Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: scams

The True Story of a killer identity thief

Cyber Security Consumer advice

Posted on November 28, 2018

5 min read

Mexico fell for Michael Finkel. The charismatic New York Times journalist, now raconteur, was on assignment covering Mayan mysticism in 2001. He held easy court with tourists and locals; Finkel’s pursuit of the dangerous and different had thrust him on the trail of black-market organ traders, reporting the tragedies of the Gaza Strip’s dying child soldiers, and travelling in the leaky hull of a Haitian boat that almost killed him and 40 refugees.

Janina Franke, an amateur photographer, fell hardest for Finkel. After a chance meeting they travelled south where she would score a massive career break snapping photos of Mayan ruins for Finkel’s piece in the Times.

Michael Finkel at the IAPP conference. Image: Darren Pauli, Telstra Exchange

Franke made it to the Mayan port city of Tulum, 130 kilometres south of Cancun, but she never got her break. She watched as Finkel, real name Christian Longo, was pulled out of a cabana by a swarm of armed police bearing a US federal arrest warrant.

Longo had co-opted the identity of the real Michael Finkel having fled Portland, Oregan, where he was wanted for the gruesome murder of his wife and three children.

“He (Longo) chatted with tourists in Mexico about stories he said he had written, quoted from them,” the real Finkel told us while in Melbourne for the IAPP privacy conference. “They all unquestionably believed he was Michael Finkel from the New York Times.”

According to those he charmed Longo was polite and intelligent, “totally cool”, with a good sense of humour. He scrawled notes, memorised articles, and gave budding writers a fake Times email address to make his possession of Finkel’s character total.

Finkel heard of Longo’s exploits from a local journalist and soon arranged to meet the murderer then, and now, incarcerated on death row in Oregon State Penitentiary (there is a moratorium on executions in that state).

He did not, as some identity theft victims do, feel assaulted by Longo’s co-opting of his identity. Longo did not steal Finkel’s passport, drain his bank account, or hack his social media. He just studied the journalist to a level of intimacy that he could become him. The co-opting of identity made the journalist curious.

Longo first wanted to prove Finkel was the real Finkel. In a twist of irony the journalist struggled to answer Longo’s 13-question identity quiz that drew on minutia contained in Finkel’s stories filed over years. “It was this existential conundrum,” Finkel says.

Identity crisis

Longo, now 43, always wanted to be a globe-trotting journalist writing stories on the weird and wonderful. In short, he always wanted to be Finkel. Instead he married at 19 years-old, had three children, and over years turned a failing business into a web of deceit that would ultimately drown his family in debt.

His hijacking of Finkel’s identity at a time when Finkel was out of a job quickly drew the writer to Oregon State Penitentiary’s visitor’s centre.

Finkel says he would not ordinarily be drawn to speak to a murderer. He pursues curiosity and complexity, not distasteful and often unidimensional killers.

But it was the duplicitous character of Longo – a Proteus who in one instance was a witty and highly intelligent (his IQ was measured at 130) man and at another a mendacious murderer – that appears to have kept Finkel glued to what became an intensely personal story spanning years.

“If Christian Longo was sitting right here, he’d be funny, he’d be witty,” Finkel says. “You would have no idea he did something so unimaginable.”

Finkel tells the story in the nonfiction book True Story, also a major film adaption by the same name. He tells how he scrutinised Longo’s initial claims of innocence, witnessed how the murderer disassociated with his fellow death row prisoners, of whom many were also murderers, telling Finkel in a letter that he was “surrounded by so much degeneracy and perversion”, and watched and even assisted Longo’s attempts at redemption.

His latter act of redemption was a push to allow prisoners to donate their organs during their incarceration and at their point of execution. Reforms did eventuate that allowed prisoners to donate.

Finkel, himself now a father, has cut ties with Longo, and is pursuing his next story: a master art thief who stole a billion euros worth of art.

“I’m genuinely interested in these people,” he says. “More than, say, CEOs and popstars.”

Beat scammers, score deals, this Black Friday

Cyber Security Consumer advice

Posted on November 23, 2018

3 min read

Black Friday, the US$5 billion mega sales event infamous for its crowd-crushing stampedes and squabbles, lands today. And scammers are ready.

The post-Thanksgiving sales day has remained the busiest on the American calendar since 2003 when it overtook the weekends leading to Christmas.

While a chiefly American affair, Black Friday and its sister Cyber Monday have seeped into the Australian retail sector with many major retail outlets lining up cut-rate deals.

The sales bonanza makes it as much a magnet for scammers as the consumers they target.

Fake discount offers and dodgy pop-up web stores are the threats consumers are most likely to encounter, experts say.

Veterans in the anti- phishing and scam sectors in Australia tell us scam stores spun up by criminals on Facebook are the biggest of these threats to shoppers.

These stores, which Facebook actively combats, are often created and advertised on the social network as a place to buy brand name goods like clothing and jewelry.

Operators close the stores after orders have been placed and paid, running off with the proceeds and leaving consumers empty-handed.

Threats arrive in inboxes too. Fake discount vouchers and false offers of cut-rate goods are the most common here around Black Friday, also appearing as SMS, spurious websites and online advertisements, and in various instant messaging apps.

Phishing emails and messages, however, are unlikely to increase over this fourth quarter, contrary to long-standing suggestions by many cyber security companies.

Analysis of quarterly reports dating to 2013 from the independent Anti Phishing Working Group reveal no consistent increases in the number of phishing domains, emails, or targeted brands over the November-December period.

Any increase over quarter three of a given year is offset or exceeded by falls in ensuing fourth quarter. There is no consistent bump in the number of phishing sites or emails seen by the Group or reported to it by organisations and members of the public.

Veteran security experts in the space also agree phishing does not increase in the lead up to the festive break.

While an informed mind can avoid many sales scams, much of the fraud set to occur in the coming weeks will stem from attacks which shoppers can do little to prevent.

Online stores compromised by hackers lead to some of the biggest losses of credit cards. Criminals silently break into these stores and siphon and store card details as they are processed through checkouts.

Many cards are then sold in batches on illegal marketplaces and forums.

These attacks are often due to stores’ outdated content systems and payment checkouts, or to a myriad of common security flaws the fixes of which have been known for decades.

Shoppers may able to claim reimbursement for fraudulent purchases if they use a credit card or service such as PayPal.

Tips for staying safe online

Cyber Security Consumer advice

Posted on November 19, 2018

2 min read

We are constantly looking for ways to help our customers spot scammers and fraudulent activity in an increasingly connected world, where the rapid uptake of new technologies and increased connectivity provides many advantages, but also new avenues for crime and fraud.

Scammers can use multiple ways to get information from us. Deception is one way, where they try to trick or influence people into divulging confidential or personal information that then may be used fraudulently. This is called ‘social engineering’ and the scammers can get this information through phishing emails and scam calls. This information could then be sold online or used to facilitate criminal activity like identity theft or to access your bank accounts.

Often personal information is also found on the internet through social media accounts and can be used without an individual’s awareness. We encourage everyone to do a review of the security settings on their social media accounts, check that personal data is not publicly available and implement ‘two factor authentication’ – this is where social media companies provide an extra layer of security that requires not only a password and username, but also in some cases, you will be sent an email or text message with a security code to input.

Call scams by any name you want, but at the end of the day, they are designed to steal and trick you into surrendering your personal details, take control of your computer or launch malicious software (malware) which could steal your sensitive information.

We have some blogs that you can read that provide some handy tips:

Other online assistance can be found at:

Tags: fraud, scams,

Tips to help spot a scam email

Cyber Security Consumer advice

Posted on June 15, 2018

5 min read

Email is a great tool. It’s quick, available 24/7 and can be accessed from almost anywhere. However, those same conveniences are also afforded to scammers, who regularly use email to target their victims. Scammers also typically impersonate well-known companies – including Telstra – to make their scam emails more convincing.

What are scam emails?

Scam emails generally fall into two categories:

  1. Those that ask you to provide personal or sensitive information (phishing), or
  2. Those that include attachments or links intended to install malicious software (malware) on your device.

Ultimately, scams come in all shapes and sizes – some ask for personal or financial information, and some come with hidden nasties like malware. Regardless of what category they fall into, they’ll often impersonate legitimate company communications – like Telstra bills or correspondence – in an attempt to make them more convincing and trick the reader into providing the information, opening the attachment, or clicking the link.

What should I look out for?

It’s important to note that while these kinds of scams have evolved over time, the tips on how to protect yourself remain the same.

  • Listen to your gut. If you encounter something unsolicited, unexpected, too good to be true, or coercive, or anything that asks for personal or financial information, double and then triple check it by asking others, calling up the organisation on its official number or searching online for any background information on the sender or offer.
  • Beware of unsolicited requests for sensitive information – don’t open attachments or click on embedded links in emails or sites you don’t know or trust.
  • Pay close attention to the sender’s email address and any links in emails for anything that doesn’t look legitimate.
  • Never respond to a request for personal or financial information in an unexpected email.
  • Make sure you always apply the latest updates to all your devices and software.
  • If a phishing email contains information like an account number, cross check that the details correspond with the details on a previous official email.
  • Be suspicious of unaddressed or generically addressed emails, such as “Dear Customer”.
  • Beware of emails that include a zip file, an .exe or other suspicious attachment.

What should I do if I think I’ve received a scam email?

If you think you’ve received a scam email, here’s what to do next.

  • Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.
  • If you get a suspicious email, don’t reply to the email or open attachments or links.
  • If you do click on a link in an email and are directed to a website, do not enter any personal or financial information onto the site.
  • If you’ve received a scam email that looks like it’s from Telstra, tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
  • If you do open an attachment or click on a link, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.

What should I do if I think I’ve been a victim of a scam?

If you believe you have become a victim of a scam, there are a few tips we recommend to help you get things back under your control:

  • Stay calm. As frustrating as it is to learn that you may be at risk, keeping focussed and calm will help you manage your response properly.
  • Think carefully about what information, or access, you may have provided to criminals. Take an inventory and write down what you remember sharing or entering into any fraudulent web sites.
  • If you provided banking or other financial details such as a credit card number, contact your financial institution immediately. Be sure to monitor your accounts closely in the future as well.
  • If you provided any usernames or passwords, immediately change your passwords to a new and secure version.
  • If you’ve shared other personally sensitive information, such as your driver’s license number, Medicare, passport or contact details (such as your phone number or address), then you may want to visit IDCare at – they can help you formulate a response plan to address potential identity theft.
  • Consider filing a report to the Australian Cybercrime Online Reporting Network (ACORN). This will assist law enforcement become better resourced to provide assistance to victims.

Stay Safer Online

If you think you have been compromised by malicious software, spyware or a virus, our Telstra Platinum team can provide advice. And they can help you detect, remove, and protect your devices with Telstra protection services or by configuring what you already have. Call 13 75 87 or for more information visit

‘You got me’: Woman busts romance scammer after six month stint

Cyber Security Consumer advice

Posted on May 25, 2018

6 min read

It took six months for Kathryn to fall in love with Michael, but only minutes to reveal him as a romance scammer.

Accusing Michael of being a scammer was an unusual act of assertiveness for the reserved 55-year-old healthcare worker from the NSW Central Coast.

It was an unlikely act too; Kathryn (not her real name) had every reason to believe Michael was the caring, genteel man he presented as. They spoke regularly over the phone and, from his would-be London apartment, Michael arranged gifts of flowers, chocolates, and movie tickets.

Kathryn, divorced from a decades-long marriage and facing an intimidating and foreign dating scene, thought she had found in him a diamond in the rough. He was worth the long-distance relationship.

Through friends, she tells us how her relationship with Michael, which began on a dating site in late 2016, before quickly switching to email and social media, became possessive in its latter weeks. Facebook messages appeared more regularly in a tone that, with the benefit of hindsight, seemed more demanding: “what are you doing online”, “who have you been speaking to” they asked.

Michael was set to travel to Australia mid last year. They were both excited. Days before he was set to fly, he sent an exasperated message claiming he bought the wrong non-refundable plane ticket and that his passport was cancelled for elaborate reasons. He needed $7,450 to cover fares and fines.

Kathryn’s online sleuthing about his predicament gave her pause to reflect on his frantic request for money, and his escalated messages.

He called again, and she answered. “I think you’re a scammer,” she told him. A beat, then, a laugh. “Yeah, you got me,” he said. “But you know what? I’ve got 12 of you on the go.”

High-pressure sales

It’s impossible to know how Michael operated. He may have been a lone wolf. Or he may have worked in a call centre alongside other scammers.

“I’m convinced [romance scamming] is their day job,” says Sean Lyons, director of technology and partnerships at Netsafe, an online safety non-profit based in Auckland, New Zealand.

Lyons has not seen evidence of romance scammers operating in coordinated international networks, but says he sees indications – business hour operations and consistent messaging structures for example – that some scammers work in call-centre style environments.

“There may be much larger operations where you have [scammers] working in shifts and handing off to each other,” he says. “They may have CRM (customer relationship management) systems and work an account (a victim) in the same way that staff in high-pressure sales do.”

In such an environment, text messages to victims could be written by any scammer while voice calls would be made by a consistent perpetrator.

There is further evidence of romance scammers coordinating their operations. FBI Special Agent, Christine Beining, said in February last year that romance scammers typically work together sharing intelligence on vulnerable victims.

“From what we can tell, these are usually criminal organisations that work together,” Beining says.

“And once a victim becomes a victim, in that they send money, they will oftentimes be placed on what’s called a ‘sucker list’ [where] their names and identities are shared with other criminals [for] future recruitment.”

Lyons agrees that romance scammers are likely to organise. At present, evidence from Netsafe’s now shelved Re:scam artificial intelligence-like chat bot – which sent more than a million email replies to scammers in a bid to waste their time and energy – indicates a scattergun mass-email approach to targeting victims.

Reach out

Victims of romance scams are not stupid or gullible. They can be anyone.

Romance scams are deliberately ‘hyper-personal’, meaning they are of an overly intense nature that is designed to capture and isolate victims.

University of Warwick professor, Monica Whitty, in a paper published in February this year revealed victims are typically “middle-aged, well-educated women” who “tend to be more impulsive, less kind, more trustworthy, and have an addictive disposition”. Whitty’s work is designed to assist in the development of scam preventive and awareness programs.

Defence against romance scammers is tough for those involved in online dating. The Federal Government’s Scamwatch site has good advice which centres on not sending money to partners and provides clues to help spot fake social media profiles.

More broadly, experts agree that those in online relationships should keep trusted friends abreast of significant events including any plans to travel or requests for monetary loans.

“Talk to someone not connected to the romance before a major event,” Lyons says.

“A dog dying in surgery, a passport not coming through, or bribes to corrupt regimes; talk to someone who isn’t in love with the person before you put pen to paper on that Western Union slip.”

As a last resort, Lyons says, those intent on wiring money to their love interest should stick to official and local credit card networks which can offer traceability that Western Union and other non-conventional payment providers cannot.

Academics have examined other hallmarks of romance scammers. They reveal psychological manipulation as a universal tool in romance scams which includes techniques akin to domestic violence.

Queensland University of Technology academics, Cassandra Cross, Molly Dragiewicz, and Kelly Richards, describe the four signs of this manipulation including isolation, monopolisation, degradation, and withdrawal.

If this story has raised any issues for you and you’d like to speak to someone, call Lifeline on 13 11 14 or Beyond Blue on 1300 224 636.