Share via Email

Victims Map
Cyber Crime Victims Map


Educate & Protect

Take Action



Featured Video



Experi-Metal vs Comerica - Court Verdict

Experi-MetalA Bench Verdict came down on Monday (6/13/11) from a District Court in Michigan regarding the case of Experi-Metal vs. Comerica Bank. Experi-Metal sued Comerica after it lost nearly $2,000,000 courtesy of opportunistic cyber thieves. An Experi-Metal employee fell victim to an email message disguised as a legitimate notification from Comerica (phishing scam) and handed the log-in credentials to criminals who immediately logged in to Experi-Metal's commercial Comerica bank account and started helping themselves.

The hackers took $1.9 million out of Experi-Metal's account in a matter of hours, but, due to some keener eyes at JPMorgan Chase, the sheet metal company actually lost only (I say only because it's a much smaller number in comparison) $560,000; as some suspicious wires came across the desks at JPMorgan Chase, Chase made a call to Comerica, who slowly applied the brakes and was able to catch most of the wires before they were processed. China, Russia and Estonia were among the countries to where the stolen funds were routed.

The judge placed blame on both parties, but eventually sided with Experi-Metal, siting the standard, "Pure heart, but empty head." I.e., Comerica had good intentions to keep its customer's money safe, but failed to notice the outrageous spike in wire transfer activity with Experi-Metal's accounts and the destination banks in foreign countries, to which Experi-Metal had never previously wired any funds. Comerica must pay Experi-Metal the total loss of approximately $560,000.

The entire ruling can be read here.

So Patco lost (for now) and Experi-Metal won. Two separate cases, but both with the same plot. Steal from American companies and send the funds overseas to fund more illegal activities. This is war, America. Welcome to the Cyber Warfare Age.

Remember! NEVER click on a link in an email from "your bank". The good banks are beginning to instruct their customers to navigate to their online banking portals on their own, not via embedded email links. These cyber theives are very sophisticated and have plenty of our money to spend on talented hackers and webmasters; it's difficult to distinguish a phony banking site from a real one.

Use a dedicated computer. Boot from a live CD. Check your account regularly. Use a bank that can send you text messages or call you when new payees are added or wire transfers are initiated. Cancel your online banking if you have to. Until we see some real security in place and some actual accountability plus some initiative on the banks' part to ensure our safety, offline is the safest way to bank right now.

Jarett Horehlad, CLASProject