A Toronto, Ontario area law firm is missing six figures from their trust account. After being hit over the holidays in 2013 by a virus which gave hackers remote backdoor access to the firm’s bookkeeper’s computer. The virus, known as the Trojan Banker Virus, was designed to capture keystrokes, which can include bank passwords, as they are typed.
The origin of the virus is unknown. Ways of contracting the virus can be as simple as the bookkeeper downloaded the program, clicked a link on a website or in an email, installed a screen saver, or merely opened an email attachment.
The hackers then used Social Engineering to get the bookkeeper to provide passwords.
First, they sent an email which was purportedly from the firm’s bank. The email had a link the bookkeeper opened which happened to be a fake website that looked just like the bank’s. The screen presented asked for the user name and password just like the “real” website. When the bookkeeper couldn’t get the login to work, another screen was displayed asking for her name and telephone number.
Shortly after entering her name and number, the phone rang with a person who represented that they were with the bank and offered to help her resolve her login problem. The hackers most likely said something along the lines of, “We can see that you were having problems attempting to access your account. We were having maintenance issues which we have now resolved. Please try logging in again?”
The bookkeeper then entered the primary password along with a secondary, more secure password, which was generated to last only a few minutes. The virus then delivered the passwords to the hackers. This allowed the hackers to have full access to the trust account, including the ability to monitor daily balances and to wire funds to foreign countries. In order to not draw immediate attention, the hackers systematically wired funds after deposits were made. Three days later the firm discovered a six-figure sum had been removed from their account.
It is important to note that it was a combination of malware and social engineering that made the fraud successful. We urge you to train your employees regularly and well. After all, what better target than a law firm's fat and juicy trust account?
