A New York Supreme Court judge has lost more than one million dollars to scammers after responding to an email she thought she received from her attorney.
On 16 June 2017, acting State Supreme Court Justice Lori Sattler, 51, contacted law enforcement about an incident that transpired earlier in the month.
At the time, Justice Sattler was in the process of attempting to sell her apartment and purchase another place of residence. An attacker somehow knew this and sent her an email while posing as her lawyer on 7 June. Laura Dimon and Graham Raymon of New York Daily News explain what happened next:
“The person claiming to be the lawyer told her to send money to an account. She followed the instructions and wired $1,057,500 to that account, sources said. The money was then sent to Commerce Bank of China, sources said.”
Lucian Chalfen, a spokesman for the Office of Court Administration, has confirmed that Justice Sattler was a victim of a crime. He has declined to comment any further, citing a pending criminal investigation.
The details surrounding this incident are few and far between. But given the fact that everything started when Justice Sattler received an email from someone who she thought was her lawyer, the acting NY Supreme Court judge likely experienced what Southern Oregon University suffered through in late April: a business email compromise (BEC) scam. These attacks cost $360 million over 12,005 separate complaints in 2016 alone, a report (PDF) by the FBI’s Internet Crime Complaint Center reveals.
One possible explanation for the crime is as follows. First, hackers compromised the email account of Justice Sattler’s real estate attorney using a phish. They then conducted reconnaissance of their victim’s inbox for pending transactions. Upon finding correspondence from Justice Sattler, they sent the judge payment instructions containing the details for a bank account under their control.
Given the risks posed by BEC scams, it’s a good idea to confirm the details of a monetary transaction in person or via phone, especially if its payment instructions change at the last minute. Organizations like Justice Sattler’s real estate law firm should also make sure they conduct phishing simulations with their employees so that their workforce can spot a phish. Click here for a good place to start.