Iowa Banking Law Blog
Phishing for answers: Customer claims bank to blame for fraud scheme
Mar. 31, 2010 – Mary A. Zambreno, Iowa Banking Law Blog
A complaint filed in December 2009 by a Michigan-based company alleges that its bank’s conduct caused the company to become the target and victim of a phishing attack.
Dallas-based Comerica is being sued by its customer, Experi-Metal Inc., who alleges that for a period of eight years, the bank sent emails to its customers instructing them to click on a link in the email to renew Comerica’s digital certificate. In 2008, the bank changed its security methods entirely, switching instead to tokens that would generate a random set of numbers to be entered with the customer’s user name and password. In 2009, however, a phishing email was sent to Experi-Metal claiming to be from Comerica that gave instructions to open a link in the email. Upon clicking the link, the Experi-Metal employee logged on to what looked to be the Comerica website. Instead, hackers made 47 wire transfers to the tune of almost $550,000. The bank counters that a reasonably alert person would have caught on that the email was a phishing scam.
To read more about the Experi-Metal Inc. vs. Comerica case, see this Bank Info Security article.
The moral of this story? If you are a bank, consider implementing policies prohibiting your institution from sending your customers emails that request personal information. If you are a bank customer, do not open emails that purport to be from your bank without first contacting your bank to confirm that the email you received is legitimate.
Tags: banking litiation, Comerica Bank fraudulent wire transfers lawsuit, Experi-Metal lawsuit against Comerica Bank, phishing, phishing attack victim, phishing litigation
Industry Categories: Banks & Financial Institutions