Wednesday, September 26, 2007

Ask the Private Investigator

The phone rings all day long and the email keeps coming in to Sherlock Investigations. Most of these callers and emailers ask questions about the nature of investigations, our rates, or just ask us to take their case.

But, if you have questions of a general nature, you can ask them on this blog. We monitor the blog constantly, and will post an answer to your question asap.

Just click on Comment, and then wait for our answer.

You can also make Comments about the subjects we write about, and also Comment on other people's Comments.

So, whether you have a serious question, or just want to join the fun, leave a note on Comments.

Monday, September 24, 2007

Phishing PayPal

We recently received an email from "PayPal." Only it was not from PayPal.

Of course we didn't recognize the $93.12 charge, and had we not been aware of these kinds of scams we would have clicked on the "Cancel this payment." To do so, though, we would have been asked to share passwords or personal or company financial information that would have led to identity theft, and likely caused great financial loss.

A couple of things about this email made us suspicious. The first one is the sender's email address. Even though it says "PalPal" before the email address, the email address of is not a genuine PayPal email address. Their email is always

Also, genuine PayPal email will not have typographical errors. Note that European is "european," all lower case.

Just to make sure, we went to our PayPal account and clicked on History. There never was a transaction made for the amount of $93.12.

There are also other problems with the email. See if you can spot them.

We forwarded this email to PayPal at and received the response copied below. PayPal acknowledged that the email we received was not genuine, and is known as "phishing."

Be aware that phishing comes in many forms. Examine unknown emails carefully.

Never open attachments if you're not sure who sent the email. Even then, you have to be careful. If you open an attachment, and apparently nothing happens, you may have just placed spyware on your hard drive.

This is the bogus email that we received:


We recorded a payment request from "Internet Safe-Shopping - -" to enable the charge of $ 93.12 on your account.

Because the order was made from a european internet address, we put an Exception Payment on transaction id #PayPal-T2254 motivated by our Geographical Tracking System.


If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "Internet Safe-Shopping".

If you didn't make this payment and would like to decline the $ 93.12 billing to your card, please follow the link below to cancel the payment:

Cancel this payment (transaction id #PayPal-T2254) [link removed by Sherlock]

NOTE: Because email is not a secure form of communication, please do not reply to this email.

Copyright 1995-2007 PayPal Inc. All Rights Reserved.

Our response from the real PayPay:

RE: Q510 - Thank you for your email to PayPal

Thanks for taking an active role by reporting suspicious-looking emails.The email you forwarded to us is a phishing email, and our security team is working to disable it.

What is a phishing email?

Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal will never ask for your password over the phone or in an email and will always address you by your first and last name. Take our Fight Phishing Challenge at to learn 5 things you should know about phishing. You'll also see what we're doing to help fight fraud every day.

You've made a difference. Every email counts. By forwarding a suspicious-looking email to, you've helped keep yourself and others safe from identity theft. Thanks,

The PayPal Team

Wednesday, September 19, 2007

Scam-proof Passwords

One night last year I swept an accountant's office in midtown Manhattan. By "swept," I mean TSCM, or an electronic surveillance countermeasures job, or, in other words, bug sweep.

I found a video camera hidden in a plant. It was easy to find because most plants don't have a wire leading to them. In this case, the owner placed the camera as part of his security system.

I was part of a team. The other part were Israeli computer geeks. They had a disk that they shoved into the computers in the office and, literally, in two seconds, uncovered all the passwords in each computer.

Most hackers and identity thieves don't have such sophisticated software. They don't need it. Many people use their pet's name, their first name, nicknames, "password", "123456," "qwerty," "abc123," "letmein," "monkey," their birthdate, or part of their Social Security Number, as their password. Hackers and identity thieves know this.

Obviously, any password stored on a computer is obtainable. However, the best passwords...ones that people cannot guess...are random passwords. Examples are: 4kC?l0*, or 4ilJH%, or #Ikn*M. These were created randomly by hitting different keys blindly.

Of course, if you have passwords like this, and I recommend it, you have to write them down, because you'll never remember them. Just don't tape them to your computer.

Wednesday, September 12, 2007

Junior McFadden

Once again we ask our reader's assistance in locating someone. Several times recently Sherlock Investigations has received tips that led to the person that we were looking for. So, amateur sleuths, go to it!

The photos below were taken in Japan in 1973. The subject was in the U.S. Army, Camp Fuji in Japan.

He was born in Missouri, and 18 or 19 years old at the time, which means he was born in 1954 or 1955.

At one time that we know of, he went t0 Yamashita Park and Camp Honmoku, both in Japan.

His friends called him "Junior," and the handwriting on the pictures may read "Junior McFadden," but that is open to interpretation.

The jeep pictured has a sign reading, perhaps, "FDO."

"Junior McFadden," if still living, is not in any kind of trouble. We just have a client who would like to find him and has given permission for us to post this search on our blog.

If you think you know the identity of this person, please email us at or call us at 1-888-354-2174. All responses will be strictly confidential.

Whitey Bulger Update

In locating hard-to-find people for many years now, I've learned that it's easy to widen your scope. Instead of just trying to find the person that you're looking for, try to find someone who knows where that person is. Almost no one completely disappears. There are usually a number of people who know where that person is.

I recently posted on this blog a request to help me find two flight attendents who dealt with D.B. Cooper when he skyjacked a Northwest Airlines plane in 1971, then bailed out with the ransom money, never to be seen again. As a result of that posting, we've located both women through informants who read the blog and got in touch with me. Even though both women had changed their names, people knew them, and where they were.

I first posted this "sighting" of Whitey Bulger on Monday, August 28, 2006, more than a year ago. He still has not been located, and the FBI never got back to me about my "tip." As a government agency, I think the FBI is cumbersome and too often careless.

It's my hope that someone will come forward with some valid information on Whitey Bulger. I know, all sorts of kooks may come out of the ether and contact me. That's a chance I'm willing to take. I know that people know where Whitey Bulger is, and may have reason to turn him in.

James "Whitey" Bulger has been on the FBI's Ten Most Wanted List since 2000. They're offering a $1 million reward for information leading to his arrest. A Boston mob figure, Bulger worked for years as an FBI informant. Now he's wanted in connection with several murders. He's considered armed (a knife) and dangerous. Photos of the white-haired Bulger are on the FBI's web site.

To this day, I believe that I spotted him on Saturday, September, 2003. Here's my story: At approximately 1:25 p.m. I arrived with a friend at The Zipper theater at 336 W. 37th Street in New York to see a show called "Berkshire Village Idiot," a one-man comedy about Western Massachusetts. After picking up our tickets at the box office, we sat in the waiting area for about 15 minutes until they opened the theater. Then we were ushered to our seats, which were second row center. The show began about 10-12 minutes later.

About 2:30 p.m., a half hour into the show, I noticed a distinguished-looking man sitting about 10 yards away from me, diagonally on the right. He was sitting at the far end of the front row. There were four people sitting to his left.The physical appearance of the man caused me to do a double take. My first thought was that he looked like Whitey Bulger. His white hair was closely cropped on the sides. He appeared to have no hair on top. He was dressed in black slacks, a black short-sleeved shirt, and thick-soled black sandals, with no socks. While he appeared very trim, his arms were somewhat muscular. He looked to be in his late 60s to early 70s. On the floor to his right was a medium-sized black, nylon backpack.

Dismissing my "sighting" as someone who looked coincidentally like Bulger, I let it go, but I occasionally glanced over at him. One time, our eyes met, and momentarily locked. After that, I avoided letting him see me look at him. For the next few minutes he acted figidty. Although the show has some funny lines, I never observed him laughing, or even smiling to the extent of revealing his teeth. In one scene, the lights were extinguished and the theater was almost completely dark. When the lights came back on, I noticed that the man had disappeared. His black bag was also gone. It was about 2:45 p.m.I sat for a few minutes wondering what to do. It made sense to me that Bulger, being from Massachusetts, would find a show about Massachusetts of interest.

My adrenaline began to rise. The seat in front of me, which was the front row, was empty. I quickly climbed over it and hurried out of the theater. I spoke to an usher who was seated on a folding chair outside. I asked her if she had seen a man leave, and I described him. She said that she had, and mentioned that he had left in a hurry, and didn't look at her, or say anything. I also spoke to the person in the ticket office. He had also noticed the man leave in an apparent rush. I went outside and looked up and down 37th Street, but didn't see the man, and found no one else who had noticed him.

Then, I called a contact at the FBI. My friend took my verbal report and suggested that someone would get back to me. I imagined that the FBI would first question me, and then go down to the theater and fingerprint the area where the man sat. If Bulger's fingerprints were found, then the sighting was real, and they would know at least that he was in New York.I never heard from the FBI about this. Either they knew that Bulger was in some other location, or they're just slack in looking for him.