Comerica Bank is sued for helping phishing attack that resulted in $560,000 loss

A Michigan based metal supply company Experi-Metal Inc. accused Comerica Bank for exposing its customers to phishing attacks which resulted in big financial losses for the company.

One of the EMI's employees was tricked into a scam scheme and gave away the company’s banking credentials. The information then was used to start wire transfers totaling $560,000 from EMI's account to numerous other accounts in Russia, Estonia, Scotland, Finland, China, and the U.S. Once the transfer was complete the funds were immediately withdrawn.

Thus, EMI alleges in a lawsuit that the phishing scheme was effective only because Comerica has a routine practice of sending emails to its customers asking them to click on a link to update their security information. In the filing the company also expresses its discontent with Comerica's token-based authentication system that replaced the company's digital certificates it had been using up until 2008.

Meantime, Comerica declines any wrongdoing.

"Valid credentials assigned to an EMI employee were used to authenticate a logon for purposes of online banking transactions," the bank said. "If some unknown criminals used those credentials, rather than an EMI employee to whom they had been entrusted, this was caused solely by the actions of that EMI employee."