John had received a number of emails and telephone calls from the US from individuals who had advertised property to rent on a website.
They had all become suspicious of an email which they had received from DrJohn.Smith@yahoo.com.au with the postal address of Greater Manchester Hospital. John had not sent the email.
The US landlords contacted John via his hospital email address or hospital telephone number, both of which are listed on the hospital website.
Interestingly, a mobile phone and fax number with the correct UK dialling code followed by the numbers 703 was included in the email.
John spoke to one of the callers, who was concerned that this was a scam and warned John to be careful.
At this point, I advised him not to reply to the landlords and to be very circumspect on the telephone if they rang him at the hospital. Emails I sent to Yahoo! both in the UK and in Australia went unanswered. I also gave John the details of the Police Crime Management Unit, which investigates internet fraud and identity theft.
So why was John's name used? The scammers trying this scam had probably obtained his name and postal address from publications available on the web. As John was not a victim of crime, there was no crime for him to report, but he needs to be vigilant that his name is not used in any other scams from now on, which might adversely affect his credit rating in the future.
While we were trying to understand what was going on, we found that the hospital website had recently been updated and included an internal staff directory with a comprehensive list of names, email addresses and, where applicable, telephone and fax numbers.
Also included were notes to allow the reader to gain a better understanding of departmental structure, along with individual job titles and qualifications.
And all this information was available in just one hit – simply by clicking on Directory.
Fortunately, John was able to take steps to minimise the risk to his name and credit rating, by reporting the matter to the police and requesting that the administrator of the hospital website remove all personal details.
This was a new scam to me, and I learned a lot from my police contacts.
It seems that, just when you think you know all the possible scams, something new comes along.
It had not occurred to me to check on company websites, but that is now top of my list of precautions.