Lawyer who clicked on attachment loses $289K in hacker scam by Debra Cassens Weiss

20/02/2015 06:41

A lawyer who clicked on an email attachment lost $289,000 to hackers who likely installed a virus that recorded his keystrokes.

The anonymous lawyer, identified only as John from the San Diego area, told ABC 10 News how it happened.

On Feb. 9, John received an email with an address ending in Thinking he had received a legitimate email from the U.S. Postal Service, he clicked on the attachment.

Hours later, John tried to access his law firm’s account with Pacific Premier Bank, the story says. He was transferred to a page asking for his PIN, rather than his usual login, and received a call from a person identifying himself as a bank employee.

The caller said the bank noticed John was having trouble accessing the account and told him to type in his PIN, along with another number, which turned out to be a wire transfer code. Then a page appeared saying the site was down for maintenance.

John received another call from the supposed bank employee two days later. “He asked me to enter the information several times, but told me it wasn’t working. He then said I was locked out of my account for 24 hours,” John told ABC 10 News. “That’s when alarm bells started to go off.”

Within hours, John discovered that $289,000 had been transferred from the account to a Chinese bank.

“I never thought it would happen to me,” said John. “I was shocked. I felt like a dummy, basically.”

An expert who spoke with ABC 10 News said the hackers evidently installed a virus to capture John’s keystrokes. Whether a bank will cover the loss depends on its terms and conditions, the expert said.

In John’s case, Pacific Premier Bank declined to cover the loss.