The theft occurred after a phishing scam tricked an EMI employee into supplying the crooks with the company's online banking credentials. EMI says the only reason the phishing scam worked was because Comerica routinely sends e-mails to customers asking them to click on a link to update their security information. The company also blames the digital certificates that Comerica uses to authenticate users:
Comerica knew or should have known that the technology of the two-factor authentication procedure which it instituted in 2008 was known to be lacking in any reasonable fortification against 'man in the middle' phishing attacks.
In a similar story, the town of Poughkeepsie, N.Y., is slamming its bank, TD Bank NA, for failing to notice or stop numerous unauthorized transfers.