How would you feel if you saw an ad for a solar-powered clothes dryer and it was only $39? Excited? So were the hundreds of consumers who sent in their $39, only to receive a piece of rope in return. This was just one of the many scams run by an ex-con man name Steve Comisar.
I had a chance to talk with Steve while he is serving his time in prison. He was willing to talk openly about his past crimes, and how he was able to scam people out of millions of dollars. As social engineers we can learn a lot on what we can help our customers look for, as well as some tips on pretexting.
What follows is an amazingly honest and real interview with Steve.
Q: Who are you? Tell me about yourself?
A: I am a legendary con artist being ranked in the top ten by the FBI and many prestigious Internet sources. I am ranked second only to Frank Abignale the author and the subject of the film, “Catch Me If You Can” staring Tom Hanks and Leonardo Dicaprio. I am a guy with an exceptionally high IQ (195) who decided to use his gift of persuasion to become wealthy, exerting very little effort in the process. My true passion was acting appearing in many TV shows and commercials since a very young age. Incidentally, acting and conning are very similar, both requiring a great deal of natural skill. My book is in the Hall of Fame at the Association of Certified Fraud Examiners. I starred in a documentary called “Making Crime Pay” that is used to train many law enforcement agencies. This and other of my training videos and TV shows are on YouTube.
Q: So what did you do to land you in prison?
A: I landed in prison because I broke my own rule. Never go back to the same person you scammed twice. Of course, it’s easier to go back to the same well twice, but the risk of getting caught goes up greatly. I also got lazy thinking I would never get caught because I thought I was so good. Nobody is that good. And everybody gets caught.
Q: What methods did you use to scam people?
A: I used many, many methods to scam people. It is a combination of psychology, playing off their greed and many social engineering skills. The greatest scam is the “take away” where you actually tell the mark he cannot participate in the investment, etc… He wants it so bad that you finally let him beg you to get involved.
Q: What was another method of scamming you used?
A: I have a built in radar that tells me if the person I am dealing with is going to go along with my presentation. In person, I could walk into a bar and literally zone in on a woman, and based on her demeanor and body language, have an almost certain chance of getting her to come home with me and probably also “investing” with me. As for other methods, I used direct mail before the Internet, but now the Internet would work the same. I would make a promise or an offer “too good to be true” and then see how many fish went for the bait.
Q: Can you give me an example of some of them?
Some samples of direct mail or Internet ads I used. “Money To Loan” $10,000 and up. No credit – No Problem. 100% approved!
I would have then fill out a questionnaire and then call them back and tell them they were approved. Then I would ask for an “advance fee” or first payment in advance. Knowing they were approved for 20 or 50 large, the $1000.00 was nothing. They were begging to send it to me. Simple greed at work here. There are literally thousands of variations for Internet ads and the direct mail magazine type ads.
Other scams have been the telemarketing contest scam where people are called and told they won an expensive prize but first would have to pay some sort of fee. I gave away a new red Ferrari on TV once. It was a Matchbox!
Q: What pretext’s, if any, did you find more effective?
A: The pretexts that worked the best for me are the ones looking for lottery recipients or prizes of some sort. People think that they are getting something of value for nothing will usually volunteer all sorts of useful information. That and the long lost relative who died and left a huge inheritance.
Q: What pretext worked the best?
A: I would actually talk to the subject for a long time to find out all about him or her and then befriend them. Whatever I am selling, they are buying Steve Comisar not the oil well or the horse racing tips. There’s an old saying, “You don’t sell the steak, you sell the sizzle.” How true. First I make them like me. Then I let them know I really like them. The rest is easy. I just ask and they say yes. You have to have the confidence in yourself to control the entire conversation. You don’t ask, “Will you invest?” You say, “when’s the best time tomorrow for FedEx to pick up that check.”
Q: Did you do most of illegal activity in person?
A: I did over 90 percent of my scamming over the phone.
Q: How did you develop your pretexts?
A: Since I appeared in dozens of commercials and TV shows since a very young age, it was not too hard to pretext. I would develop my pretexts as an acting job. If I was going to meet a millionaire and try to sell him an imaginary oil well, I would literally become a Texas oilman with the boots, big belt buckle and all. Even the accent. I would not “pretend” to be the oilman, I would actually become the oilman. I was born with this gift. I used my gift in a good way to entertain the TV and movie viewers as Steve Comisar the actor. And of course, used my talents in a bad way to defraud people out of multi-millions of dollars. But all pretexting comes from my natural acting talent.
Q: What can people do to train themselves to pick up on scams like this?
A: If it sounds too good, it probably is. Use common sense and don’t let greed get the better of you. There is no free lunch. Read my book, “America’s Guide To Fraud Prevention” written under my aka Brett Champion to learn secrets to not fall victim to various frauds, watch my videos and TV shows on YouTube. Google: Steve Comisar for more information.
Q: How could what you did as a con man relate to hacking or penetrating a system?
A: I would find out the principal parties that I wanted to “penetrate” and find out as much as possible about each individual. A 10-year old can find out every single detail about a person from any of the various “information brokers” on-line like mydetective.com, Intellius.com, USSearch.com, etc… A standard credit header costs about $30.00 if you don’t have a monthly account. What you get back is all the persons relatives, their current and previous home addresses, phone numbers, e-mail addresses and a lot of other useful information. Then I would find the link where the target, would go on-line in a more personal basis.
Like if he belonged to a golfing blog, guess who would be showing up at the golf course? The same rules apply to penetrating a system as they do to con a wealthy socialite into handing over her diamond collection. It’s all a people game and it’s all psychology. When I get to the right person, get to know him online, befriend him in some manner (Through a mutual interest), than that is the key which opens the door and penetrates the subject.
In your book nearly every example of a successful penetration involved getting close to the subject in a very personal way. Computers don’t have friends. Successful con men and hackers/penetrators have many friends and can make new friends at the drop of a hat. It’s not the game that succeeds, it’s the player.
I met a woman president of a large corporation, bought her a few drinks, told her I loved her, and with 24-hours I had all the access (and priceless information) inside her companies hack proof computer system. That is an evil example. So a social engineer can be a good con man and visa versa.
Q: What will you do when you get out of prison?
When I am released from prison I fully intend to use my powers for good instead of evil. With what I know I can help a lot of people.