By doing so, the hacker was able to install a malicious software program that gave them access to the fund's email system which they used to send off fake invoices.