In which we travel three quarters of the way across the continent, to Ottawa, Canada — and move up several social and income brackets — to look at another case of identity theft that seems quite different on the surface but has many underlying elements in common with the scam, perpetrated on an Oregon farmer, that we studied in Part I

High visibility

A prominent Ottawa, Canada, physician (who shall remain nameless for purposes of this case study) recently found himself the target of a cyber crime attack focused specifically on him. It was just the sort of gambit that Internet security specialists and law enforcement officials have been warning us about in recent months.

The cyber equivalent of a classic conman’s ‘sting’, the gambit could have cost many family members, friends and associates of the popular gynecologist a lot of money — a total in excess of (US)$100,000 — if all those solicited had paid up as instructed. As it was, the escapade cost some of the potential victims considerable concern and definitely cost the doctor his long-awaited, hard-earned vacation.

Key similarities

Our doctor fell prey to a somewhat different sort of scam but his experience and the Oregon farmer’s (see Part I) share some key points in common: The objective of both cyber crimes was theft, the perpetrators were professional crooks and the crimes were both planned in such a way that they could not have been pulled off without the ‘help’ of the Internet.

And the doctor, like the farmer, may also have unwittingly informed the crooks in his case that he would be away.

The best of intentions

Before he left on his trip, the good doctor conscientiously mass-e-mailed everyone on his contact list that he would be away for a specific period of time — more than 100 recipients, any one of whom could have acted on the information themselves or, more likely, passed it on to third parties (i.e.- the crooks).

Armed with the knowledge of his plans, the crooks apparently extracted the contact e-mail addresses from a copy of the doctor’s own message and sent every last one of them a new message, purportedly from him, stating that the doctor was not at his favourite mountain resort but was, in fact, in Costa Rica on an emergency trip to help a family member who was ‘in trouble’ down there. The message went on to ask that the recipient immediately wire (US)$1,000. to an account in the Central American country, which is known worldwide as a financial ‘anything goes’ zone. The transfers would, effectively, have been untraceable, allowing the crooks to make a clean get-away.

But at least a couple of the doctor’s closest associates smelled a rat when they received the crooks’ e-mail ‘cheese’. One had the presence of mind call the doctor’s wife’s cell phone before making any kind of response to the cash request and she quickly set the story straight.

Electronic countermeasures

The Doctor immediately e-mailed everyone on his contact list again, assuring them that he was alright and warning them that the ‘Costa Rica’ message was a scam. He also, of course, notified police.

However, the authorities admitted that the chances of tracking down the perpetrators were very slim. The doctor’s actual e-mail contacts were all ruled out fairly quickly as candidates for the crime and police opined as it would be all but impossible to prove that any one of them passed the information about the doctor’s vacation plans to someone else who, unbeknownst to the contact, would use it for criminal purposes.

Some points to ponder…

Thanks to the Internet, the whole scam took less than 12 hours to play out — from the time the baddies sent the cash request to the addresses on the purloined contact list to the point where all the innocent parties involved were finally in-the-know and the danger had effectively passed.

Although no one who received the bogus cash request reported having sent any money to Costa Rica before they were informed that the request was a scam, authorities say there is no way of knowing how much money the crooks in this case may actually have gotten away with. They note that people who have been taken in scams such as this one are often reluctant to admit it. Chalk up yet another one to human nature.

Finally, both the farmer and the doctor now know that you can still have your identity stolen, no matter how careful you are with your user IDs, passwords, credit cards, ATM PINs, bank statements, account numbers, cancelled cheques, paid bills or personal ID documents.

And, now, you know, too.

Leave a Reply