E-mail scammers to victims: Pay up or die

Computerworld - A new wave of extortion e-mails that threaten recipients with bodily harm and death if they do not pay thousands of dollars to the sender is circulating on the Internet, according to security vendor SecureWorks Inc.

The e-mails are sent directly to the victims from valid e-mail accounts instead of the usual spam relays and bot proxies -- an apparent attempt to make them seem authentic. The accounts are set up by scammers purporting to be assassins hired by third parties to harm the recipients. The sender offers to spare the recipient from harm in return for thousands of dollars.

About 1,000 of the e-mails have been spotted over the past few days, and they appear to be targeted largely at higher-income professionals such as doctors, lawyers and business owners, according to Don Jackson, a researcher at SecureWorks. The numbers could be higher because many people don't report the e-mails, he said.

A similar run of e-mails in December and January prompted the FBI to issue an alert about the scam and urge recipients to simply ignore the messages. In that alert, the FBI said that its Internet Crime Complaint Center (IC3) had received about 115 complaints from people who had received threatening e-mails. At that time, the FBI said the extortion scam did not appear to target anyone specifically and that IC3 had not received any reports of money loss or of threats actually being carried out.

According to Jackson, an inspection of the current set of e-mails shows that they appear to be more targeted than the previous wave of messages and relatively few in number. The e-mails were sent using popular e-mail services such Gmail, Yahoo and Hotmail by people believed to be outside the U.S., he said.

The text of the message itself is rudimentary. In it, the sender claims to "being paid a ransom in advance to terminate you with some reasons listed to me by my employer. I have followed you closely for one week and five days now and have seen that you are innocent of the accusation. Do not contact the police or try to send a copy of this to them, because if you do I will know, and might be compelled to do what I have being paid to do. Besides this is the first time I turned out to be a betrayer in my job," the letter states.

The letter then goes on to ask the recipient for $30,000 as payment to an account to be specified later and reiterates the warning about not speaking with "corps" (sic). In return for that money, the sender promises to send the recipient a copy of a tape supposedly containing a recording of an individual asking the sender to "terminate" the recipient.