When a Florida-based lawyer powered up his computer and noticed a small black box on his desktop, he immediately suspected something was wrong.

A few days prior, the attorney had installed a surveillance system at his new office but was unable to sync all of his devices. After a quick online search for tech support, he was connected to a representative and granted them remote access to his computer to fix the issue.

The representative told the lawyer that his computer had been infected by foreign threat actors and offered to remove the malware for an additional fee. Soon after paying for the additional security services, the attorney noticed the small box at the bottom of his computer screen “running some sort of code that was moving fairly quickly.” That’s when he realized he’d been scammed.

The lawyer contacted his insurance agent, who immediately connected him with the Coalition Claims Team. We advised him to immediately shut down his computer as a precaution and recommended a digital forensics investigation.

A security analyst with Coalition Incident Response (CIR), who happened to be nearby, offered to visit the lawyer’s office and assist with data preservation in person. After restoring the data through an external drive and searching for indications of ransomware, CIR found no evidence that threat actors accessed any sensitive data.

During the investigation, CIR determined that the lawyer clicked on a fraudulent website while trying to set up his surveillance system as part of an attack known as SEO poisoning. The small black box on the lawyer’s desktop only contained a “dummy” script, intended to simulate a malware infection and scare the lawyer into calling tech support again for additional services.

CIR advised the lawyer on steps to reduce his risk in the future, such as using a password manager and implementing multi-factor authentication.

One key coverage helped the lawyer through this social engineering scam: Breach Response covered the cost of CIR’s investigation, which totaled $24,500.

1. The claim scenarios described here are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law. The descriptions contained in this communication are for preliminary informational purposes only. Coalition is a trading name of Coalition Risk Solutions Ltd. which is an appointed representative of Davies MGA Services Limited, a company authorised and regulated by the Financial Conduct Authority (FCA), registration number 597301, to carry on insurance distribution activities. You may check this on the FCA register by visiting the FCA website www.fca.org.uk. Coalition Risk Solutions Ltd. is registered in England and Wales: company number 13036309. Registered office: 34-36 Lime Street, London, United Kingdom, EC3M 7AT. Copyright ©2024. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.