Phishing to Bashing

A new rash of threatening emails is taking phishing to a new level. Apparently targeted to higher income professionals such as doctors and lawyers, SecureWorks is reporting that emails are being sent direct to the recipients without the use of relays or other methods to disguise their origin. The messages purport to be from an assassin hired by a third party and threatening bodily harm. For a payment of $30,000 this harm can be avoided.

The message explains that the assassin has been following them for the last week and knows their routine. Further, the assassin doesn't believe this person has done what is claimed and wants to spare them their lives.

There was a less targeted series of similar threats several months ago. This prompted a January 2007 notice from the FBI to ignore the messages and not respond to them. One person did respond and what was likely easily obtainable information was used to reinforce the threat. According to the bulletin:

In one case, a recipient responded that he wanted to be left alone and threatened to call authorities. The scammer, who was demanding an advance payment of $20,000, e-mailed back and reiterated the threat, this time with some personal details about the recipient - his work address, marital status, and daughter's full name. Then an ultimatum:

"TELL ME NOW ARE YOU READY TO DO WHAT I SAID OR DO YOU WANT ME TO PROCEED WITH MY JOB? ANSWER YES/NO AND DON'T ASK ANY QUESTIONS!!!"

This may be an excellent time to ensure your bank executives and board are briefed on phishing expeditions and this one in particular. General information on not responding to these messages and preferably not opening them in the first place should be communicated.

Jan. 2007 FBI Bulletin