The FBI is investigating an e-mail extortion scam that threatens recipients with death if they fail to pay tens of thousands of dollars to a would-be killer. The e-mails, which so far have been sent to U.S. corporate executives, physicians, university deans and others, claim the sender has been contracted to kill the recipient, but for a payment of $30,000 to $50,000 will not carry out the job. Although there are many Internet scams aimed at convincing people to part with their money, this apparently is the first one to threaten targets with violence. The threats, sent through accounts on Yahoo, Hotmail, Gmail and perhaps others, order the target to wire a large initial sum of $20,000 to $40,000 to an overseas account. The perpetrator or perpetrators then might ask for another payment, claiming they never received payment or that the account was shut down by authorities before the cash could be withdrawn. Victims who express doubt about the extortionist's claims have received even more threatening messages containing personal information as "proof" of their capabilities and intent. The FBI has received a total of 115 complaints regarding this scam since December 2006, when the first wave of threatening e-mails appeared. Two other waves have followed, each about a month to six weeks after the previous wave. Traces of the extortion e-mails indicate they are coming from overseas, although it is unclear which countries are involved. In many cases, the personal information required to target certain individuals can be found quite easily on the Internet. Corporate and university Web sites, for example, often list top officials by name, along with the positions they hold — and some contain direct e-mail addresses. Clinics also often provide listings of their physicians, complete with their backgrounds and photographs. Moreover, on company Web sites, the leadership structure often is laid out, with CEOs and other top-tier executives — the wealthier potential victims — listed first. A minute or two on the Web site, then, allows the extortionists to determine who would make the most attractive target. The scammers also could be purchasing personal information from third parties engaged in the practice of "phishing," gaining personal information such as credit card or bank account numbers online by masquerading as a trustworthy entity in an e-mail or on a fraudulent Web site. Phishing also can be used to gain e-mail account information not easily obtained from a Web site, though in many cases the target's e-mail address can be accurately guessed based on his or her name and the e-mail address protocol used by the company. This latest e-mail scam is a new twist on virtual kidnapping
, in which the perpetrators do not physically abduct anyone but instead use cell phones to convince the target's family that a kidnapping has occurred and demand immediate "ransom" payments. The scam also is similar to extortion activity targeting Hispanic businesses
along the U.S.-Mexican border. In those cases, targets receive phone calls threatening them or their families if money is not paid. Most scams circulating on the Internet involve attempts to convince the e-mail recipient to transfer money into a bank account set up by the scammer. These usually involve a plea for help and the promise of an eventual reward. Because these scams are attempts to defraud, the U.S. government gets involved in investigating them. This latest scam, however, has upped the ante considerably, making it a national security issue — regardless of whether the threats are real. Most people who spot this scam simply delete it or forward it to their e-mail administrators, who might report it to the FBI — the agency responsible for investigating this kind of crime — or the Internet Crime Complaint Center (ic3.gov), a partnership between the FBI and the National White Collar Crime Center that routes complaints about Internet criminal activity to the appropriate agency. Those who take the threats seriously can, of course, report them directly to the FBI or the bureau's local field office. It is unclear how many targets, if any, have been taken in by this scam and complied with the threats. Judging from virtual kidnapping attempts, as well as the history of scam letters, faxes and e-mails from Nigeria — the most common of the plea-for-help scams — a small percentage of targets will be taken in, making the effort of sending these threats worthwhile. People who believe the threat likely obey the extortionist's instructions not to report it to authorities. They might even make the payment if they rationalize that the amount demanded does not warrant taking the risk. Other targets might wait to see whether other threats follow before taking concrete action. The Nigerian-based e-mail scams have been going on for years now; apparently, there is no easy way to stop such Internet abuse except to warn the public. Because this latest scam apparently is being carried out in waves, individuals, corporations and other institutions perhaps have time to take steps to protect sensitive personal
and company information before the next round of threats goes out.