Trust Accounts At Two Triangle Law Firms Hacked For $ 1.57 Million

2024 Feature Nominations

Cybercriminals exploit several vulnerabilities that we find in many small businesses. This includes under-defended computers and networks, untrained users, lack of basic monitoring of user-logins and other attempts to gain unauthorized access.

Recently, the trust accounts at two Triangle law firms lost $1 million and $570,000, respectively.


PPC for Legal

It appears that the funds from the trust accounts were simply intercepted by the hacker and routed into their bank account.

Both suffered preventable and uninsured losses.

In this article, I want to provide a brief description of common cyber-mistakes that business owners and managers commit and what to do to ensure that it does not happen to you or your clients.


Injury RX


Like teenagers playing complex video-games, cybercriminals troll the web for under-defended websites and business applications. For some, it’s simply a game of “pwn-ing” a system. For others, they’re hunting for money or confidential information that they sell on the dark web.

In many cases of intercepted money transfers like the ones that hit the two law firms, it starts with a simple, but deceptive “phishing” email, usually from a trusted source, i.e. someone that you know or an existing vendor.

In the past, a curious or anxious recipient would click on the link/attached document, a PDF, Word document, spreadsheet, or a Google doc.

However, the hacks have become sneakier. Outlook users that allow HTML and scripting can be at risk for malware injections.


Computer Forensics

Cybercriminals will use sophisticated mini-programs called “keyloggers” to record every keystroke, every email you or your employees type, every password, and every user name you or your employees use to log into your bank. This allows the hackers to login to any system that you typically frequent, such as your email account, line of business applications, bank accounts and trust accounts.

In the case of wire fraud, the cybercriminal makes them self a super administrator of the firm’s Microsoft Office 365 platform and the company’s entire email system. From there, they spy on every email communication from the CEO and CFO.

Anti-virus software won’t protect you from this type of an attack. Anti-virus software can only detect “known” threats that are in its inoculation database.


Dawn Cash-Salau, president of Escrow Consulting & Accounting, LLC in Cedar Point, NC told me, “Proper oversight and timely reconciliations will help detect the fraud, after the fact. However, being proactive in protecting trust funds can help avoid the loss of time and money to recover funds already stolen and can further ensure compliance with state bar rules and regulations.”

At a bare minimum, law firms should commission an annual security risk assessment conducted by an outside source.

Firms should also employ a blend of reactive and proactive measures, such as two-factor authentication and user training on the do’s and don’ts of cybersafety.

We use the term cybersafety to define a comprehensive layering of up to twenty-two cybersecurity and IT service management protocols. Most of the layers are patented technologies. In a global contest, black and white hat hackers have thus far never pierced all layers. That’s why I call it the Petronella Unhackable Cybersafety Stack.

An IBM Threat Intelligence Index Report revealed that employees induced 95% of all breaches due to combination of incomplete configuration of their desktop computers and mobile devices, weak passwords, lack of two-factor authentication (where the user must provide at least two unique pieces of information to login), visiting unsafe websites, etc.

Because a hacker can compromise any computer, smartphone, voice-controlled device such as Amazon Alexa, or smart home “Internet of Things” devices (smart thermostats, doorbells, light dimmers, refrigerators), the state of cyberhacking now requires business owners, especially law firms that handle financial information of clients, to implement a full-spectrum data and system prophalix. This starts with training and certification of all users in your business.


Most large insurance carriers offer cybersecurity and breach insurance. In the past, they allowed firms to do a self-assessment questionnaire.

They would then trust that the firms were following the security protocols they said there were doing. But that has become to change … rapidly.

Insurance carriers have become much stricter as to what security steps you must have in place to qualify for cyber insurance.

Dr. Aleksandr Yampolskiy, CEO of SecurityScorecard, a leading security rating company said, “Cybersecurity insurers faced with growing demands and looking for new ways to measure their risks so they are moving more towards more carefully scrutinizing the cybersecurity postures of their potential clients.”

Cybercriminals continue to “innovate” at a rate and level of sophistication that is breathtaking. Business owners must not only protect their employees and assets from physical harm, they must extend similar protection to their digital systems and the data that those systems contain.

In the past, it was enough to install and update malware applications from Symantec or X. Those days are long gone. Craig A. Petronella

Craig Petronella

Craig A. Petronella is the CEO of Petronella Technology Group, Inc. (PTG),, and PTG is an internationally trusted IT cybersecurity and digital forensics firm helping law firms with training, security, and compliance. Craig has 36 years of experience, authored multiple books. For more information on security awareness core training, go to:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts