When California lawyer Christopher Pitet became a victim of payment fraud earlier this year, the email, as the classic horror movie trope goes, came from inside the house.
A client of Pitet’s had recently settled a legal dispute and the lawyer received an email, seemingly from the opposing attorney, with instructions of where to send the $59,517.50 agreed in the settlement. He promptly wired the full amount over, as requested.
Neither the email nor the instructions were what they seemed. In fact, the message had been sent by a hacker who had installed a monitoring bot on the server of Pitet’s law firm and watched the settlement talks proceed until the precise moment when payment was due. Pitet, a lawyer well-versed in fraud, had unwittingly wired his client’s money directly into the hacker’s account.