Cybercriminals use sophisticated mini-programs called “keyloggers” to record every keystroke of the usernamesyou use to log into your bank.
Cybercriminals exploit several vul- nerabilities that we find in many small businesses. This includes
under-defended computers and networks, untrained users, lack of basic monitoring of user-logins and other attempts to gain unauthorized access.
Recently, the trust accounts at two Triangle law firms lost $1 million and $570,000, respectively.
It appears that the funds from the trust accounts were simply intercepted by the hacker and routed into their bank ac- count.
Both suffered preventable and unin- sured losses.
In this article, I want to provide a brief description of common cyber-mistakes that business owners and managers com- mit and what to do to ensure that it does not happen to you or your clients.
PLUCKED MID-TRANSFER
Like teenagers playing complex video- games, cybercriminals troll the web for under-defended websites and business applications. For some, it’s simply a game of “pwn-ing” a system. For others, they’re hunting for money or confidential infor- mation that they sell on the dark web.
In many cases of intercepted money transfers like the ones that hit the two law
firms, it starts with a simple, but deceptive “phishing” email, usually from a trusted source, i.e. someone that you know or an existing vendor.
In the past, a curious or anxious recipi- ent would click on the link/attached doc- ument, a PDF, Word document, spread- sheet, or a Google doc.
However, the hacks have become sneak- ier. Outlook users that allow HTML and scripting can be at risk for malware injec- tions.
Cybercriminals will use sophisticated mini-programs called “keyloggers” to re- cord every keystroke, every email you or your employees type, every password, and every user name you or your employees use to log into your bank. This allows the hackers to login to any system that you typically frequent, such as your email ac- count, line of business applications, bank accounts and trust accounts.
In the case of wire fraud, the cybercrimi- nal makes them self a super administrator of the  rm’s Microso  O ce 365 platform and the company’s entire email system. From there, they spy on every email com- munication from the CEO and CFO.
Anti-virus software won’t protect you from this type of an attack. Anti-virus software can only detect “known” threats that are in its inoculation database.
CRAIG PETRONELLA | Cybersecurity
Trust Accounts at Two Triangle Law Firms Hacked for $ 1.57 Million
It appears that the funds from the trust accounts were simply intercepted by the hacker and routed into their bank account.”
ATTORNEY AT LAW MAGAZINE · NORTH CAROLINA TRIANGLE. 6 NO. 4 6