E-mail scammers to victims: Pay up or die

A new wave of extortion e-mails that threaten recipients with bodily harm and death if they do not pay thousands of dollars to the sender is circulating on the Internet, according to security vendor SecureWorks.

The e-mails are sent directly to the victims from valid e-mail accounts instead of the usual spam relays and bot proxies -- an apparent attempt to make them seem authentic. The accounts are set up by scammers purporting to be assassins hired by third parties to harm the recipients. The sender offers to spare the recipient from harm in return for thousands of dollars.

About 1,000 of the e-mails have been spotted over the past few days, and they appear to be targeted largely at higher-income professionals such as doctors, lawyers and business owners, according to Don Jackson, a researcher at SecureWorks. The numbers could be higher because many people don't report the e-mails, he said.

A similar run of e-mails in December and January prompted the FBI to issue an alert about the scam and urge recipients to simply ignore the messages. In that alert, the FBI said that its Internet Crime Complaint Center (IC3) had received about 115 complaints from people who had received threatening e-mails. At that time, the FBI said the extortion scam did not appear to target anyone specifically and that IC3 had not received any reports of money loss or of threats actually being carried out.

According to Jackson, an inspection of the current set of e-mails shows that they appear to be more targeted than the previous wave of messages and relatively few in number. The e-mails were sent using popular e-mail services such Gmail, Yahoo and Hotmail by people believed to be outside the U.S., he said.

The text of the message itself is rudimentary. In it, the sender claims to "being paid a ransom in advance to terminate you with some reasons listed to me by my employer. I have followed you closely for one week and five days now and have seen that you are innocent of the accusation. Do not contact the police or try to send a copy of this to them, because if you do I will know, and might be compelled to do what I have being paid to do. Besides this is the first time I turned out to be a betrayer in my job," the letter states.

The letter then goes on to ask the recipient for US$30,000 as payment to an account to be specified later and reiterates the warning about not speaking with "corps" (sic). In return for that money, the sender promises to send the recipient a copy of a tape supposedly containing a recording of an individual asking the sender to "terminate" the recipient.

In its January alert, the FBI urged recipients not to get spooked by the e-mails or to respond to them. Doing so sometimes had the effect of escalating the intimidation, the FBI noted. It cited one case where an individual threatened to call authorities only to get a follow-up message reiterating the original threat and offering personal details about the recipient's work address, marital status and daughter's full name. "Tell me now are you ready to do what I said or do you want me to proceed with my job? Answer yes/no and don't ask questions," the message said.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.