Well, if I got one of those extortion messages, I'd promptly forward it to the security guys at my company, with copies to my immediate manager and HR. If blackmailer tries to make good on the threat and actually succeeds, the company's unlikely to be able to legally do anything to me unless they can prove it wasn't the blackmailer. Usual caveats about making sure my machine's actually clean and that the headers clearly indicate the e-mail's authenticity should be taken as given.

As for ever coughing up cash to a blackmailer, I wouldn't. It's that old problem: once you've paid danegeld, you'll be seeing a lot more of that Dane. Better to make an object lesson of them up front, so the other vultures waiting to see how things go see they won't go well and go find easier pickings.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/283/29491#29491