Company Sues Bank Over Security Practices That Resulted in Theft

The theft occurred after a phishing scam tricked an EMI employee into supplying the crooks with the company's online banking credentials.

By Kara Reeder | Posted Feb 16, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Experi-Metal Inc. is suing its bank, Comerica Bank, after cyber criminals stole $560,000 from the company's account via a series of unauthorized wire transfers last year, reports Computerworld. According to the lawsuit, EMI is blaming the loss on Comerica Bank's security practices. The company also believes bank failed to heed signs that should have alerted it to the fraudulent activity.

The theft occurred after a phishing scam tricked an EMI employee into supplying the crooks with the company's online banking credentials. EMI says the only reason the phishing scam worked was because Comerica routinely sends e-mails to customers asking them to click on a link to update their security information. The company also blames the digital certificates that Comerica uses to authenticate users:

Comerica knew or should have known that the technology of the two-factor authentication procedure which it instituted in 2008 was known to be lacking in any reasonable fortification against 'man in the middle' phishing attacks.

In a similar story, the town of Poughkeepsie, N.Y., is slamming its bank, TD Bank NA, for failing to notice or stop numerous unauthorized transfers.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter