The death of the password
Tuesday, October 08, 2019
rank Abagnale of Catch Me If You Can fame has just released a new book: Scam Me If You Can. In it he explains why fraud is growing exponentially. He believes there are two key reasons. The first is the increasing 'impersonalisation' of fraud. In the past scammers were confidence tricksters who committed their cons in person as the technology didn’t exist to be able to scam remotely. Therefore they got to know their victims and would generally defraud them out of ‘some’ of their money, not ‘all’ of the money. Apparently, there was more compassion for the victim. However, today, scammers can be sitting in their home, potentially in a totally different country from their victims. There is no relationship, no sympathy or empathy; they take what they can.
The second is increased access to personal information. When interviewing fraudsters the number one source they cite for stealing someone’s identity is Facebook. Abagnale recommends that people should never mention where they were born or their date of birth on social media. These are the gold standard pieces of personal information.
He gives an example of one scam currently being used in the US amongst grandparents. The victim receives a call “We arrested your grandson. He got a DWI (driving while intoxicated) on the [insert local road] and was driving [insert make of car], he didn’t want us to call his parents, he asked us to call you. If he doesn’t post bail in the next two hours he’ll have to spend the weekend in jail. You can give us a credit card over the phone and you can post his bail on your credit card.”
From Facebook the scammers are able to source pictures of young drivers with their cars and then find information about their family members. Once you have the key pieces of information it isn’t hard to fill in the blanks to build up a convincing picture.
Another theme of the book is also the uselessness of passwords. Passwords are an analogue solution for a digital world. They were invented back in 1964 and are not fit for purpose. The issue is human; not technological. It just takes one person to sell the password data on, or for a breach to occur, as they have many times. Not to mention the fact that 59 per cent of people use the same password for everything and Microsoft estimates that 63% of network intrusions are a result of compromised user passwords and the latest Verizon Data Breach Investigations Report found that 81% of hacking-related breaches involved weak or stolen passwords. Passwords are not secure. They are easily lost and even more easily stolen, via phishing or malware attacks.
Once a cybercriminal has access to the password, they can replay it over and over again which is why he believes over the next few years there will be a shift towards authentication. Authentication is the basis of our deceased fraud prevention solution, Halo, which helps organisations identify potentially fraudulent transactions being made in the name of someone that has passed away. We can determine that the person making the transaction is deceased and therefore it must be fraudulent.
For further information about deceased authentication please don’t hesitate to contact us.