Wednesday, February 10, 2010

Bank being sued for teaching customers bad security habits

After mentioning in a previous post that banks are now suing customers who get robbed, here's a lawsuit going the other way: Comerica Phish Foiled 2-Factor Protection.

A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year.

The short version is that the bank regularly sent customers emails where they were required to click a link and then enter their password on that site in order to update a security certificate. Unfortunately, priming people to do this also makes them easy marks for phishing attacks which often... have users click a link to go somewhere that looks like their bank site, then enter their password. Awkward.

Read the details here (or scroll down on that site to see the lawsuit and initial response from the bank).

No comments: