Former cyber criminal shares safety tips

The last time Brett Johnson was in Orlando he was on a the federal government’s most wanted list.  The U.S. Secret Service calls him “The Original Internet Godfather.”  Thousands of cyber criminals know him by the handle “Gollumfun.”

Johnson admits that, over 20 years, he raked in $4 million by stealing people’s identities and creating websites that trained a generation of cyber criminals. 

“We would teach them how to do it.  If they didn't have the money we would front them the money until such time as they can pay us back and the business grew from there,” Johnson said.

When he noticed the feds were on to those websites, Johnson says he developed the kind of tax return fraud that the Internal Revenue Service warns about each year at tax time. 

"I was able to file [one] return every four minutes, eight hours a day, bam bam bam bam bam! I couldn't set up accounts fast enough to do this,” he said.

Johnson figured out he could get the IRS to deposit tax returns onto a prepaid debit cards and took off on a cross country spending spree that ended in Orlando in 2006, when the U.S. Secret Service caught up to him and locked him up in the Orange County Jail.  After that he spent seven and a half years in federal prison.  
Now, he’s turning the tables and trying to stop cyber criminals.

Johnson returned to Orlando this week to share his secrets with businesses at the Card Not Present Expo, and he told FOX 35 the top three mistakes people make that make cyber crime easy.  

First, Johnson says passwords are too weak.  Johnson said most people create complex passwords to protect sensitive financial information, but fail to adequately protect other accounts like email accounts, social media, or online dating accounts. 

“Well, why would a fraudster try to hit that? Well a fraudster will hit that because he knows that the chances of you using the same login and password [somewhere else] are probably pretty high.”

Mistake number two: putting too much information on social media.  Johnson said the criminals mine social media for personal information that banks ask for when you open an account such as birthday, mother’s maiden name or answers to questions that can help verify your account. 

“Banks are very good about asking car colors.  Ok.  Is there a picture of your car on Facebook.  Are you standing next to it someplace? If you are then, there's the color.  I've gotcha,” he said.

Finally, Johnson said people too often ignore updates to anti-virus software and firewalls. 

“It's important to take these steps to make sure you aren't this low hanging fruit that all these cyber criminals are looking for,” he said.