Hat to tip to colleague and friend Dan Pinnington for sharing a story about a Toronto-area law firm that had a less than happy holiday season. While their colleagues were making merry, this firm was infected with a virus which gave hackers backdoor access to its bookkeeper’s computer. The virus copied bank account passwords as she typed them.
The virus, known as the Trojan Banker Virus, gave the hackers full access to the trust account, including the ability to go in, monitor it, and wire money to foreign countries shortly after deposits were made. The consequent loss was more than six figures.
It is unknown how the virus got in - perhaps the bookkeeper clicked on a link, opened an attachment or simply downloaded a screensaver.
An e-mail purportedly from the bank may have provided the bookkeeper a link that launched into a spoof web site prompting her to log in. But she couldn’t successfully gain access using her primary password. Another window, also designed to look like the bank’s web site, then asked her for her name and telephone number.
She later received a phone call, which she thought was from the bank. The con went something like this: “I see you’re having problems trying to log in -We were having maintenance issues but we think we’re fixed. Can you try logging in again?”
When she did, she entered both the primary password and a second more secure password generated to last only a few minutes. That was time enough. Three days later, the firm noted that a six-figure sum had disappeared from its trust account.
Note that it was a combination of technology and social engineering that made the fraud work. Train, train and train your employees again. What better target than a fat, juicy law firm trust account ripe for the plucking?
Update from Dan Pinnington with a more accurate and complete description of the incident.
E-mail: firstname.lastname@example.org Phone: 703-359-0700