Two years ago, the bank - Bank of America, to be precise - urged the couple to start using online banking, telling them it was completely safe and that only wires sent from their company computer, along with a downloaded security certificate, would be considered legitimate.
According to Money Watch, everything ran smoothly until last summer, when Bao received a call from the bank because the aforementioned transfers raised a few red flags since the couple's company has never sent any money to Croatia before, and the amounts were substantial.
His wife being out of the country, and the bank refusing to disclose any details about the transfers to Bao since she was the company’s only “authorized agent”, it took him half a day to convince them to share the information with them.
Unfortunately, not fast enough to stop the first payment from going through, so $50.000 ended in Croatia and were withdrawn.
The bigger problem for the couple arose when the Bank of America refused to reimburse them the money. When opening the account, they agreed to the bank's terms and conditions, which state that the bank must return the money on such occasions only when it is proven that it is the bank that has been compromised, and not the customer's computer.
The bank says it's probably through a banking Trojan or keylogger installed on Bao's computer that the criminals managed to steal his login credentials. Bao filed a suit claiming it was probably an inside job, and accuses the bank of - among other things - breach of good faith and negligence.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.