Gary Sherrell is the owner of Dynamic Computing Services.
The Maple Valley business owner is the victim of an international scam that used phishing technology to wipe out a half million dollars from his company's bank account.
We weren't sure what had happened at that time what had just transpired, what caused the hole, said Gary.
October 27, 6:05 a.m.: Gary's comptroller opened that hole when she clicked on and e-mail that claimed to be from Facebook. When she hit the link, a virus downloaded into the company's system.
When the controller went online at the bank and accessed the accounts, that's when the information, we believe was sent to the hacker, said Gary.
Rich Lundeen breaks into corporate computers for a living for the company IOActive. Lundeen says no anti-virus software would have protected Gary's company from this attack.
How quickly can it happen?
Instantaneously, as soon as you click on the link, said Lundeen.
At 8:05 a.m., hackers created a new user ID and password. Then it attacked the company's computer using servers in Reno and Jersey City.
By 11:13 a.m., the scammers transferred $190,000 from Gary's account to the Vietnam Bank for Industry in Hanoi. And he didn't get a single call from his bank.
I can't drive to Portland and use my credit card to use gas without getting a call from the bank, he said.
By 9 a.m. the next morning, the attacks continued and $44,000 were sent to accounts in the U.S.
Two hours later, $167,000 and $148,000 went to the Sberbbank in Moscow.
By one o'clock, our CFO returned and immediately got online, called the bank and notified them that we got an issue, he continued.
In all, $550,000 went to worldwide accounts in 31 hours.
Unfortunately if you go searching through the Internet, the cases are too numerous to mention and it's sad and it's scary, he said.
Gary got lucky. His bank, Foundation Bank, retrieved most of the cash because the hackers left poor forwarding information to the banks where his money was supposed to be transferred next.
In July, a similar attack hit the account of Bullitt County, Kentucky to the tune of $415,000. Security experts say this corporate style of attack will begin to hit consumers.
I think it's going to increase especially with social networking, said Lundeen.
That to me needs to be looked at and I need to be protected better, said Gary.
Here's how to protect yourself: Be very careful with messages from friends or strangers on social networking sites. It's the links and attachments that will get you in trouble. And make sure your Internet bank will cover you. In many instances, businesses will lose bank protection if they don't report the incident within 48 hours.
Experts also tell us that these hackers are so sophisticated, they can make your bank statement look like it still has money after they've drained it.
One more note: Gary's bank, Foundation Bank, did everything it could in this case. In fact, they have retrieved almost all of Gary's money. Bottom line: Their computers were not compromised by the virus. The company lists its security measures on its Web site.