Todd, thanks for the heads-up!
Scammers and Spammers will try anything and go to great lengths in attemps to overcome web server and individual computer security protective measures. When they can't overcome those measures, they take it to the human level, relying on scare tactics or sypmpathy. I just got a PM from a susposed SMF member last night with a proposal, and the sender wanted me to contact them via email for further information. I noticed that the email address even looked phoney, especially the provider. I checked into the sender's profile before doing anything, and found no join date, no activity, no posts on the forums, etc. I forwarded the message to an admin who I saw was online at the time (Pineywoods), along with a brief message about my concerns, and he banned the member within just a few minutes. I do wonder how many other members got this PM before it was put to rest, though, just out of curiousity.
Anyway, this situation seemed to be a pretty desperate move in an attempt to gain my trust while they wittled away at whatever data they wanted to access on my computer files, I'm sure...never know, I just didn't want to find out what they wanted. Once they gain access to you through some type of messaging, the stage is set.
If it's a message from anyone I'm not familiar with, or that I haven't previously initiated contact with, I get my gaurd up. If it looks at all suspicious, I take careful evasive action. My email account almost never gets spam, junk mail, or anything malicious, so that part of my communications protection works rather well, thankfully. I did get a fake (unsolicited) email which was somehow routed through Walmart (had their logo, an authentic looking sender's address...everything looked legitimate), and it actually contained a hacker's trojan. My antivirus red flagged it, immediately. I thought my A/V had gone bonkers, but the message was indeed malicious. The only reason it got through the filters is because I get legitimate correspondence from them at least every 3 months, so the filters recognized the sender. These electronic virtual punks are sneaky little S.O.B.'s, so don't let 'em fool ya. We may be in a virtual world when we open the web browser or email account, but the threats are real.
Keep your gaurd up, and keep your A/V updated. If you haven't initiated or solicited any contact with the party in question, suspect the worst is about to happen. As Scarbelly stated, rarely will you get an email from anyone as an initial form of contact, so don't trust randomly recieved messages. Just because your A/V doesn't throw a flag doesn't always mean the message or attachments are safe. Speaking of attachments, these are typically what contains a virus, trojan or worm, and once you click on it, you're doomed. Even a picture contained on a susposed legitimate logo or ad could have an enbedded file.
Also, if it type of thing happens here on SMF, the mods/admin will stomp it into the dust.