Lawyer Clicks on Email Attachment, Loses Nearly $300,000

Lest you think hacking is more hype than horror, consider the sad fate of the San Diego lawyer who clicked on an email attachment and lost $289,000.

The victim – identified only as “John” in news reports – said he never imagined such a thing would happen to him.

And yet, with just a few keyboard clicks he found himself snared in an international phishing scam.  By opening an attachment to an email he thought was from the U.S. Postal Service, he inadvertently downloaded a virus that transmitted his keystrokes to hackers on the other side of the globe.

Next thing he knew, his law firm account was short almost $300,000.

To make matters worse, his bank refused to cover the loss.

As a warning to others, John has gone public with his personal nightmare. Click here for a video interview.

The Postman Rings Once

It started innocently enough. In early February, John received an email with an address ending in usps.gov. He clicked on the attachment. That’s when the trouble began.

From the ABA Journal:

“Hours later, John tried to access his law firm’s account with Pacific Premier Bank. He was transferred to a page asking for his PIN, rather than his usual login, and received a call from a person identifying himself as a bank employee.

The caller said the bank noticed John was having trouble accessing the account and told him to type in his PIN, along with another number, which turned out to be a wire transfer code. Then a page appeared saying the site was down for maintenance.

John received another call from the supposed bank employee two days later. ‘He asked me to enter the information several times, but told me it wasn’t working. He then said I was locked out of my account for 24 hours.’”

John said by this point “alarm bells” were going off inside his head. But it was too late. His account had been cleaned out.

5 Steps to Prevent an Attachment Attack

Email is a common point of entry for hackers. Some messages contain links to malicious web sites. Others come with an attachment carrying a virus.

The attachment can do its dirty work in different ways. It might contain software that transmits a virus or it might record your keystrokes. Some malware can even give a hacker remote access to your computer.

Here are some ways to avoid being scammed like John:

1. Make sure you have an anti-virus program installed. Keep it up-to-date. This is your first and most effective line of defense against an email attack.
2. Never click on a suspicious-looking attachment – even if it comes from someone you know.
3. Recognize the red flags for potentially dangerous messages. The most obvious is that it comes from an unknown sender. Other suspicious signs: the subject line or first sentence says “Special one-time offer” or “Free trial subscription” or some other incentive for you to open the attachment.
4. If you make the mistake of clicking on a stealth attachment, immediately disconnect from the internet and run your anti-virus program. Don’t reconnect until your scan is completed.
5. Contact an IT expert or consultant to make sure your systems are prepared for attack.

Have you been the victim of an email hack? Do you have cautionary advice to pass along to others? Send us a comment.

Sources:

• ABA Journal http://www.abajournal.com/news/article/lawyer_who_clicked_on_attachment_loses_nearly_289k_in_hacker_scam/?utm_medium=email&utm_campaign=weekly_email&utm_source=maestro&job_id=150219AT
• Anti-Fraud International http://antifraudintl.org/threads/california-lawyer-loses-money-after-being-hacked.93760/
• ABC 10 News http://www.10news.com/news/sophisticated-scam-against-local-attorney-nets-nearly-300000-02182015
• Make it Secure http://www.makeitsecure.org/en/malicious-email-attachments.html

Jay Reeves a/k/a The Risk Man is an attorney who has practiced North Carolina and South Carolina. Formerly he was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. Contact him at jay.reeves@ymail.com.