When a Trusted Email Becomes a Six-Figure Mistake

by Ross B. Siroti | Jan 7, 2026 | Cyber Security, Law Firm Protection

It’s a gray Tuesday afternoon in Red Bank, New Jersey, inside a small law firm just off Broad Street, where the carpet shows its age and the coffee machine hums out of habit. Five attorneys work behind half-closed doors. An office manager remembers carbon paper. And Marianne, a senior paralegal who has outlasted most of the furniture, moves through the office with the quiet confidence of routine. At precisely 3:14 p.m., she opens an email from a title attorney the firm has trusted for years. The tone is familiar, the wording reassuring. The subject line—“Updated Wire Instructions – Please Confirm”—asks for nothing unusual. Marianne exhales, replies, and moves on.

What Marianne doesn’t know is that the email isn’t coming from the title attorney at all. Days earlier, the title attorney’s mailbox was compromised, quietly and without disruption. An attacker slipped into the middle of an active conversation, reading prior messages, learning the cadence, and waiting. When the moment was right, they replied on the attorney’s behalf, requesting a subtle change to the wire instructions. No spelling errors. No urgency that felt out of place. Just a calm, professional request that looked exactly like the dozens Marianne had seen before.

Over the next day and a half, the exchange continues. The wire instructions change—just slightly—redirecting funds to a Chase Bank account, explained as a temporary processing issue. It sounds reasonable because it’s engineered to. Marianne prints the email and walks it to Robert’s office. Robert, the managing partner, has trusted Marianne’s judgment for more than twenty years. She explains the change—she always does—and he nods, approving it without concern. No one picks up the phone. No one independently confirms the change with the title agency. At 10:02 a.m. the next morning, a six-figure wire leaves the firm’s trust account and vanishes.

The call comes after lunch. The real title attorney asks when the funds will be sent—because nothing has arrived. The office grows quiet. Chase confirms the transfer but can’t reverse it. By the end of the day, the truth is unavoidable: the money is gone, divided and moved within hours. There was no malware, no locked screens, no breach of the firm’s internal systems. The failure lived entirely in process—specifically, the absence of a second verification step when money was involved.

What follows is a realization more sobering than the loss itself. This wasn’t a sophisticated technical attack; it was a patient manipulation of trust. A simple phone call to confirm the change would have stopped it. A policy requiring out‑of‑band verification for wire changes would have stopped it. Scenarios like this are no longer rare—they are quietly repeating themselves in law firms every day. Rekall Technologies helps law firms identify these exact gaps and put safeguards in place before an ordinary email becomes a six‑figure lesson that can’t be undone.

Ross B. Siroti

As CEO of Rekall Technologies, I’ve been helping small business owners simplify their technology since 2011. Over the years, I’ve seen firsthand how IT becomes frustrating, time-consuming, and a constant distraction from running a business. That experience is what drove me to build Rekall differently. I didn’t want clients adjusting their businesses to fit their IT—I built services that adapt to how real businesses actually operate. My philosophy is simple: technology should be secure, stable, and effectively invisible. When IT is done right, it stays out of the way and gives you the freedom to focus on your clients, your team, and growing your business with confidence.

← The Hidden Cost of Outdated Endpoint Security for Small Businesses