Priest’s stolen identity traced back to Nigeria

The smartphone scam that robbed the St Julians parish priest of his entire Yahoo e-mail account – including thousands of confidential messages from parishioners – originated from Nigeria.

Fr Claude Portelli says one of his brothers managed to track down the hackers’ IP address to the West African country.

The tech-savvy priest fell for the scam when he agreed to update the Yahoo app on his Android smartphone, which required his e-mail address and password for authorisation.

He immediately lost access to his account. Soon after, an e-mail was sent out to all his contacts saying he had been mugged at gunpoint in Spain, rendering him penniless and in urgent need of a loan of almost €3,000.

Convincingly written, it was signed “Fr Claude”.

The 36-year-old priest spent an entire morning answering duped callers ready to give him the money. The Ursuline nuns were already planning a fund-raising activity.

Instead of calling, others played into the hands of the hackers by replying to the e-mail to verify its authenticity and see how to transfer the money. In some cases, the hackers, keeping up the pretence, replied assuring people the request was “serious”.

Fr Portelli, who was particularly concerned that very personal e-mails from his parishioners could be exposed, is pursuing the matter with the help of his siblings.

“My sister continued to communicate with the hackers and by the third e-mail they gave details of how to transfer the money,” he said.

The police’s cyber crime unit is also investigating the case, after Fr Portelli filed a police report.

Commercial lawyer Aron Mifsud Bonnici said the police could refer the matter to international agency Interpol but, due to the remote location of the scammers, there was “very little scope” for the Maltese police to pursue such offshore cases.

Dr Mifsud Bonnici, who authored a book about digital age crime entitled Misuse of the Information Highway, pointed out that Interpol itself was once a victim of a Nigerian scam some years back.

Fr Portelli was a victim of what is known as “phishing”, which is when criminals acquire login or credit card details by masquerading as legitimate entities.

Scammers will probably scour the victims’ e-mails for information to make their scam more credible, so victims of identity theft should change the log-in details of online services, especially money handling sites like Amazon, eBay and PayPal.

Technology journalist Martin Debattista warned internet users not to give usernames or passwords via telephone or e-mail and said common sense could go a long way to prevent such scams.

“Do not use your Facebook username and password to access other services, something which is becoming trendy but can lead to identity theft. When in doubt, leave out,” he added. Meanwhile, passwords should be changed regularly and should preferably be made complex with the use of numbers.

Mr Debattista said the scam affecting Fr Portelli was “run-of-the-mill”, except it happened over a smartphone.

“Smartphone and tablet use in Malta is increasing rapidly and we will see more scam and fraud attempts over these new mobile devices. Same rules of use for computers apply.”

Mr Debattista warned that users of webmail accounts such as Gmail and Yahoo should keep a permanent copy of their e-mails on their computer in case they lose access to their web-based accounts.