Phishing for answers: Customer claims bank to blame for fraud scheme
Posted on 03/31/2010 at 12:22 PM by Mary Zambreno
A complaint filed in December 2009 by a Michigan-based company alleges that its bank's conduct caused the company to become the target and victim of a phishing attack. Dallas-based Comerica is being sued by its customer, Experi-Metal Inc., who alleges that for a period of eight years, the bank sent emails to its customers instructing them to click on a link in the email to renew Comerica's digital certificate.
In 2008, the bank changed its security methods entirely, switching instead to tokens that would generate a random set of numbers to be entered with the customer's user name and password. In 2009, however, a phishing email was sent to Experi-Metal claiming to be from Comerica that gave instructions to open a link in the email. Upon clicking the link, the Experi-Metal employee logged on to what looked to be the Comerica website. Instead, hackers made 47 wire transfers to the tune of almost $550,000.
The bank counters that a reasonably alert person would have caught on that the email was a phishing scam. To read more about the Experi-Metal Inc. vs. Comerica case, see this Bank Info Security article. The moral of this story? If you are a bank, consider implementing policies prohibiting your institution from sending your customers emails that request personal information. If you are a bank customer, do not open emails that purport to be from your bank without first contacting your bank to confirm that the email you received is legitimate.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
Categories: Cybersecurity Law, Mary Zambreno, Banking Law
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Law is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Law blog postings does NOT create an attorney-client relationship between you and Dickinson, Mackaman, Tyler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.