It's happening to a LOT of businesses - I've been getting them all week with the "from" line in the msg header as being my ISP. So many tip-offs, though - they never actually used the ISP's company name, only the ending domain name and a generic department. And every support department I've ever worked for or with tells you NOT to open attachments. This message does, and it has a nice bogus claim of the attachment being "virus-free". Haven't gotten any that appear to be from Rosity yet. I'll give them one thing - they sure disguised the trace path well. Otherwise, I'd just reply with a nice zip file containing a nice shot of the old Israeli-B labeled "Social Security Number" .... ;) (For the curious - Israeli-B slams the hard drive heads down into the drive platter, ruining it. No hope of recovery or repair, even if the drive is sent to a data recovery lab...not that I condone this, even though the spammers and crackers and identity thieves deserve it...)