It all started with an email from the post office. At least, that's what it looked like. It came from an email address ending with "usps.gov" and it invited the recipient -- a California lawyer -- to click on an attachment to find instructions for rescheduling a package delivery. "I wanted to see what the package was, so I clicked on [it]."

Later that day, the lawyer tried to access his firm's bank account. He entered his ID, but then was directed to a page asking for his PIN, rather than the usual password. Then he got a call from a bank employee -- at least, that's what the caller said -- who noticed that he was having trouble and offered to help. The caller told him to enter his PIN, along with a token number -- a code for wire transfers. Then the lawyer found himself at a site saying the page was down for maintenance.

Two days later, the employee called the lawyer and had him enter the information again. After several tries, the employee said it wasn't working, and told him he was locked out of his account for 24 hours.

That, says the lawyer, is "when alarm bells started to go off." Within hours, the lawyer discovered that $289,000 had been transferred from his account to a Chinese bank. "I never thought it would happen to me," he said, claiming that he felt like a "dummy."

Find out more from Karen Erger's article in the April Illinois Bar Journal.