Customer Sues Bank After Phishing Attack

MI-Based Business Lost $550,000 in Breach
Customer Sues Bank After Phishing Attack
A Michigan-based metal supply company is suing Comerica Bank, claiming that the bank exposed its customers to phishing attacks.

A lawsuit filed by Experi-Metal Inc. (EMI) in Sterling Heights, MI alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures.

EMI contends that Comerica's actions opened its online bank account to a successful phishing attack where more than $550,000 was stolen from the company's bank accounts and sent overseas.

News of this suit comes days after news of another Dallas-based bank, PlainsCapital Bank, suing one of its customers in a dispute over a similar hack.

EMI is but one of many companies across the U.S. being targeted by hackers in this fashion. The crimes have become so numerous that federal banking regulator FDIC issued a warning about this form of fraud.

EMI vs. Comerica

The complaint filed by EMI in December in a Michigan circuit court states that for many years Comerica used digital certificates for authenticating online banking. Once a year from 2000 to 2008, the suit alleges, Comerica sent emails to EMI and other bank customers instructing them to click on a link in the email, and then log in at the resulting website in order to renew the Comerica digital certificate.

Then, in 2008, Comerica began telling its customers to adopt a different security solution -- a security token to use along with user names and passwords. The tokens would generate a random set of numbers to be entered with the customer's user name and password to access the online bank account.

The suit claims that on January 22, 2009, an EMI employee opened and clicked on links within a phishing email that said it was from Comerica. The email duped the employee into believing the bank needed to update its banking software. It gave instructions to the EMI employee to log in at a linked website that mimicked Comerica's online banking site. The EMI employee provided the site with the company's online banking credentials, as well as the code generated by the bank's security token.

The phishers began to quickly move money out of EMI's account. Between 7:30 a.m. and 10:50 a.m. the same day, the phishers made 47 wire transfers to various accounts in Russia, Estonia, Scotland, Finland, China, as well as domestic accounts from which funds were quickly disbursed or withdrawn.

The bank's response says that the EMI credentials were used to initiate the wire transfers and were valid, and the phishing website the employee went to would have been discovered as fake, "to any reasonably alert person who was responsible for safeguarding EMI's financial records and digital credentials."

The bank also says its online security approach was reasonable "because they were in general used by other similarly situated customers of other banks."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.