Experi-Metal Inc., a metal supply company, is suing Comerica Bank, claiming the bank opened its customers up to be victims of phishing attacks, according to krebsonsecurity.com.
The lawsuit alleges the Comerica Bank routinely sent email messages to customers asking them to click a link to update security technology.
The suit also alleges the countermeasures employed by the bank were insufficient because the phishing attack was able to circumvent the two-factor authentication system. Comerica uses digital certificates to authenticate users. The bank routinely emailed clients requesting they click on the supplied link and sign in to a page to renew their digital certificate.
Cyber criminals who attempt phishing attacks commonly email unsuspecting victims a link to a corrupted website that will steal their login information.