The team copied everything to a CD. They also copied her Internet and website caches to CD in case we needed them later. They made a complete copy of her hard drive and burned that to a DVD.

"Looks as if things happened just as she said," the internal information security manager told me.

After that, we checked her e-mail client and the server backups. She had received an e-mail two days after the initial message asking for money and a credit card number. Luckily, she didn't give them one.

Here's the interesting part, though. When we were checking the firewall access logs, we found that the same IP address was active 27 times that day to other end-user systems on our network. Twenty-seven times! We did some checking and found that at least 15 other employees were hit with the same scam on the same day.

Why hadn't anyone told us? I was completely aghast.