Regularly receiving a stranger's emails

Question

From time to time I receive emails intended for someone else with a similar email address. This has been going on now for years and in the meantime I've gotten a pretty good picture of this person. I can say for sure that this person exists and I know quite a bit what's going on in his life. Therefore I can clearly differentiate a random phishing attempt from an honest email meant to reach this specific person.

In past I often contacted the senders to inform that they are using the wrong address.

It wasn't that big deal for me until today, when I received an email including very personal details about him, including all his contact information and his private address. The email itself is like an automated confirmation that they have received his data correctly, sent by info@blabla.blabla so no answer is required nor meant to do so.

For me there are three options:

1. Contact the sender to inform them about the mistake.

   • I don't really like this option in the first place because I feel like it's not my responsibility to explain to those random people behind info@blabla.blabla that they have provided me private information about one of their customers.

2. Contact the intended receiver and inform him about the mistake and possibly say to be more careful with the use of his email address.

   • I feel uncomfortable using information I'm not meant to know to get into contact with him. It's like opening a neighbour's letter, reading it and then passing it on to him, explaining that I had to read the letter to make sure it belongs to him.

3. Ingnore the email.

   • There's a risk of receiving further emails with even more personal details. Could I then get in trouble for not reporting it and therefore intentionally waiting for more information?

Summary:

• I receive emails intended for another person, which provide some very personal data.
• I can tell for sure that these emails are no random phishing attempts.

Do I have to report this mistake to any of the parties by law? Or would it be more like an act of kindness?

Answer 1

I spent 26 years in Law Enforcement (two years in Fraud, Identity Theft, and Embezzlement) and here is the answer I would often give other people in this situation:

By law, recipients are not required to do anything. It can be deleted without a second thought.

There is no specific law requiring someone to report this as it doesn't rise to the level of a crime.

Contacting the sender or intended recipient can be risky because the other person is unknown. Return addresses online may be masked by redirects or other traps. What is displayed may not be the full picture of the site where they want someone to go.

Having information about someone, although private, is not a crime unless there is a specific intent to use that information for a crime: fraud, identity theft, theft, etc.

Doctors, banks, and numerous other businesses have access to personal identifying information about people. Unless they were to use it illegally, just having the information is not a crime.

Phishing attempts:

As far as sending the information on to the intended recipient, that would be very noble; but there is no requirement to do so. This type of transaction is likened to having a stranger call looking for someone else.

There are people around the world just hoping to get people to click on their site so they can download everything on the victim's computer.

I once taught a class in Internet Safety to senior citizens. The message was simple:

Don't put any information on-line that you wouldn't post on your front door.

Advances on computer security have made it possible to securely handle more information but still be on-guard; Phishing still happens. Most reputable companies won't send you e-mails asking for personal information, passwords, or account numbers.

Hackers, thieves, and criminals have access to personal information regularly. In today's society, it's just a part of life in a digital world.

How does one protect themselves? Be diligent about all transactions. For instance: Check bank accounts, credit card purchases, and credit reports regularly.

A TV show, Adam Ruins Everything - Adam Ruins Security, clearly outlines a lot of these facts. (Season 1, Episode 2 - First aired October 6, 2015)

To recap:

1) Do nothing.

2) Stay vigilant.

3) Be wary.

Common idiom - If it looks too good to be true, it probably is.