Michigan Firm Falls for Phishing Scam and Loses $560,000, Sues Comerica Bank
Michigan Firm Falls for Phishing Scam and Loses $560,000, Sues Comerica Bank
Posted 02/16/2010 at 5:35am
| by Paul Lilly
5
Comments
Print
Experi-Metal Inc. (EMI), a Michigan-based metal supply company, is suing Comerica Bank alleging that the bank exposed its customers to phishing attacks, and thus is responsible for EMI's financial losses.
EMI fell victim to a phishing scam in which one of the EMI's employees handed over the company's banking credentials. Those credentials were then used to initiate wire transfers totaling $560,000 from EMI's account to numerous other accounts scattered about in Russia, Estonia, Scotland, Finland, China, and the U.S. The funds were quickly withdrawn once the transfers were complete.
Not wanting to eat its loss, EMI alleges that the phishing scam only worked because of Comerica's routine practice of sending emails to its customers asking them to click on a link to update their security information. The lawsuit also criticizes Comerica's token-based authentication system that replaced the company's digital certificates it had been using up until 2008.
"Comerica knew or should have known that the technology of the two-factor authentication procedure which it instituted in 2008 was known to be lacking in any reasonable fortification against 'man in the middle' phishing attacks," EMI said.
Naturally, Comerica sees things differently, pinning the blame squarely on EMI.
"Valid credentials assigned to an EMI employee were used to authenticate a logon for purposes of online banking transactions," the bank said. "If some unknown criminals used those credentials, rather than an EMI employee to whom they had been entrusted, this was caused solely by the actions of that EMI employee."
Image Credit: uberreview.com
More like this
Tekzel
February 16, 2010 at 1:34pm
I think the bank should have to repay half of the lost funds. Any bank ridiculous enough to send emails asking their customers to click a link and log on just has to be punished. Unbelieveable. On the other hand, giving financial access to anyone stupid enough to fall for a phishing scam just has to be punished too.
So they should each be held 50% liable. *WHAM* Case dismissed.
schwit
February 16, 2010 at 11:25am
No bank worth its weight in salt would use email for official communications. Anyone with 3 living brain cells treats all emails purportedly from a bank as a phishing attempt.
I would like to see both parties kicked off the internet.
owej
February 16, 2010 at 6:31am
Both should be better educated on security. The bank should not put their link in an email, but tell customers to log on directly to their site.
The firm should have taught everyone with online banking access to never under no circumstance ever click on an email link. Hopefully the price will be enough to pay for this lesson.
my308
April 30, 2010 at 9:52am
I get Paypal phishing email scams all the time, but you don't hear me complaining about them. Those scammers can make really convicing emails, but if you see the email coming from 'security@paypal-security.com' or some other scamming email, it is kind of obvious.
Invoice Factoring
nekollx
February 16, 2010 at 9:32am
amen
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Multi-Monitor Usage On The Rise http://t.co/eWfJfCEG9 hours 55 min ago
- maximumpc: Windows 8 Consumer Preview Coming On February 29 http://t.co/3Nd04FdR15 hours 43 min ago
- maximumpc: Can RIM *ever* catch a break? Not today! App World numbers not as great as previously reported http://t.co/3ERRhr311 day 11 hours ago
