Bank sued for not preventing online theft

Mirroring the lawsuit that a couple from California raised against the Bank of America, Comerica Bank is being sued by Experi-Metal Inc. (EMI), a manufacturing firm from Michigan, for allegedly allowing their company account to be looted by cyber criminals.

In their lawsuit, EMI claims that the bank’s security practices are to blame for the theft, along with their inability to take notice of tell-tale signs pointing to fraudulent activity going on on their account. They seek complete reimbursement of the loss, plus interest, fees and damages.

Computerworld reports that the theft occurred after an EMI employee unknowingly gave up the company’s online banking credentials to the criminals, following the receipt of an email that was supposedly sent from the bank and directing the employee towards a phishing site that mimicked the bank’s online banking login site.

Among other things, EMI claims the bank is to blame because it sent this kinds of emails to customers, complete with a link for them to follow to a site where they could update their security information, and this practice made the EMI employee trust the phishing email.

EMI also condemns the bank for failing to notice and promptly react to the 47 wire transfers and 12 transfer-of-fund requests that their account was subjected to in a period of three hours, making it possible for the majority of transfers to take place and resulting in a $560,000 loss. The money was sent to accounts in Russia, China, Finland, Estonia, Scotland and the U.S., and was promptly withdrawn.

The bank responded to the accusation by saying they supplied the credentials only to the EMI employee, and that it can’t be their fault if the employee shared them with criminals. They also said that the phishing site was so obviously fake, that any reasonably alert person should have noticed it at once.

The trial is set to start at the end of the year.