Identity Theft

I received a very interesting email today:

Richard how can you say this is a fake? I am afraid you know nothing about Eddie Cobiness and this is an original as it was purchased from him personally and can have Ernest Cobiness his son to back it up. I have a vast collection of Aboriginal Art which I have collected for 20 years and have several Morrisseau’s and some I sold several years ago a cross Canada. I will back up all the art I sell and will not lose any creditability. If you are brave enough to give me your phone number I will call you on my nickel. If not please retract your statement.

—– Original Message —–
From: (
To: xxx
Sent: Thursday, July 16, 2009 5:25 PM
Subject: Reply to your “Rare original Painting by the Late Eddie Cobiness”

You’ve received the following reply to your “Rare original Painting by the Late Eddie Cobiness”

this is a fake
You can respond to by replying to this email

I keep a gmail account for casual email. It is the email address listed on this blog. It is there for folks to make contact with me directly as opposed to posting a comment. Many of my friends and colleagues follow the blog and they are not comfortable with posting online comments. I receive hundreds of emails on a monthly basis from people who follow the blog. I have never worried about sharing my email address before today.

I have never heard of Eddie Cobiness and I do not have an interest in Aboriginal Art.

I did not write the comment.

Someone used my email address in a fraudulent fashion. And there is really nothing that I can do about it. But it does scare me. Virtually anywhere a comment is placed, someone can use a fraudulent email address. There is no effective authentication mechanism to validate whether an email address rightly belongs to a specific owner.

I must admit that I am troubled by this email. I have to think about this type of identity theft and its implications.

2 replies
  1. Michael Weening
    Michael Weening says:

    Hi Richard, that is scary. Does not matter how well you protect, someone is out their prowling.

    BTW, did you look in your Microsoft employee photo? Recognize our friend Mr. Oxley at the end? (LOL)

  2. Mike P.
    Mike P. says:

    Creepy. But really, this is much the same as putting a false return address on a physical envelope and dropping it in any mailbox. As in that situation, there’s nothing (barring cryptographic signatures) that guarantees the source, so we’re basically left with a simple system that relies on the basic decency with which most people conduct themselves.

    And in either case, when the simpleminded system is taken advantage of, well, you’re stuck with a bunch of uncertainties, which can be only partially reduced with the use of forensics””in the digital case, that’s pretty much IP addresses and textual analysis.

    It is truly weird to have someone comment in your name like that. Especially when they’re just being a nuisance and not contributing anything of substance (at all) to whatever the original dialogue was.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *