Security Experts:

Identity Theft Goes Hyperlocal

A big city newspaper is impersonal. You don’t know the people in it, and they don’t know you. But a small town newspaper is deeply personal. There you see the opinions of people you actually know. You see pictures of officials you elected and met for coffee in their home when they were running for office. But the most intimate exposé unfolds in the police log. There you see what happens when bucolic suburban life goes bad.

Sometimes it’s humorous. Editors of small town papers have more leeway, like the description in the police log of a 911 call from a startled homeowner returning from vacation and finding a rabid animal in their kitchen. The caller saw the beast and alerted the authorities immediately. Upon investigation, the intruder was determined to be a moldy squash. The paper was kind enough to save face for the homeowners by noting that squash are known to be the most vicious of the gourd family. Needless to say, I love the police log.

Reporting Identity TheftBut as a privacy attorney, the police log has become the bellwether of cybercrime. Sandwiched between reports of iPhones stolen from high school lockers and smashed mailboxes were three reports of cyber-oriented crimes in my town’s local paper. This is remarkable in that only twelve items made the police report. A quarter of all incidents were cyber-related. They included the following:

10:32 p.m.—Tuesday A resident on Wood Street came into the station with copies of emails from an organization stating that she had won a large sum of money and requested payment of $5,000 as a processing fee. The resident was advised that she had not, in fact, won the lottery.

12:46 p.m.—Tuesday A resident on Wyman Road received an email from someone claiming to be the IRS. The resident sent off her bank account number and personal information. Afterwards, she suspected fraud and closed the bank account before any withdrawals were made.

7:47 p.m.—Friday A resident of Abbot Road reported they received an email allegedly from PayPal. The emailed stated the personal information in his account needed to be fixed. The resident complied and four days later there were four unauthorized transactions made in England just under $500. PayPal is investigating the matter.

This affected me profoundly. Folks who live in my town think of it as a pretty safe place. I went on a ride along with a police officer once in town and had a pretty uneventful evening. The officer said his job is to protect folks inside the town from folks outside of the town. But law enforcement isn’t going to do anything for you when the person from outside of the town comes in through a CAT 5 cable.

I asked a local police officer if it even makes sense to bring incidents like the ones above to the station. He said there’s really nothing the police are going to do. It’s not like they’re sending an officer to England to track down the thief behind the PayPal scam. So when it comes to cybercrime, the police really can’t and aren’t going to protect residents of my town. The same goes for all towns and cities. Unless you’re talking a high six-figure theft, no officer is getting assigned to your case. Where else does this math play out? What if all crimes came with a $500,000 threshold for prosecution?

The real point that was brought home for me as I read that police log is that all the hype computer security companies have been broadcasting for years has become much more than hype. It’s reality down to the level of your little hometown paper. And you’re on your own. It’s up to each of us to guard our personal information and privacy.

So should you take that bogus charge to the police and file a report, even though they aren’t going to do anything? The answer is “yes.” That report will help you correct your credit report and deal with creditors who may want proof of the crime. And report the theft to the Federal Trade Commission at ftc.gov/idtheft. That FTC report may very well help law enforcement correlate the theft and purchases and lead them to the perpetrator or crime ring.

And don’t mind that your report is going to be in the police log. That’s where all the good stuff is anyway.

view counter
Gant Redmon, Esq., is General Counsel & Vice President of Business Development at Co3 Systems. Gant has practiced law for nineteen years; fifteen of those years as in-house counsel for security software companies. Prior to Co3, Gant was General Counsel of Arbor Networks. In 1997, he was appointed membership on the President Clinton’s Export Counsel Subcommittee on Encryption. He holds a Juris Doctorate degree from Wake Forest University School of Law and a BA from the University of Virginia, and is admitted to practice law in Virginia and Massachusetts. Gant also holds the CIPP/US certification.