Marisco said that a few days before the theft, she opened an e-mail informing her that a UPS package she had been sent was lost, and urging her to open the attached invoice. Nothing happened when she opened the attached file, so she forwarded it on to her assistant who also tried to view it. The invoice was in fact a Trojan horse program that let the thieves break in and set up shop and plant a password-stealing virus on both Marisco’s computer and the PC belonging to her assistant, the second person needed to approve transfers.
Whoopsie. It looks like somebody forgot the basic tenants of Windows security: