Author of the autobiography Catch Me If You Can (on which the hit movie is based), and the hot new book Scam Me If You Can, Frank Abagnale is widely considered one of America’s top experts on consumer fraud. In this extended interview with Bob Love, editor-in-chief of AARP the Magazine, Frank shares his best tips on preventing fraud and provides updates and surprising tales on all the latest scams.
Welcome to The First Word from AARP, a series of conversations with the experts.
Today on The First Word, Frank Abagnale on the rise of consumer fraud and what you can do to protect yourself.
BL: Welcome new members. Hello, I’m Bob Love, the editor in chief of AARP The Magazine and the AARP Bulletin.
Frank Abagnale’s teenage exploits as a con man were memorably captured in his book Catch Me if You Can, which then became a hit Hollywood movie. Frank was lucky enough to be played by Leonardo DiCaprio, and Tom Hanks played the FBI agent hell-bent on catching him.
But Frank’s handful of years conning the system pale in comparison to the impact he’s had in the following four decades as a committed fraud fighter. He has worked with the FBI that entire time, lecturing at the FBI academy and consulting with field offices.
He has also consulted with countless major organizations and has led over 3,000 on identity theft, cybercrime and fraud trends.
Today, Frank is considered one of America’s top experts on consumer fraud. His latest book, Scam Me if You Can, will be published this August.
We are proud and happy to have Frank with us. He’s been with AARP for five years. It’s a pleasure to talk to you, Frank. Let’s begin.
FA: Thank you, Bob. It’s a pleasure to be on with you.
BL: The big question everybody wants to know is, how widespread is consumer fraud today?
FA: Well, fraud in the United States is over $900 billion a year. When you think about the defense of our country, its budget is around $700 billion, so it far exceeds that.
We know that that $900 billion of fraud every year, a big part of that comes from fraud against the U.S. government, state governments, county governments and city governments. Then we have frauds against commercial businesses, credit cards, banks, financial service companies and then fraud against consumers.
When we talk about, for example, seniors, last year $37 billion was stolen from seniors from scammers targeting elderly adults. You have to remember then on average, every single day in the United States, seven days a week, 10,000 Americans turn 65. These scams that are perpetrated against seniors and elderly folks can sometimes cost them their home, their pension, their life savings and enormous amounts.
In 2018, romance scams alone were more than $143 million that individuals lost and again, it could have been their life savings, their pension or all the money they had.
Consumer crime continues to rise because crime basically gets easier and easier all the time. There are so many forms of communication, from social media to telephones — you name it — to get people and catch them in some of these scams.
BL: You know, we write about it and report about it all the time. It seems to us that there are — correct us if we’re wrong — two main categories of fraud; those in which the thief poses as an impostor and dupes the consumer directly, and those in which the thief gains and uses people’s private information to steal money while never actually engaging with the person. Is that a roughly accurate picture of the universe of fraud?
FA: Yes, absolutely. For example, a very big scam going on right now involves individuals with cellphones. Thieves get enough information about us because we tell too many people too many things about us on social media. They get our Social Security numbers, our dates of birth, our names, and the next thing they do is call the phone company and talk them into sending them a new SIM card for your phone. The phone company believes it’s you. When the thieves get that SIM card and put it in their phone, now their phone becomes your phone. If you do your banking business on there and have personal business on there, they get to see everything.
Then of course there are the con men who do use you, which are the robocalls and the emails and all the scams that come through letters where they bring in the individual consumer and scam them as well.
BL: I want to interrupt for just a moment to tell our listeners that if you would like to ask a question of Frank, please email it to us at email@example.com. We will try to answer as many as we can in the time that we have today.
Frank, a recent study suggested that nearly half of all the mobile phone calls now are unsolicited and often fraudulent. Can you give us a few examples of the types of fraud that start with a robocall?
FA: The most common ones that we see are the IRS scams where they claim they’re from the IRS and you owe back taxes, you need to pay them immediately and if you don’t, they’re going to garnish your wages or put a lien on your property. They tell you that you need to pay by getting a Green Dot from Walmart or make a payment with a credit card because they have to have the money right away.
The next most popular scam is the grandparents scam where, again, thieves have enough information about your grandchild, because of social media, and they call the grandparent and tell them that their grandchild has been arrested.
The caller ID comes up with the police departments’ name because you can manipulate the caller ID to say whatever you want it to say: U.S. government, police department, etc.
Then the thieves convince the grandparent that their grandchild has been arrested for drunk driving, they have him in custody and he needs to post bail, or he will have to spend the weekend in jail. They have enough information to convince the grandparent that it is their grandchild. Of course, the thieves want payment right away to post bail and they want the grandparent to use a credit card or get a card from Walmart.
Everything is always immediately and right now. If you said on the phone, “I’m a block from the police department, I’ll come down there,” they would immediately say, “No, you can’t do that. You need to give me a credit card or pay over the phone.”
There are a lot of red flags to these scams. When you learn these red flags, a lot of times you won’t get hooked by these scams.
BL: Let’s go over the red flags. What are the signals that a call is actually fraudulent?
FA: Well two things are going to happen in every scam, whether it’s a six-month-long or a six-second-long scam. At some point, the thief will ask for money or personal information; Social Security number, bank account number, date of birth, things like that.
Even in a romance scam, for example, you may meet someone online and talk to them for six months, speaking with them on phone, emailing. Then one day you might say, “Hey, you only live a couple of states away. Why don’t you come and see me?” “Well, I have to have an operation and I don’t have the money.” “How much is it?” “Well, it’s $30,000 and I might pass away if I don’t get the operation.” “I could loan you the money.”
The first thing I always tell people is that when that red flag comes up, you have to make sure that you know who you’re talking to, that you know who that person is. They’re asking you. You didn’t solicit that call. If they’re asking you for personal information or for money or a credit card number, those are red flags. The minute it comes up about asking for personal information or money, that’s when you need to know that you have to be assured of who you are dealing with.
BL: Jason from Syracuse has emailed us this question, Frank. “Given your success in your teens as a con man, you must be an astute reader of people. What did you look for that made you think a person was susceptible to the con?”
FA: Well, I realized very early on, as I do today, that anyone can be scammed, including myself. It doesn’t matter how intelligent you are. Some of the most intelligent people have been scammed, some of the most intelligent investment bankers have been scammed. Anyone can be scammed.
The truth is, thank God, the majority of people are honest and because they’re honest, they don’t have a deceptive mind, so when they get a phone call or a letter from the IRS, they believe it’s real because they’re not sitting there thinking how someone would do these things and why they would do these things.
I learned early on that anybody can be scammed. It’s just a matter of pitching the person something that interests them and that they feel they’re going to benefit from doing whatever it is you’re asking them to do.
The whole thing about “You can’t scam an honest person” is not true, because people can be easily manipulated and that’s very unfortunate. That’s why today, more than ever, you have to be a smarter consumer and you have to be a wiser business person than you did 20 years ago.
BL: How can we be smarter? Can you sum that up in a couple of tips?
FA: Again, I always go back to some of these scams that come down to two red flags. If I get a call from the IRS and it even comes up on my caller ID that it is the IRS and they say I owe back taxes, I’m going to take the person’s name and phone number, but I’m not going to call that person back. I’m going to go to the phone book or go online to get the phone number for the Internal Revenue Service. I’m going to call them and tell them I received a call. This is who the person said they were; they said I owe back taxes. Obviously, you’ll find out very quickly that that’s a scam. You have to take a minute to verify. Trust, but verify. You have to make sure that the information is right.
If someone calls and says that they are a bank and they start asking for personal information like your Social Security number or the three digits on the back of your credit card, again, you didn’t solicit that call, so you have to be smart enough to hang up, look up the phone number on the back of your credit card for customer service and call them and ask them if they have called you and are looking for information from you.
It doesn’t take much. There is nothing wrong with being a little bit suspicious. Obviously, it’s actually an asset to be so and you need to make sure that you’re dealing with the person that you know to be the real person before you give them any information or send them any money.
BL: Good advice. Do you think people, as they age, become more vulnerable to scams?
FA: I think that people, unfortunately, as they age — they may live alone, they may have lost their husband or their wife and they could get very lonely. They enjoy the ability to speak to someone on the phone if they sound very nice.
A lot of scam artists will work these calls for months. They’re not going to jump right in and say send me money, send me your information. They try to befriend you on the phone. They’ll call and check on you. All of those things are fine until the point comes — and it will come — when they eventually start asking for personal information or start asking you for money.
As people get older, sometimes they’re not keeping up with things that are going on around them. Also, sometimes they’re lonely and enjoy being able to talk to someone or do something with someone whether it be over the phone or over the internet. Please remember that anyone, including myself, can be scammed.
BL: We were talking before air, I was mentioning that in my house, we get six or seven calls a day where the person just says hello, or asks if this is Mr. Love in an effort to get me to say yes. What is that scam about?
FA: Well, for example, my wife had some retail stores in Charleston, South Carolina. A few months ago, someone called one of the stores, got one of the sales clerks on the phone and the clerk said, “Yes, that will be OK.” And the next thing they knew, about two weeks later, they got a bill for some merchandise that they didn’t order. When they called the company and said, “We never ordered this,” they said, “We got a verbal approval. Let me play it back for you on the recorder.” My wife said, “We didn’t order that. We know it’s a scam.” Of course, they try to threaten you and say, “We’ll turn this over to the credit bureau. We’ll give this to our lawyers. We’re going to sue you.” That’s not going to happen.
Scams can happen to anybody. It happened to my wife. I have scams sent to me all the time. I’m sure that people, because they’re overseas, don’t know who I am, but they’re always trying to scam me as well, whether it’s over the internet or over the phone. Anybody can be a victim and have this happen to them.
BL: Let’s move to email for a few minutes. What are the rules for self-protection from email frauds?
FA: Well, these phishing scams between 2016 and 2018, the FBI reported a 136 percent increase in losses due to phishing scams. Most of that money went to 115 different countries around the world. The total amount of those scams last year was more than $12 billion.
What I have found amazing, because I’ve been following these phishing scams for a long time, is how sophisticated they have become. The emails you see now, for example, “Hi, Helen. Great having lunch with you today. We need to do that more often. I hope you and your husband Robert have a great time next week at Disney World with the kids, but when you get back, give me a call and we’ll do lunch again. By the way, I saw this on YouTube and thought you would enjoy it. Here is the link. Take care, Joan.”
What they’re basically doing is going to social media. You have already said your husband’s name and that you were going to Disney World. You mentioned you were going to lunch with your girlfriend and mentioned her name and where you went to lunch and what you ate. When you get that type of phishing scam, it is so convincing that you don’t even think for a second to doubt that it’s the person you just had lunch with a few hours ago.
You have to verify. When someone gets an email in a company from a CEO saying “Send me up all the W2s. I want to review them,” that person — if well-trained — is going to get on the elevator, go up to the CEOs office and say, “I got this email from you requesting to review all the W2s. Did you send me that email?” That’s what they are taught and trained to do now, because of social engineering and phishing scams.
There are 5,000 scams every single day in the United States, and they’re getting very sophisticated so they’re very believable.
This is why every bank now has to call their customer if they’re wiring a large sum of money to verify that it is their customer. Some of those emails, bankers tell me, will simply say: Hey, great golf game yesterday. I scored this, John scored that. It was a great game. We need to play again soon. By the way, I forgot to tell you to wire this money for me yesterday. Here is where I need you to wire it to. The banker is still going to call the person to verify it’s them, because that’s how sophisticated those phishing scams have become.
BL: Can you define phishing for our listeners?
FA: It’s nothing more than social engineering, but when I did it 50 years ago, for example — those who saw the movie or read the book remember — the way I got the airline pilot’s uniform was by me simply calling the airline company and saying that I was a pilot and that I had sent my uniform out through the hotel to be dry cleaned and they lost it. I explained that I had a flight in several hours and where should I go to get a new uniform. They gave me the name of the company. They called ahead and said I was coming there and that’s why I was able to get it.
The difference today, 50 years later, is that there are so many other forms of communication besides just the phone. There are emails, letters, text messages and things of that nature.
It’s a matter of simply getting information from someone. I can call a bank and say I’m you and manipulate that person on the phone enough to get information. It works both ways. For example, I might ask you for the last four digits of your Social Security number. You would think that’s pretty harmless, but then, in the course of the conversation, I might say to you, “Hey, I noticed you have a Southern accent.” “Oh yes, I was born and raised in Alabama.” “Really? You sound like you’re my age. I’m 53.” “No, I’m a little older than you, I’m 62.”
Well, the first three numbers of your Social Security number reveal where it was issued and when it was issued, so that leaves me two numbers to manipulate in the middle. You already gave me the last four numbers. That all stopped in 2013, but anyone before 2013, they could get that information from you.
Phishing is exactly what it sounds like, fishing for information so that they can get enough information. It works both ways, from the telemarketer to the person phishing the bank to get information about you or sending emails or phone calls.
BL: I would think that the best way to prevent yourself from phishing is to never give that information when the call comes from outside the house to you, or the email, rather than you to the outside.
FA: Exactly. It’s that big red flag again; I didn’t send this email. I don’t know who really this person is that’s asking me this information over the phone, and that’s where you have to verify.
BL: How is phishing different than spoofing?
FA: The only difference there is, when they do these robocalls, first of all, the majority are coming from overseas — Russia, India, China — and when they do these robocalls, they’re not from some gang in Miami. They’re looking to get information from you, so they’re going to send and manipulate your caller ID to say whatever they want it to say.
If they can spoof the call, they can give you the actual phone number that is to the IRS and then have that call directed to them. Or they could ring your phone with your daughter’s phone number or your next-door neighbors’ phone number or some local number that you’re very familiar with, and then come on and say that they’re that person and they tell you about whatever their scam is.
It’s a little different. Spoofing is mainly with a telephone device whereas phishing is used by writing letters, using the phone or sending emails.
BL: It’s so sophisticated. Lots of people have this image of a scammer of a lone wolf or an alienated teenager, but most frauds are orchestrated by large organizations, correct?
FA: Oh yes, because it’s a very profitable business. There are gangs in Russia that bring in about $20 billion a year on all kinds of scams and frauds. There are not a lot of American companies that make $20 billion a year. They have tremendous resources and tremendous groups of people to do all of these things.
Even when you try to verify who they are, they have that backed up with information as well. These are smart people. They’ve got a lot of money behind them, they have a lot of resources behind them, so they can sound very legitimate and the stuff they send you can look very legitimate. But again, if you’re going to part with your money or part with information, you need to absolutely know who you are dealing with and who has that information about you.
BL: One of our listeners, Leanna from Austin, Texas, just emailed asking for you, Frank, to tell us a tale of a fraud that you’ve encountered lately that you found — after all your years of doing this — to be particularly cunning or conniving.
FA: Well, this one just came in the last few months and it’s so simple that I know that I would probably have fallen for it. Basically, what they are doing is setting up a merchant number. As you know, anybody can get a merchant number. If you sell something online, Visa or Mastercard will give you a merchant number.
The next thing that happens is that you get your Visa bill and there is a $98 charge on there from ABC Company and you say to yourself, “Whoa, I didn’t buy this. I don’t know what this is.” Of course, you call the credit card company and they say, “Sir, you’ll have to take that up with the merchant. I can give you their number.” So you call that number and someone says, “Oh, we’ve been having some problems with our software and we’ve had some mix ups. It may be a mistake. In order to verify that, I’ll need to have your Social Security number, your credit card number, date of birth,” and other personal information. That’s just another scam.
When I heard that, I knew that I probably would have fallen for that.
BL: It sounds like you’re getting to the real deal, the real place.
Let’s switch to identity fraud for a moment. Let’s say a crook actually gets your Social Security number or credit card number, what can they do with it? What happens to it?
FA: Well, you know, it’s so easy if you have someone’s credit card number and enough information about them [to make charges]. Millions of people know when they get their credit card statement and they see these charges on there from all over the world for sometimes ridiculous items. That’s how simple it is.
Think about if you were to go into a restaurant and you give the waiter your credit card, they could go in the back and write down the number, the expiration date and the security code on the back. They return the card to you. Then they sell that information online.
A thief gets it, looks up your address (because they have your name) and the next thing you know, the thief is ordering. The credit card company asks them for the expiration date, the security code and where the bill is sent. The thief has all that information. The next thing you know, the thief gets the item because they can have it shipped somewhere else. It’s very simple to do. Think about it every time you hand someone your credit card, every time you use your credit card, it can be used [by scammers].
You’ve heard me saying many times that I am a strong believer in only using a credit card, because under federal law I have no liability. So if someone does get my number and charge something to me, it’s not my liability. If I buy something online and they don’t ship it or it’s broken, I’m covered.
I don’t like using the debit card because then the money is already taken out of my account and I have to go back and fight with the financial service company to put the money back into my account. Of course, they say, “We’ll have to investigate. It might take a couple of months before you get your money back.”
Whereas if it’s on my credit statement and I know that I didn’t buy it, I’m going to simply call the credit card company and say, “There’s a charge on here that I didn’t make.” They’re going to tell me to delete and just send me the money I owe. If they need me to sign an affidavit, they’ll send one to me. It’s a much safer way of doing business if you stick strictly with a credit card.
When I get cash out of a machine, I only use an ATM card. I asked my bank not to send me an ATM debit card but just a bank ATM card, and that’s how I get my cash. I travel all over the world every week and I just use that card. If someone gets my card and accesses my bank account, I’m covered by those same federal statutes that cover my credit card.
The other point is that when you use a debit card (and you may use it 20 times a day for 20 years) you’re doing nothing for your credit. So, as a young person, you are not raising your credit score at all, but when you use a credit card and you pay the bill every month or the minimum due, your credit score keeps going up. So you’re building your credit and, today, credit is very, very important. Everything is based on your credit. When you’re applying for a job, they check your credit. You apply for life insurance, they check your credit. You apply for auto insurance, they check your credit. So it’s important to have a good credit score and keep your credit score up to date.
BL: Speaking of cards, we’ve been hearing about a new scam in which people are asked to buy a gift card by a fraud person on the phone and then relay the number to that person for one nefarious reason or another. Have you encountered this as well?
FA: Yes, that’s mainly how they want payment. A lot of times it’s called the Green Dot card, and people can buy them at Walmart. If I’m an IRS scammer on the phone, I don’t want you to send me a check, and if you don’t have a credit card I’m going to say to you: You need to go down to Walmart and pick up a Green Dot card in this amount, and as soon as you get back home, call me or I’ll call you and you can just give me the number on the back of that card.
Basically, they’re able to then get the money from the gift card just as if you were buying something online and giving them the gift card number and they access the money. It’s very difficult to trace because the card is simply something you bought at the store that has a value on it. To them, it’s a very clean way of stealing money anywhere in the world.
BL: Another issue with cards, something that’s been with us for ages now, is that we need passwords. We have depended on passwords to keep us safe and secure in this ever-increasing era of fraud. We’ve heard you say that you think passwords are flimsy protection. What do you mean? What can we do now to make our accounts more secure?
FA: Well, that’s a major thing for me to end my career. I’m already 70 years old, so I want to do this for four or five more years, but one thing that I want to accomplish is to do away with passwords. Passwords are for treehouses. Passwords are a 1964 technology. I was 16 years old when they started developing passwords before I had done any of the things that I had done. Here I am at 70, and we are still using passwords.
For the last five years, I’ve been working with a technology called Trusona, which stand for “true persona.” You’re starting to see it used more and more to access ATMs and information. It’s based off the ability to have your phone, your device identify you. I really don’t like it, but our phone will be the form of identifying us in the future. It knows that it’s you on the other end of that phone.
You might have seen an ad on TV where Serena Williams is going through a market and she sees a necklace that she likes, but she’s in her jogging outfit and doesn’t have her wallet, so she goes over to an ATM machine and uses an app on her phone and she’s able to get her money with no password or card being necessary. That’s starting to become more and more popular, now that we have the ability to do that.
I think you’ll see in the next couple of years that we will eliminate passwords. It will be done slowly. There will always be a website that says, “Do you want to use your word?” but I think we’re getting to the point where we have the ability to eliminate passwords, and that’s long overdue. We need to get rid of passwords. About 98 percent of ransomware, malware all comes because of password problems. We could solve a lot of the internet problems by doing that, because that technology is here.
I’ve had the honor to be able to work on it for the last five year,s and I think that that will be the future. My big reason for doing that is because I have five grandchildren — the oldest is 16, the youngest is one — and I want them one day to walk into a car dealership and say, “I’d like to buy that car. I want to finance it through the bank.” “We’ll send it to a number of banks and see who will give you the best interest rate. Just press the app on your phone to identify who you are.” They won’t need to tell the car dealer their Social Security number or fill out an application and give them their date of birth, where they work and all their personal information. That’s the kind of thing that technology like Trusona would accomplish.
BL: We’re getting towards the end of our time together. I want to address one question from Sheila, a new member who asks, “If you’ve been a victim of identity theft or fraud, what is the best way to protect yourself moving forward?”
FA: First of all, as of September 18, 2018, the federal government passed a statue that allows everyone to freeze their credit, everyone from 16 years old up. Up until then, only about eight states allowed you to freeze your credit for free. All other states charged a $5 fee to freeze it, $10 to unfreeze it. Of course, that was three times that you had to pay it to Equifax, Experian, TransUnion. It got very difficult for people to understand, especially seniors, so the government now says that you may freeze your credit at no cost whatsoever. You can unfreeze it and freeze it back again 1,000 times at no cost. I would recommend to anyone to simply freeze your credit. When you need to use it, you just unfreeze it. If you’re applying for a job and your employers says, “I need to do a background check and credit check,” you unfreeze it to allow the employer to do that. If you’re going to buy a car, you unfreeze it to allow the dealer to do that.
Especially when we talk about seniors, they basically already own their home, they own their car, they have a couple of credit cards, but they’re not looking to use credit, then they absolutely want to freeze their credit. When you freeze your credit, no one can see your credit without your approval, so I always recommend that people do just that.
And make sure that you shred everything that has personal information on it. I prefer micro-cut shredders. Those are shredders that are the same size, but they cut paper to the size of a piece of rice. There isn’t any technology to put that back together again. We can put back straight ribbon shredders. If you’re going to buy a shredder, it will say on the box what type it is, and always look for that micro security shredder, because that’s the best one to use.
I have used a credit monitoring service since the early ’90s because I like the ability to check my own credit. I can go online 10 times a day and look at my credit. I can see what my credit score is in real time. I can see any inquiries being made against my credit, so if something looks suspicious, I can do something about it. They also monitor my credit for me.
The final thing I would say is, be very careful when going into a grocery store and writing a check. Because on that check is your name, address, phone number, your bank’s name and address, your account number at your bank, your routing number into your account — that’s wiring instructions — your signature on the signature card at the bank, and then the clerk writes on the front of the check your driver’s license number and your date of birth.
We don’t get the check back because we live in [inaudible], so we get an image of the check. The physical check goes to that company’s warehouse where it’s stored for 65 days and then destroyed. Anyone who sees the face of that check, — from the clerk who took it to the guy who made the night deposit all the way up the line — could literally draft on your bank account or order checks like through checksinthemail.com and put their name on them and your account number, and every check they write will debit against your account.
God forbid you wrote that check off your private banking account, your mutual fund account, your wealth management account where you might have a lot of money.
I’m a little old fashioned. I write a check to pay my mortgage and the insurance company, but I’m very careful about who I write checks to in today’s environment.
BL: Excellent advice, Frank, thank you. We could talk for hours more, but we’ve run out of time today. So, on behalf of our listeners and AARP, we thank you for your wisdom and your guidance today and for your ongoing battle against consumer fraud.
FA: Thanks, Bob.
BL: It’s a good moment to note AARP’s commitment to fighting fraud as well. Go to aarp.org/fraudwatchnetwork to learn all about the latest frauds and how to protect yourself. If you think you might be a victim in a fraud, call our help line and, of course, turn to AARP The Magazine and the AARP Bulletin and our website aarp.org for ongoing coverage of frauds and all the things you need to make your life safer and more secure.
Thank you all for joining us for this The First Word from AARP.