A common racket is for hackers to break into someone’s online address… (Jack Dempsey, Associated…)
If a major company found out that a scammer was using its name to defraud people, you'd think it would do everything possible to nab the guy.
Is it any wonder there's only about a 2% conviction rate for identity theft cases, according to law-enforcement authorities?
Western Union figures prominently in various scams involving people being duped into wiring money abroad. A common racket is for hackers to break into someone's online address book and then send emails to all your friends seeking financial assistance.
Mark Stechbart, a political consultant and privacy advocate in the Northern California city of Pacifica, received just such an email the other day, ostensibly from his friend Paul, who, according to the message, was in big trouble in Manila.
"We were mugged at the park of the hotel where we stayed," the email related. "All cash, credit card and cell were stolen off us."
It went on to say that the local police and U.S. Embassy weren't able to help. Moreover, the hotel was demanding that its bills be paid.
"I promise to refund it to you as soon as I arrive back home safely," the email pledged. "You have my word!"
The fishy circumstances, the bad grammar — it's not hard to spot this as a con job. Stechbart's suspicions were confirmed when he called Paul (the real one) and found him not in the Philippines but playing golf nearby.
"I could have gone and had lunch with him," Stechbart said. "He was just down the street."
Out of curiosity, though, Stechbart decided to respond to the email and see what would happen. "Let me know what I can do," he wrote.
A few hours later, another email arrived relating that Paul (the bogus one) needed $1,950 to square his Philippine hotel bill and other expenses. Stechbart was instructed to wire the money to a Western Union office in Manila.
Stechbart said he'd get right on it. He then contacted Western Union to report that he had a live scammer on the hook and to provide all the information the company would need to catch the guy.
"I couldn't believe it," Stechbart said. "They told me that they couldn't do anything. They suggested that I try my local police department instead."
The population of Pacifica is less than 38,000. The local police department has about three dozen officers.
"We get things like this all the time and there's nothing we can do," Capt. Fernando Realyvasquez said. "Local law enforcement agencies just don't have the resources to deal with this."
Western Union, on the other hand, has three offices in Manila. In theory, the company could have a local representative contact local authorities and help arrange a sting.
After all, this con artist has apparently been active for a while. A search for the scammer's Manila address turns up a January blog posting from someone who similarly said her contact list had been hacked and a request was emailed to friends for $1,950.
But Western Union's response to Stechbart was to shrug its shoulders.
Peter Ziverts, a company spokesman, acknowledged that this may be an unsatisfying response to customers.
"We get calls like this from good, conscientious people who want to do the right thing," he said. "We'd like to help."
Trouble is, Ziverts said, Western Union feels like its hands are tied. For example, a scammer in the Philippines could pick up wired cash from any location in the country, not just Manila. So how can you run a sting operation?
Moreover, what would a Western Union agent do if a known scammer came into an office? "We won't put our agents at risk," Ziverts said.
So the company could do little more than notify local police, which wouldn't accomplish much because "they have their hands full with other things," he said.
I sympathize. It's not Western Union's job to uphold the law. That said, there's no denying that the company is routinely exploited by fraudsters to rip people off, and as such it has some responsibility to at least make that more difficult to do.
"We know this about fraudsters: They always seek the easiest road," said Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University. "If you make it harder, they'll go elsewhere."
He said Western Union could implement more stringent identification requirements when people pick up money. As it stands, all you typically need is a single photo ID.
"How about making them give a thumb print?" Cate asked. "If you try to cash a check at many banks where you don't have an account, they'll ask for a thumb print. If Western Union did this, it would likely deter many scammers from using the company. What scammer would want to give a thumb print?"
Along the same lines, I'd suggest requiring people to pose for a photo when they pick up wired cash. I think most honest people would accept this as a necessary precaution, just as we put up with all those security hassles when we fly. Most bad guys would probably balk at having to face a camera.
You can't prevent fraud. But you can make it harder for perpetrators.
If I ran a company that was repeatedly being dragged into crooks' schemes, I'd be doing everything possible to remedy things. Western Union could be doing better.
David Lazarus' column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5. Send your tips or feedback to firstname.lastname@example.org.