A Former Fraudster’s Tips for Protecting Your Personal Information in a Connected World
Technology is evolving so fast and is ever increasingly integrated into our world. It’s becoming less and less effective for criminals to just attack tech. So they’ve found a new way in – through human nature. Fraudsters manipulate the psychology of trust to trick us into helping them steal from us. And data is crucial to those strategies. That’s why, in an ever-more-connected world, it’s more important than ever to protect personal information. Knowing their tactics and protecting your info is key to protecting yourself
See Confessions of a Fraudster with Tony Sales for a complete transcript of the Easy Prey podcast episode.
Tony Sales was once dubbed Britain’s Greatest Fraudster. As a child, he was drawn into a world of crime, which led to an adulthood committing and managing various types of scams and fraud. After spending years as a fugitive, Tony went to prison, and while there he had an epiphany. After getting out, he started using his expertise to fight the same kinds of crimes he used to commit. Now, Tony is one of the world’s leading authorities on social engineering, fraud, and cybercrime, and is the cofounder of We Fight Fincrime. He talks a lot about topics like money laundering and staying safe online. The biggest risk we face right now is human vulnerability, and he continues to work day in and day out to fight these types of crimes.
Human vulnerability is by far the biggest risk that we all face today.
Tony Sales
From a Life of Crime to a Crime-Fighter
Tony’s parents had both abandoned him by the time he was a few days old. He was raised by his grandmother, and ended up in a life of crime early on. He recalls being seven years old when one of his uncles lowered him down into a pub to unlock the door so his uncle could rob the place. And Tony loved it. His grandmother didn’t have money for nice shoes and the fun things kids want. Tony wanted to have the right things to fit in with the other kids. Crime seemed like a great way to get what he wanted.
He started out going door-to-door doing fake fundraising – convincing people to sponsor him to do something for this or that cause and keeping the money. By the time he was sixteen, he’d figured out how to clone credit cards. He wasn’t a particularly tech-savvy kid – he was just driven, motivated, curious, and willing to try new things.
This small start led to him spending three decades of his life as the left-hand man of an influential figure in the UK’s criminal underworld. A lot of being a good at business is just being a good middleman – understanding how the business works, what value you add, and what value the people you bring to the business add. The same is true in crime. Tony was involved in all sorts of things, from fake Rolex scams to mortgage fraud. For him, it was just business – other people did the dirty work, he just supervised. A lot of his role was meeting people who owed the crime organization, figuring out what assets and resources they had access to, and determining how the group could use them to facilitate more scams.
The Turnaround
It was the early 2000s. Tony assumed that the police were still looking for break-ins and physical crimes and hadn’t yet caught on to things like identity theft. People weren’t thinking as much about the need to protect their personal information, and the crime organization was already great at using that data for nefarious purposes. And Tony got cocky. He got caught stealing identities. At that point, he had kids and his wife was pregnant. So he went on the run.
After six years as a fugitive, Tony got caught for real and went to prison. When you’re as high in the crime world as Tony was, going to prison isn’t necessarily a terrible thing. You won’t be doing a life sentence, and you’ll get to see people you haven’t seen in a while. It’s basically networking.
But while he was behind bars, his wife and kids came to visit. On their first visit, his son spent the whole time crying. Tony realized he was passing the trauma of being abandoned by his parents onto his kids. Every parent Tony knows feels the same way when their kids are upset – they love their child and want to fix it. Knowing that his kids were suffering because of his decisions changed him. He realized his kids were ashamed of him, and he wanted to fix that. That moment in prison spurred Tony’s switch from the side of crime to the side of crime fighting, which led to the birth of We Fight Fincrime.
Criminals Don’t Follow the Rules
Most people follow the rules and assume others will, too. It seems obvious to say, but criminals have a completely different mindset. What sets them apart is their willingness to push the rules and to think differently. Tony’s not a computer genius, but because of his criminal mindset, he comes at situations with a different perspective and will come up with things you never considered.
What sets the criminals apart is how far they are willing to push the rules.
Tony Sales
Rules were never a structure for Tony. They were something he knew other people put into place, and that he thought he could bend and push. As a society, we agree on what the rules are and that we should follow them. Criminals simply choose not to arrange their lives around those rules. Rules also get outdated sometimes, so we have to be able to change them to adapt.
In the penetration testing (pen testing) industry, a lot of security is about checking boxes and following rules. But criminals don’t pay attention to checkboxes. They’ve already broken away from the whole structure of the rules. It’s hard to defend against that because the industry is run by decent and honest people who don’t think like criminals. Criminals are endlessly creative in finding ways to get what they want.
[Criminals] have already broken out of the rule structure, and we’re trying to defend it with a whole load of tick boxes.
Tony Sales
Criminals are Adaptable
Nowadays, people doing security talk about thinking differently. But whenever they try to come up with a scenario, it’s almost always a James Bond story. Say the scenario is trying to get into a secure area. Honest people will come up with something like taking a ladder on a building across the street and using that to cross onto the roof. But a criminal would just bring a dog leash, walk up, and say, “Hey, my dog ran off into your land, can you help me find him?” They’ll come up to the front door with a story and count on people’s empathy and natural kindness to let them in.
Sometimes Tony answers phishing calls just to see what their strategy is. They always have an answer for everything. Any problem that you give them, they have a workaround. They’re quick and adaptable. They know what their goal is and how to exploit human nature. No matter what the security process is to protect your personal information or your money, they have a way to get around it because they’re adapting in the moment.
These scammers on the phone at call centers are salespeople. Whether they’re trying to earn money or trafficking victims trying to stay alive, their goal is to “sell” the scam. They have scripts, and those scripts are good. They do work. But the best scam salesmanship uses social engineering. They probe for small pieces of info, then use it against you to make the story sound more realistic and compelling. The more data they have on you, the more effective it will be. That’s why it’s essential to protect your personal information.
Social engineering is being able to sell something [by] taking small pieces of information and just utilizing it back on the victim.
Tony Sales
Criminals Want Our Personal Information
Phishing happens a lot of different ways. Traditionally, we think about phishing as emails. But it can happen over the phone. In fact, phone calls are one of the most crucial places to protect your personal information. Sometimes scammers and criminals call not to scam you right then, but to fish for things they can use later. (That’s where the term “phishing” comes from.) Understanding how it works and why it works helps us protect our personal information better.
Understanding how criminals might phish us allows us to understand how to defend against that stuff in a much better way.
Tony Sales
Hacks are another place criminals get information. If you pay attention to news, you’ll hear about hacks and breaches all over the place. Tony doesn’t expect that to slow down any time soon. It’s terrifying the things some of these people can do. Quantum computing is cool, but we’re also going to see quantum hackers. Criminals are always going to take what they can and exploit it as much as they can.
The scary thing about data is that it’s still useful even if it’s old. Think about the Equifax breach. It exposed the financial info of 143 million people. If you were in it, you probably have different account numbers and such now – but think about what a wealth of information that still is. Tony has seen entire databases for sale on the dark web for as little as fifty cents. The old saying was that a criminal needed three pieces of information on you to attack you, but these days they really just need your name and phone number. With just those two bits of information they can create some really sophisticated attacks.
We Have to “Patch” Humans
No matter who we are and what we do, we all have to protect our personal information because we are all at risk. Even if it hasn’t happened to you yet, you’re still a target. Cybercriminals don’t care. As employees and as consumers, we have to arm ourselves with the correct information to defend ourselves and our companies. We have great tools and protections for tech systems. But for humans, what do we have? Training courses to click through. The information is important, but because it’s so boring, it doesn’t stick. And we need it to stick to “patch” the vulnerabilities inherent in us.
We have to patch humans, that’s what we’ve got to do. We’ve got all this great stuff over here for tech, but … for humans we’ve got a click-through course.
Tony Sales
We have to know how to protect our personal information and company information. Knowledge empowers us in every area of our lives. We need to know what keeps us secure, what’s suspicious, when to ask questions, and what questions to ask. And we need to be less obsessed with friction. Friction is security. And it’s annoying until you’ve lost a lot of money – then you start asking why there isn’t more.
People still give away their passwords, despite millions of dollars in global awareness campaigns about why you shouldn’t do that. As humans, we mess up sometimes. We have to be honest about that before we can start to fix it. Paranoia isn’t the answer, but we have to do something. The internet is amazing and life-changing for so many people. But a lot of bad stuff happens on it, too. We have to work together to be able to keep taking advantage of the benefits without getting hurt by the bad stuff.
Friction Matters for Security
Friction in transactions is what keeps people safe. If businesses want things to be frictionless, they have to accept the losses. Tony has always said that no loss is acceptable. After all, nobody would accept it if someone broke into their house but only stole 2% of their stuff. But in business, it’s part and parcel of what happens. If we want to do transactions at a fast rate, it’s part of doing business. And customers want to be able to send money to people now.
It comes down to, if we want frictionless, we have to accept the losses.
Tony Sales
In the end, it comes back to everything else. Know Your Customer (KYC) systems need to be built correctly and in a way that understands how and why they’re supposed to work. Identity verification systems need to be built correctly. Unfortunately, when there’s money to be had, investors invest, and companies jump on bandwagons, products can come to market without being able to do what they say they can do. That’s happening especially with AI – people don’t understand it and so they assume it can do a lot of things it actually can’t.
The reality is that people don’t understand how friction helps them. If people knew how friction helps you protect your personal information and keep you safe from scams and fraud, they’d embrace it. But because we don’t know, we just want everything faster, faster, faster. But many of us also know scams are out there – so it’s moving fast but we’re still scared, because what if we’ve been tricked? And the answer for security isn’t necessarily tech. Right now, we can make great gains in security on the human end.
There’s No Perfect Solution
There is no single, unified, perfect solution. The problem exists for consumers, businesses, and even governments, and they overlap in ways that are mutually exclusive. Solving the problem in one area won’t solve it in the other two – and may even make it worse. Tony recently had a debate with a guy online about whether kids under sixteen should be banned from social media. He understands why people want to do that. But think about a whole stream of people getting online with no experience in protecting their personal information and avoiding scams on social media. They’d be walking right into criminal attacks they’re nowhere near prepared for.
Overall, security is slowly but surely getting better. We’re getting better at defending against attacks from foreign states. Years ago nobody had any idea what phishing was, and now we’re all pretty familiar with the concept. Wifi is getting more secure. And Tony things we’ll see more hackers going to prison, coming out, and deciding to fight for the good guys instead. Learning from them will be critical.
When it comes to attacks, Tony likes to use a soccer metaphor. If you’re playing a game against Pelé or Messi, one of the soccer greats, you’re not going to be upset about losing. You’ll be proud of yourself for anything you manage to do. We underestimate criminals like that. They’re the Messis of crime, always coming up with the latest brilliant attacks. It’s natural that we won’t be able to beat them all the time. We also need to make more jobs available for people like that – we want that skill on our side, defending us.
Learn more about Tony Sales and We Fight Fincrime at wefightfincrime.com. You can also follow Tony, connect with him, and ask questions on LinkedIn.
Related Articles
- All
- Easy Prey Podcast
- General Tech Topics, News & Emerging Trends
- Home Computing to Boost Online Performance & Security
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy Topics to Stay Safe in a Risky World
- Online Safety
- Uncategorized
A Former Fraudster’s Tips for Protecting Your Personal Information in a Connected World
Technology is evolving so fast and is ever increasingly integrated into our world. It’s becoming less and…
[Read More]
Awareness and Safety Go Hand-in-Hand: Tips to Protect Yourself
Scams are often (though not always) technology-based, and physical danger happens in the physical world. But both…
[Read More]
We Created EasyPrey.com Scam Help Page to Help You
WhatIsMyIPAddress.com and our sister website, EasyPrey.com, focus on providing content and links to information and resources for...
[Read More]
EasyPrey.com Resources for Scam Victims
We’ve compiled a list of resources for all victims (and near victims) of scams, fraud, and identity…
[Read More]
The BBB Scam Resources Are There to Help You!
The Better Business Bureau is on YOUR side, helping consumers with real-time scam tracking, which you can...
[Read More]
Amazon Scams Come in All Shapes and Sizes. Are You Prepared?
Tell Amazon ASAP if you’re a victim of a delivery scam. Amazon takes fraud and scams quite...
[Read More]