I understand that spoofing one's identity is an easy enough task with tor, fly-by-night VPS's, etc., but when transfer of money is involved, could not security experts set up "honeypot" traps to get at the origin of these attacks? By seeing where the money is essentially ending up?
Wouldn't the following be nastier?<p>"We have hidden child porn somewhere on your hard drive. If you send $25 via >this paypal link<, this will all go away. If we don't receive the money in 48 hours, this program will remove itself without trace - after notifying the police."