Phishing Victim Fights Back
It had to happen some time. Phishing victims are fighting back — against their banks. A Miami Businessman is sueing Bank of America according to AccountingWEB.com and other sources:
Joe Lopez, a Miami businessman who regularly conducts business over the Internet, is suing Bank of America for negligence and failure to provide protection for online banking risks of which he claims the bank was aware. Last April, Mr. Lopez’s computer system was hacked into and $90,348.65 was wired from his account at Bank of America to a bank in Riga, Latvia without his approval.
Ralph Patino, Mr. Lopez’s lawyer, claims Bank of America had knowledge of a virus called coreflood, a Trojan horse virus known for infiltrating and compromising security systems and enabling unauthorized access to infected computers, and therefore the bank had a responsibility to inform its customers of the virus.
Coreflood, according to The Register, is primarily designed to conduct Denial of Service (DoS) attacks, but the theory is that the backdoor access it enabled criminals to extract banking passwords and account details entered into Lopez’s PC. This remains unproven.
This makes the case a bit more complicated than if Lopez was hoodwinked by a phishing email designed to look like something from Bank Of America. Still, the the AccountingWeb piece quotes Avivah Litan, vice president and research director for research firm Gartner Inc. and an online fraud expert, as saying
banking cybercrime cases such as this one may result in banks adopting stricter security measures in the future. “Banks can’t reasonably expect consumers to protect themselves from cybercriminals,” said Ms. Litan. She believes that consumers need banks to offer greater security if they want online banking to increase. Gartner Inc. predicts that within two years, “50 percent of today’s stronger methods for customer authentication will no longer be strong enough to be a safeguard against phishing and malware.”
In other words, banks have got to find a better way to keep their customers secure, and arguing that cases like Lopez’ are nothing to do with them may not impress customers already increasingly nervous about doing business and banking online.