[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 10 May 2006, 22:21 GMT 23:21 UK
No more Mr Nice Guy?
By Jeremy Scott-Joynt
BBC News business reporter

The conman, it seems, is an endangered species.

Frank Abagnale
Frank Abagnale: the "father of social engineering"

Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune.

In his place: countless thousands hunched over computers, stealing bank details and exploiting technological weakness - without witnesses, and often for hire.

"There's none of what we used to call conmen these days," says Frank Abagnale. "There's no need for that any more."

King of the con

Mr Abagnale really ought to know.

For most people, he is the quintessential king of the con, thanks to his portrayal by Leonardo DiCaprio in the 2003 Spielberg movie Catch Me If You Can.

Mr Abagnale was caught at the age of 21, and spent five years in jail before the FBI had him let out - on condition that he started to help them instead. Indeed, for most of the past 31 years he has taught a white-collar crime course at the FBI Academy in Quantico, Virginia.

But people doing what he did - the lone conman approach - aren't the big problem any more.

The US loses about $660bn (354bn) to fraud each year - equivalent to about 6% of gross national product - with $20bn alone going in cheque fraud, Mr Abagnale's old speciality.

Assembly-line fraud

Thanks to the brave new world of technology, fraud is now an industrialised business.

"Technology means that what I did 40 years ago is 4,000 times easier to do today," he says.

Every system, every technology, every document has a flaw somewhere
Frank Abagnale

Organised gangs rule the roost. Be they Russian, Chinese, Korean or homegrown, they have the resources to achieve results.

"They're like any other business," he says. "They're prepared to invest in order to get what they want."

The result: the blizzard of emails "phishing" for bank details or flogging fake lottery scams; the mass purloining of customer data from banks and retailers; and at the most extreme level, the - foiled - theft of more than 200m from the computers of Japanese bank Sumitomo in 2005.

Fool me once...

All of which might seem to leave Mr Abagnale's former speciality, known in the trade as "social engineering", looking a little bit out of date.

Social engineering, simply put, is the core skill of any conman.

It is the ability to read a person's blind spot, tell them what they expect to hear - and get them to tell you what you need to know.

In effect, it is the conversational equivalent of a magician's sleight of hand: the quickness, and plausibility, of the mouth deceives the ear.

Often the aim is not to make an immediate monetary gain, but to garner further information, which will make the scheme at hand run more smoothly.

But in our brave new world, technology, not a smooth tongue, offers the multiplier the fraudster needs.

Fingers on a computer keyboard
Who needs charm when you have technology?

"Forty years ago I needed a huge machine to forge a realistic cheque," says Frank. "Now I can do it with Photoshop in 10 minutes."

And to complete the job, who needs to sweet-talk a clerk to get the name of the company officer who signs the cheques when the annual report, downloadable off the internet, will supply the signature on glossy, camera-ready stock?

Sweet talk

But even amidst the technological aids to illicit behaviour, old skills die hard.

After all, what is a phishing scam - that innocuous email, purportedly from your bank, which asks for your details to avert a security problem - but a form of social engineering?

The attempt on Sumitomo was made thanks to devices plugged into computers on site. It seems likely that social engineering helped those responsible sweet-talk their way in.

Hackers the world over attest that people are often the weakest point in any computer security set-up.

And high-stakes embezzlement is made much easier with a spot of sweet-talking thrown in.

"You could ring a firm's Accounts Receivable department," says Frank, "and tell them that there's a debt I want to settle."

Immediately, the incentive is there: someone wanting to give the firm money, rather than take it away.

"Then you ask for bank details, routing information, SWIFT codes - everything you need.

"Every system, every technology, every document has a flaw somewhere. All you're doing is finding that flaw and manipulating it."

Leonardo DiCaprio as Frank Abagnale
Was Frank's brand of fraud a product of its times?

Moreover, technology and social engineering can complement each other.

A search engine can be the best friend a fraudster has, making it much easier to find the incidental information that fills in the gaps in a cover story.

Right side of the law

And then, of course, there are the legitimate uses of this kind of technique.

Banks and other large organisations are not only the victims of social engineering; they can perpetrate it too.

For instance, US banks are legally obligated to ask customers whether they want to opt out of having their details sold on to other firms.

Two sentences and a simple tickbox would probably suffice. But instead, some send out a six-page form filled with legalese in tiny type.

"I've shown it to lawyers before now, and they can't make sense of it," Mr Abagnale says.

The poor, uncomprehending customer, therefore, tends not to sign it - a move that leaves the bank free to do whatever it wants.

Not perhaps the most respectable exploitation of social engineering - but there are ways of deploying it on the side of the angels.

In recent years, absconding felons in several US states have found themselves receiving - through relatives, friends or last known addresses - invitations to accept lottery prizes.

Many of them duly reappeared - only to be arrested by the local police, who had set the whole thing up.

There may, after all, be life in the old con yet.

Fighting back on ID theft
09 May 06 |  Business
Research reveals phishing hooks
05 Apr 06 |  Technology
Boom times for hi-tech fraudsters
28 Sep 05 |  Technology
The enemy within
17 May 05 |  Business
How not to win a million
22 Jun 04 |  Business

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific