After that, we checked her e-mail client and the server backups. She had received an e-mail two days after the initial message asking for money and a credit card number. Luckily, she didn't give them one.

Here's the interesting part, though. When we were checking the firewall access logs, we found that the same IP address was active 27 times that day to other end user systems on our network. Twenty-seven times! We did some checking and found that at least 15 other employees were hit with the same scam on the same day.

Why hadn't anyone told us? I was completely aghast.

That's when I learned about the paranoid users. Some knew it was a scam, but some were truly afraid of losing their job. A few confessed to visiting porn sites on their computer at home and thought this was related. Three employees responded to the threat by divulging credit card numbers and now have problems with charges on their card.

We told them what was going on and had them call their credit card companies right away.