Journal: No good deed goes unpunished...

A few nights ago I was reading my email when I got some phish; an email broken English stating that I MUST use their software. (Not included in the email but linked to instead) to access my Monster.com account. Notwithstanding Monster's WAY too lazy security policy on email addresses (I get a few "shipping coordinator" offers a week); something about this piqued my curiosity.

Since I hadn't seen this scam before, and like any halfway decent security professional I was in a machine on a DMZ, I followed the link, which my AV promptly screamed was a virus (go AVAST!), and then I decided to look at the domain hosting it. It was registered to someone in my own city, Seattle, and after five minutes on Google I had a pic of him and his wife not to mention contact info and a home address.

Ok, so here's the moral dilemma: Do I call up the guy whose identity was obviously stolen, or do I let him learn the hard way about personal data security? It's not a quick answer as, he could just as easily say I did it since I had enough skill to perform a whois lookup. We all know how well government officials deal with the intarwebs and its tubes; so I'm not looking to see if he tries to use me to recoup his losses. So what would you do in this situation?