Page 30

In November 2009, a metals-supply company in suburban Detroit called Experi-Metal Inc. filed a lawsuit against its bank, Comerica, after a computer attack drained $560,000 from the company’s bank account in less than eight hours. ¶ According to

the lawsuit, the breach happened on January 22, 2009, when a company employee received an e-mail purportedly from Comerica, saying that the bank was carrying out maintenance on its security procedures and provided a link to its website. The employee clicked on the link, arrived at what looked like Comerica’s online banking site, and entered the company’s account number and password.

/// INSTANTLY, THE MONEY STARTED FLYING OUT. By the time it

anything but legitimate. On the other end, hackers capture the

was all over, 85 wire transfers had sent cash around the globe,

information and then help themselves to someone else’s money.

landing in accounts in Russia, Estonia, Scotland, Finland, and

Phishing, which has been around for years, tends to involve a

China, as well as around the United States. From these ac-

“spray and pray” approach, skimming off money from as many

counts, the money was quickly withdrawn, almost certainly

gullible users as possible. Lately, however, “spear-phishing” is

never to be seen again by its rightful owners. In its complaint,

becoming the preferred modus operandi: targeting a single,

Experi-Metal alleges that Comerica’s online security measures

bigger victim, such as a business. The size of Experi-Metal’s

were insufficient and that the bank should restore the half mil-

loss would seem to push it into that category.

lion dollars. The bank, in its response, denied any responsibility

But no matter what it’s called, the theft of any amount of

for an attack on an outside computer and said that the website’s

money at the hands of distant, untraceable cybercrooks has

fraudulence should have been obvious “to any reasonably alert

become an infuriating, sometimes devastating fact of life in

person who was responsible for safeguarding EMI’s financial

the digital age. Which is why the Experi-Metal case, pending

records and digital credentials.”

in U.S. District Court, Eastern District of Michigan, is being

The attack on Experi-Metal was a classic phishing scam: A hacker sends an e-mail in the guise of a trusted source, con-

the ever-growing incidence of cybercrime, the situation will

taining a link to a seemingly legitimate website where sensi-

surely arise again.

tive information, such as account numbers and passwords, must be entered for seemingly legitimate purposes. But it is

28

closely watched. It’s one of the first cases of its type, but with

LSA Magazine / SPRING 2011

In 2005, the dollar loss attributed to online crime was $183.12 million, according to the Internet Crime Complaint Center

PHOTO (previous spread) Ikon Images/Alex Williamson

Crime and Punishment  
Crime and Punishment  

Spring 2011 issue of LSA Magazine.

Advertisement