From ABC 10 News:

The scam started with Feb. 9 email that appeared to be from the postal service, from an email address ending in usps.gov, with additional instructions a click away.

“I thought it was legitimate and I clicked on the attachment,” said John …

Well that’s not smart. It sounds like the attachment was a virus that allowed the hackers to spy on his online activity and play man in the middle. But they weren’t just passively sucking up information. Here’s where “John” quadruples down on his first mistake:

Hours after clicking on the attachment, John was back on the computer, attempting to access the firm’s account with Pacific Premier Bank.

After entering his ID, he was transferred to a page asking for his PIN instead of the typical password. Soon after, he received a call from a man claiming to be from the bank, noticing he was having trouble logging on.

(Emphasis mine.) This does not happen. Banks do not call you when you are having trouble logging into your account.

“I just wanted to log onto my account and I thought this person was helping me,” said John.

Oh you poor idiot.

Two days later, the man called back and John says he repeated the steps.

Oh for the love of … STOP IT YOU MORON.

Hours later, John discovered a transfer for $289,000 – a big chunk of the account – to a Chinese bank.

Shocking. By which I mean not shocking at all.

The bank, if you want to know, declined to cover the loss.

(h/t ABA Journal)