In my book, The Psychopath Epidemic, I talk about how psychopaths in power can influence entire organisational cultures to become psychopathic. Even societies can become psychopathic (for example, Germany in the 1930s and the United States today).
Organisational cultures can become psychopathic to such an extent that the behaviours that should be shunned in fact become something they are proud of.
As a young man, one of his first jobs was as a repossession agent. Having worked as one of those myself when I was about the same age, it’s a profession well suited to psychopaths. I hated it. It was soul destroying.
“When we hire somebody around here, we want to know how much you care, before we care how much you know,” he says, without the slightest hint of irony as we sit with him at his San Francisco office. “We call our employees team members, not employees. Employees denote an expense to be managed. Team members are an asset to be invested in.”
Wells Fargo: The Bank That Works, Forbes, Jan 25, 2012
In this same Forbes article from 2012, they talk about what a heartwarming departure he was from other banking executives:
All of Wells Fargo’s 264,200 “team members” receive a 37-page book, Vision & Values signed by Stumpf, full of warmed-over prescriptions for how to behave, treat customers and, above all, increase revenue. But in a field where sayings like “every man for himself” and “eat what you kill” have led to blunders of historic scale, it’s also a welcome departure.
Wells Fargo: The Bank That Works, Forbes, Jan 25, 2012
Which I guess just goes to show that we should never believe corporate PR.
Disclaimer: I’m not suggesting Stumpf or any Wells Fargo people are psychopaths. But this is the kind of behaviour we should expect from psychopaths and psychopathic organisational cultures.
PS: Warren Buffett’s Berkshire Hathaway are the biggest shareholder in Wells Fargo. Charlie Munger, Buffett’s partner, calls what happened at Wells a “blind spot”. Warren referred to it as a “big mistake“. As listeners of our investing podcast, QAV, would know, I’m a big fan of both Buffett and Munger, certainly as investors, and they have a reputation for very high ethical standards. And I don’t expect investors to be responsible for corporate culture of the companies they invest in. But it’s disappointing to hear them dismiss this kind of behaviour as just big mistakes and blind spots.
The financial services industry is reputed to be over-represented with psychopaths. In my book I talk about the recent Australia Banking Royal Commission as one example of how the industry seems to attract them en masse. It’s hard to read this story about “cum-ex” fraud without thinking a lot of the people tied up in it, including the lawyers, might be psychopaths.
One of the German lawyers involved in stealing tens of billions of dollars from public treasuries reputedly said:
“Whoever has a problem with the fact that because of our work there are fewer kindergartens being built,” Dr. Berger reportedly said, “here’s the door.”
This is why I argue that the number one thing we can do to stop psychopaths from destroying the world is to implement psychopath tests of all managers across all kinds of organisations.
One of the guys who created the CIA torture program says that waterboarding a prisoner, who has been held in jail for 13 years and never charged with a crime, over 80 times, only “verged” on breaking the law. Gee, I’d hate to see what ACTUALLY breaking the law looks like.
Imagine what kind of person you have to be to get paid $80 million to design a torture program.
One of the downsides of technology is that it makes it easier for bad people in distant lands to do bad things. A couple of years ago we got hacked and learned some good security lessons as a result. They might help you avoid finding yourself in a similar situation.
A couple of years ago, my mobile phone number and Chrissy’s mobile phone number were both fraudulently ported to another carrier – meaning somebody set up fake accounts with a phone carrier in our names, then requested that new carrier transfer our numbers over from our existing carrier. This is known as “number portability” and was set up years ago to make it easy for people to change service providers. Of course when they did that, nobody foresaw the day when mobile numbers would be used as authentication for bank accounts, etc. All they needed to provide to port our numbers was our mobile number, name, DOB and address. Pretty easy information to get, especially if they have access to your Facebook profile, etc. The number gets ported over to the new carrier within minutes and our phones were left with “SOS Only”. No signal. No carrier. If you’re lucky, you get a SMS message just before it happens. Chrissy got one – I didn’t. But it wouldn’t have mattered anyway, because we were camping and didn’t have much reception.
Once the hackers have access to your phone number, then any account where you have 2-factor authentication (2FA) connected to that number (eg bank accounts, email accounts, Dropbox, any cloud service) can be lost minutes later. The process is simple. They try to login to your online account (which requires them to know your email address or bank account number) – and check the “Forgot Password” box. That generates a six digit code which is sent to the mobile number as a text. They enter that number online and then create a new password. They can also change the email address on the account, the security questions, etc. And, of course, empty the bank accounts – which is what they did to us.
They also took over a couple of my email accounts which, of course, they use to try to find out things like your bank account number, family details (birthdays, names, passport numbers, etc). All of which they can use for further identity theft. All of this took a few minutes from start to finish.
Fortunately we got our money back quickly (although I had to play hardball with the bank). We also got our mobile numbers back, that took a few days. And with those I could retrieve the lost email accounts.
So that’s how it happens. Here’s what I did afterwards to try to prevent it happening again.
Remove my public mobile number from all forms of 2FA.
Where possible, use a physical security token for 2FA for things like bank accounts. I set up new accounts with a new bank, got tokens on our accounts, and locked the accounts down so the token is required for every login. It means always having the token on my person but that’s a small price to pay.
Where a physical token isn’t possible, try to use a Time-based One-Time Password algorithm (TOTP) authentication app, like Google Authenticator. It works for Gmail, Dropbox, Evernote, Stripe, Facebook, Twitter, PayPal, etc. You need to provide a six digit code for every login and that code is provided the app on your phone (not the mobile number on the phone). An alternative is something like Yubikey, a USB-based physical token but support for Yubikey isn’t widespread yet.
Where I can’t use a physical token or GA, I have set up a separate, totally secret mobile number. It’s on a SIM card which is sitting in an old iPhone 4 I had lying around which surprisingly still works. It’s only purpose now is to receive 2FA texts. The number will never be made public and therefore should be difficult to fraudulently port.
Hope you find that useful. I highly recommend setting something like this up. ID Fraud is apparently a lot larger (and easier) than I previously understood.
If you want to receive updates on my efforts to put together a global force of psychopath hunters, as well as news about my books, films, podcasts, public appearances or notification of my ultimate demise, please sign up to this newsletter.