Honorary consul to Japan gets hard lesson on phishing
Nov 09,2007 00:00 by Peter Rowe

Over the telephone, Maria Olson sounded anxious. "Are you OK?" asked Olson, San Diego's honorary consul for Spain.

"I'm fine," replied Michael Inoue, San Diego's honorary consul for Japan. "I'm OK."

But at that moment, Inoue realized that he wasn't OK. In a crime that shook San Diego's tiny diplomatic community, he recently fell victim to a computerized mugging. Cyber thieves had pilfered his online address book and issued a sad - but bogus - letter in his name, saying he was stuck in Nigeria and needed cash.

"This mail has been going to everybody," said Inoue, a naturalized American and longtime San Diego resident with friends around the globe. "People have been calling me from France, from Colombia. I've heard from at least 50 people."

He's also called Google and the U.S. Department of State's Bureau of Diplomatic Security, a law enforcement outfit whose duties include assisting consuls.

"We just basically tried to help the guy out," said L. Kendal Smith, a spokesman for the agency.

But the State Department, like law enforcement everywhere, has been helpless to halt "phishing," a term describing numerous Internet scams. Sometimes, phishers swipe victims' credit card or bank account information, and rob them directly. In this case, phishers asked Inoue's online contacts to wire funds abroad.

While embarrassed to learn that he had been conned, Inoue has plenty of red-faced company. The Anti-Phishing Working Group, an international organization, reported 28,888 phishing attacks in June alone. Consumer Reports estimated that Americans have a one-in-four chance of becoming online crime victims; in the past two years, these schemes have cost U.S. citizens $7 billion.

Inoue was victimized this month, while checking his Gmail, an e-mail account provided by Google. A pop-up message, complete with the Google logo, told Inoue that he needed to make more room for his files. To complete this maneuver, the message noted, Inoue needed to enter his password in the space provided within the pop-up.

He did.

"The next morning," Inoue said, "I got up and could not log in. Someone had taken my password and changed it."

Meanwhile, Inoue's associates had received an e-mail of remarkable pathos and broken syntax: "I am really stranded in Nigeria because I forgot my little bag in the Taxi where my money, passport, documents and other valuable things were kept on my way to the Hotel am staying, I am facing a hard time here because i have no money on me."

After spelling out the bottom line - $3,500 by Money Gram or Western Union - the note urged recipients to hurry.

"I am sending you this e-mail from the city Library and I only have 30 min, I will appreciate what so ever you can afford to send me for now and I promise to pay back your money as soon as i return home so please let me know on time ... "

To the best of Inoue's knowledge, none of his friends or colleagues took the bait. But several were tempted, as the message seemed almost plausible. "Michael travels quite a bit," said Kathrin Mautino, San Diego's honorary consul for Finland. "It wasn't inconceivable that he would be traveling in Africa."

Still, Mautino was skeptical. She forwarded a copy to the head of the local consular corps, Maria Olson.

Her reaction: "This looks so odd. If he really was stranded, he'd contact his family. Or the consulate of Japan. Or a lot of other things."

She called Inoue, who assured her that everything was fine.

A week later, it still wasn't. While Google has shut down the hijacked Gmail account, Inoue remains shut out of the system. And even though his e-mail did not contain any your-eyes-only diplomatic messages, Inoue is mortified.

"I can't believe I fell for it," he said. "I should have known better."