"No," she said. "But they sent another e-mail this morning reminding me I had only two days left to pay them. So I figured I'd better talk to you about it."

Unfortunately security sometimes involves dealing with scumbags who prey on others. I knew immediately that this was an extortion attempt and calmed her fears. And, as I said, we have a pretty good security crew. Wonderfully paranoid. So I set them on a path to track down the offending organization and get to the bottom of what was going on.

First reports came rolling in almost instantly. My coworker had kept all her e-mails from the extortionist and had not turned off her system since the files were transferred to it, so the IS people had a pretty good look at logs and files to find out what they could reconstruct and get some ideas. They could see that she had, indeed, gotten the e-mail and then clicked on the URL, just as she said. Logs on her system showed an FTP file transfer from an IP address in Bulgaria. In all, there were three files that were named the same as the three we found on her system. They also found some text and GIF files about Greece. The system keeps 20 days' worth of file caches on what users have viewed on the Web, and if you know where to go on the system, you can see all of it.

The team copied everything to a CD. They also copied her Internet and website caches to CD in case we needed them later. They made a complete copy of her hard drive and burned that to a DVD.

"Looks as if things happened just as she said," the internal information security manager told me.