago | hide | past | web | favorite | 73 comments

Where have people landed with regards to Frank Abagnale and the veracity of his past exploits? I know there's a section on his Wikipedia page about it[1], but I don't know if there have been any recent corroborations that cleared things up. (On a personal note: I was quite let down to discover some of the stories were — at the least — exaggerated. Though if it turns out it's all fake, it would be an entertaining story on its own: a con man who cons people into believing he was a con man!)


There's a Google talk that he did I found fascinating (on YouTube). Didn't seem to toot his own horn much (long con?!?).

If he did a Google Talk ... that's kind of already tooting his own horn

No, watch the talk. He doesn't toot his own horn at all.

He was the closing keynote at our annual conference (Okta's Oktane) last year and it was the same way. He was open and clear about what he did, how much he regretted it, and why he did it. Fundamentally, it came down that he was young (16), scared (parents getting a divorce), and stupid. He reacted out of fear and total disregard for other people. He also talked about coming through the other side and learning what mattered and why.

I sat down in his keynote as a fan of his exploits and finished as a fan of the man himself.

Watch the Google talk.

I was there for his Oktane talk and was just thinking about it yesterday. I was hacking on Solid, and recalled Sir Tim’s talk, then Frank’s. Two days before I attended Oktane I had spoken at my father’s memorial service. Frank’s comments on the importance of family were incredibly poignant. I found him to be credible and prescient on many fronts; his intelligence was obvious and his understanding of cybersecurity was deep and nuanced. It’s definitely among the top talks I’ve ever heard at a conference. Huge props to Okta for having him, and getting me there. It was a great gift to have a reprieve from grieving, and to take in all things identity. Especially from a man that has tried on so many.

Kind of. Once you've had a blockbuster movie released based on your exploits, starring Tom Hanks and Leonardo DiCaprio, I don't think a Google Talk goes very far on the horn tooting scale.

There’s literally thousands of Indian call center scammers that are fleecing people of money purely be convincing them that they’re fixing their computer when they’re doing nothing or that they’re due a refund but got too much money and need to pay some back.

Or there’s the IRS scammers who call you and tell you that you owe taxes.

Most of these involve really pathetic attempts at impersonation and the only reason people fall for it is ignorance.

So con artists are by no means dead and YouTube is full of channels where con artists con the scammers.

IRLRosie and Kitboga in particular are hilarious.

It is not just the elderly who can be victimized. These callers use sophisticated scripts to scare people, engaging the fight-or-flight reflex. Once you feel profoundly threatened, parts of your brain physically shut down, quickly making you far dumber and more easily manipulated by somebody promising to save you.

Plenty of smart, young engineers have fallen for phishing scams with similar structures. The elderly and ignorant are especially vulnerable, but every single one of us, without exception, is vulnerable to being conned.

We'll usually agree afterwards that it could have been easy to see from the right perspective. Hindsight blinds us to the reasons people are vulnerable in the first place.

Right. I recently experienced this, when I got an Email from Amex that there had been a suspicious transaction on my card and asking me to confirm it and call them if I hadn't made it. Since it was a 460 EUR charge from some online wine shop in Spain, I did call the number in the email and only when I was in the middle of telling them my card details (including CVC, of course) I realized that I could be talking to a scammer, so I stalled a little and googled the number, confirming that it was indeed a legit Amex support number.

Companies really should design their procedures more to not look like social engineering...

I just received a scam call a few minutes ago; your social security number has been "suspended." Call us immediately.

I think of all the elderly these people are terrifying and my civility slips a bit. Kitboga is great and all but that's not a solution.

> the only reason people fall for it is ignorance

That's not correct. Mental faculties deteriorate with age; mindful people that would never have fallen for this nonsense become vulnerable every day. Ultimately no amount of 'education' can fix that. That's what these scammers are really preying on.

Things like this make me think there might be value in an "elderly mode" on phones wherein the phone only accepts inbound calls from numbers that the user has made outbound calls to in the past. Businesses you haven't called yourself would have to use the postage system instead, which seems like a positive improvement. Of course, such a system would not necessarily be worth much until the number spoofing problem has been resolved. Two phones both in elderly mode could whitelist each other using NFC perhaps.

(Maybe that's not a great name for it. In truth, I think I would use this elderly-mode too.)

Not too dissimilar from just putting the phone into whitelist mode where it ignores every number unless it is from one of your contacts.

>> the only reason people fall for it is ignorance

> That's not correct. Mental faculties deteriorate with age; mindful people that would never have fallen for this nonsense become vulnerable every day. Ultimately no amount of 'education' can fix that. That's what these scammers are really preying on.

On this analysis, the problem could be solved by organizing society into large family groups instead of a bunch of small independent households. When "the family finances" are a thing and several different people can see them, this is a pretty unlikely failure mode.

You can achieve something similar in the US, but first you have to notice the problem and then you have to have the victim legally declared mentally incompetent.

This assumes that families are always safe and trustworthy, and that every individual is content with sharing their life details with their family. We're moving away from the model you propose because that assumption is not universally true.

That said, many banks (at least in EU) already offer shared accounts or multiple-reader accounts to consumers, though multiple person transaction sign-off is reserved for business accounts.

> organizing society into large family groups

I think I prefer our largely clan free 'society.' The vast bulk of these scammers are the dregs of our species and could be effectively thwarted with fairly simple policies. Limiting gift cards to domestic redemption, for example. No need to re-engineer everything around some sociologic noble savage fantasy.

No thanks, family members are some of the worst scammers out there.

90% of perpetrators of fraud are known to their victims.


On a personal note, if my dad had access to my bank account it would be completely drained the next day.

Also I’d argue that GOOP and Gwyneth Paltrow are running a kind of confidence scheme.

There are also "multi-level marketting" pyramid schemes and high pressure timeshare salesmen still out there. The difference between an outright conman and a high-pressure salesman seems marginal at best.

Fun fact: the second largest industry in Utah (after tourism) are pyramid schemes. They do billions in revenue. It’s also the center of the entirely unregulated bogus, vitamin/supplement industry.

So not only are conmen alive and well, they’re a primary industry in at least one US state.

Don't forget that the entire boom in supplements/vitamins in the industry is the result of Orrin Hatch, who sold snake oil door to door to put himself through college, and then as Senator, succeeded in getting supplements declared as neither a Food nor Drug, so the FDA essentially couldn't regulate them.

I think it's fare to say that Orrin Hatch's career has resulted in millions of people being fleeced by quack snake oil, and some non-trivial number of people's health harmed.


It is insane that an entire state is actually happy to be a save haven for this trash instead of cracking down on it. It isn't like they don't know either, there are more than enough stories out there on the dangers and negative effects of MLMs (both financial but also health-wise since the MLM paddlers will often make bogus health claims related to the scams they're hawking) for anyone in power to know these are bad and should be regulated out of existence.

That is the problem with provincial or local level government - they are effectively encouraged to go with antisocial options like that and guard them because it localizes benefits.

One virtue of a centralized system is that their incentives are to stop this parasitic crap because the systemic costs are greater.

Utah is sort of like an American Australia, but populated by a single criminal and his cult followers who fled other states. The state is run by members of the cult.


Please keep religious flamewar off this site.

This is why I just ignore unknown contacts unless I’m expecting a call at the time.

And rule of thumb: the government doesn’t call anyone for tax stuff.

They can send the police or tax auditors to find me in person if there’s a real fucking problem. Hopefully, I’d get certified mail before that happens.

Obligatory link [0] to his amazing talk at Google a while back.

[0]: https://www.youtube.com/watch?v=vsMydMDi3rI

He's delivered that talk at many different companies. I had the opportunity to see it last year. I was surprised at how consistent his word choice and cadence were between the two instances of the talk.

Very common in public speakers.

YouTube often offers the opportunity to catch different stops on speaking tours.

Talking heads in multiple TV soundbites, or candidates in stump speeches as well.

It's the same with podcasts when someone comes out with a new book.

Somehow I am not surprised by him liking precision

A good presentation is rarely unrehearsed.

> Today you can call any corporation in the world and tell them you are getting ready to wire them money and they will tell you the bank, the wiring number, the account number. You can then ask for a copy of the annual report and on page three are the signatures of the chairman of the board, the CEO and the treasurer. It's all on white glossy paper with black ink – scanner ready art. You then just print it onto the cheque.

Banks know about websites and printers so there's no way this would work... er, right?

My bank cashed a check against my account where:

1. the payer name was not mine

2. the payer address was not mine (and was in another state)

3. the signature was that of another person

4. the checks were not issued by my bank


In the normal course of check processing, a device reads the MICR line of characters at the bottom of the check and the amount. The name, address, signature and other features are usually not processed unless the amount is high, the account has specific services, or some other indicator is tripped.

These days there's no excuse for not OCR'ing the payer name and address.

I hope you mean "My former bank."

That sounds like it’s worth reporting to the news!

The bank later tried to sell me blank checks on their extra cost "security" paper. I laughed.

It would work, but it would be hard to actually get the money. They would know where it was deposited, and you wouldn't have access to the funds until the check clears, and it could be caught before then.

>What I did was almost 50 years ago and it's about 4,000 times easier today to con people than when I did it. To forge a cheque 50 years ago, you needed...

The thing is back in the day, if you put in the work, your con was all but guaranteed. I don't think you can make that same claim today.

There are about 1000x the cons to run now, though, most of them using the identifiable information that is already on the internet. Just look at the conflation of some combination of birthday and ssn as “proof” of id in spite of millions of employees having easy access to the information. Christ, for some reason Comcast has my ssn despite having zero legitimate use for it. Add automated phishing and you have a cash printer.

Sure you can. Checks were harder to get rid of 50 years ago.

On the street we have a legit smalltime money-laundering industry in terms of retail gift card availability. A real common racket these days is targeting immigrant business people pretending to be the utility company/IRS/etc and demand gift cards to settle some matter, for example. There is a huge underground economy out there.

Off the street, the complete lack of security controls around ACH is an even more extreme risk. Just rob a mailbox and steal account info from checks.

It shocked me that Bank of America would deliver box of checks that were just dumped on my porch. I found them 3 days after I got email they were delivered in the bush next to front door. I remember years ago I had to be present home and DHL came and required ID/signature to receive those. That was 2014. In 2020 I guess they saving extra money. Fun fact - there is over $8MM in the corp account that these checks could cover.

It would seem to worth looking into positive pay --- the idea is you send a daily file with the checks written, and BofA will automatically clear anything in the file, and exceptions would be sent to you for review (or maybe just rejected). It's a common feature for corporate accounts, because it eliminates check modification fraud.

FWIW a number of years ago Wells Fargo was willing to have my refill checks sent to the bank branch where I could pick them up.

Don't know if banks do that sort of thing anymore. If not, then WTF is the point of "branches"? If they don't provide any value added then they are just expensive real estate and warm bodies.

Of course in hindsight in Wells Fargo's case we know that those warm bodies were expected to push all sorts of ancillary products on customers (they never did that with me).

The ACH issue is why Donald Knuth no longer sends out his famous checks to people who find errors in his books but now uses mock check-like certificates. Typically people didn't cash the checks but put them on display for bragging rights, and apparently somebody used the numbers to scam his bank account.

Yea exactly. Nowadays with so many things being digital, some things are harder to con. For example, a check can now be verified within minutes through digital machines. Frank wouldn't have to worry about that 50 years ago.

Con men/women are everywhere in every era. They just change their mediums and methods according to the times.

These days you leave a much longer trail, though. You can't just walk away from your attempted con. It could come back to bite you at any time.

Law enforcement has nearly no interest or ability to prosecute and punish fraud though, especially if you wrap it in an LLC. As long as you don't mind getting caught, the punishments are merely a cost of doing business.

Today provides tons of forensic evidence. So I don't really think it's any easier, at least for anyone living in a western country.

On an individual victim, maybe. But today, you can scale your efforts much more easily.

Every couple of months the Washington Post covers the arrest of conviction of somebody who has been swindling people out of houses or many, practicing law without a license, etc. They may not have the style of Frank Abagnale, but they are far from extinct.

please add (2017)!

At the bottom of the article, it says a reprint from 2013!

Patch Me If You Can

I literally just watched Catch Me if You Can last night. Haven't in a while. Have noticed before where I just watched or did something and the next day see a news feed item aligning with that. Is it just a coincidence? Something like this seems just too much to be a coincidence. Some how ad targeting? Though I watched through AppleTV, can't remember if through HBO, Amazon Disney+ or Netflix as I use all the apps all the time interchangeable. Ad targeting would seem most likely but unlike when viewing in a browser where I'd expect to be target seems odd when the interaction wasn't in a browser. Or I suppose it could be that these articles are appearing coincidentally, and just having watching/done something very recently my mind recognizes much more than it would otherwise?

The phenomenon you mention last, is called reticular activation. It's the same thing that occurs when you buy a new car, and suddenly you notice the model you picked has become more popular on the roadways. It's not that sales picked up after you bought it, it's just that your brain now plucks it out of the environment automatically and effortlessly.

It's the same thing that causes people to think their phones are always listening to them and serving ads or whatever based on that.

"Well I was just talking about <insert popular movie> and then I got an ad for it!"

What actually happens there usually is whoever you were talking with googles it, they know you were together and might have talked about it through fine grained location data, so now they target ads at you about it as well since the other person’s search immediately after an interaction with you is a good indicator you may have discussed it or you may be interested in it.

No need for the mic.

Big if presently true.

Ultimately people are going to spy on everything they can get away with, more data for the neural network to make you buy things...

Except the fact that Facebook's app may not listen to you doesn't mean advertisers they integrate with don't have sdks in other apps that do / have in the past.

So yes. Phone likely is actually listening to you if you ran into this and actually literally never searched for bell bottom shaped cast iron skillets but see them in your ads now.

Our brains are exceptionally good at pattern matching. The problem is so much of it happens automatically and "subconsciously" that we tend to attribute it to grander schemes.

A good amount of religious motivation has been based on this disconnect in our brains. And plenty of quack science (speaking of conning people).

The flipside is that sometimes things become available and then there's a publicity push on those things. For example, in this case, Catch Me If You Can just became available on one of the popular streaming services, and Abagnale is speaking at an event he wants to promote next week, so the articles appearing about him are likely promotional.

I've noticed something similar as well. I like to think of it as algorithmically assisted bader meinhoff syndrome. It used to be that you heard of something and then saw it because your brain was now aware of it. Now your brain is still aware of what you've just read but digital systems are also looking to feed you things. They're not working together but having two things working at once makes it happen slightly more frequently than if your brain alone was just working to bader meinhoff you. But now your brain sees more patterns and believes it's getting "bader meinhoffed" more often. It's purely a speculative hypothesis and I'm happy to be proven wrong but it's the best answer I've been able to arrive at for a sort of glitch in reality that I've experienced recently as well.

It's unclear if the parent comment is sarcasm or a real comment. Hacker News is certainly not feeding articles to you based on what movies you watched last night.

Netflix also suggested it to me last night. (It had been on my list for a while, but Netflix showed it near the front.) It sounds like he's "trending" and the various services are all feeding on that.

Or another maybe more likely option I guess is that I watched it because it was being featured on one of the app platforms, and then news feed apps/sites know what has been featured and that a lot of people are probably watching a certain show and thus write an article or share an old article that will be top of mind for people. I guess that may be most likely in this particular case.

Baader–Meinhof phenomenon

If you hadn't watched the movie recently you might have just skimmed past an article about Abagnale without a second thought.

I literally just watched it several months ago - maybe 3 - and saw the same news feed item.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact