When a phisher drops their hook, don’t bite the bait

Cyber criminals send over three billion emails per day through phishing attacks disguised as trusted senders.

• The scammer may use the name of trusted companies, or even your CEO.
• Unfortunately, the weakest link in a cyberattack is the person behind the keyboard—all it takes is one click on the wrong link.

Why it matters: Most cyberthreats target individuals directly. An effective security awareness and training program for all employees is crucial because staff are on the front lines.

By the numbers:

• 81% of cyberattacks took the form of phishing scams, password hacks and malware attacks.
• 84% of U.S.-based organizations have stated that conducting regular security awareness training has helped reduce the rate at which employees fall prey to phishing scams.
• Cyberattacks that used stolen or compromised credentials increased 71% year-over-year in 2024, per IBM.

What they’re saying: “There is a vast community of cyber criminals—whether individual, teamed up or government-sponsored—that are out there to get you,” said Steve Winn, corporate credit manager at Marek Brothers Systems LLC (Houston, TX). “It’s not a matter of if, but when you will get hit. Before, you could easily spot a phishing email by knowing the logo was fake—but now you have to dig deeper, see if the links match up or if you were expecting the email to begin with.”

Some credit professionals have experienced successful cyberattacks firsthand. Shelley Clark, CCE, director of credit national accounts at Ben E. Keith Company (Fort Worth, TX), said these kinds of attacks have a significant impact on credit.

“We primarily see fraud attempts when it comes to submitting new credit applications and processing or refunding payments,” Clark said. “Our company experienced a cyberattack during the spring of 2023. It impacted the entire business and for credit specifically, we were unable to view our daily receivables, process or post payments, or complete full credit evaluations for at least three weeks. Our entire company stepped up to keep our business moving as our IT team worked tirelessly to get us back to business as usual.”

Training your staff is the number one way to help prevent scammers from being successful. Whether monthly, quarterly or annually, a refresher on cyber etiquette is always helpful. For example, you can ask your IT provider to keep tabs on all current events related to cybersecurity. Being briefed on the latest scams can also keep your staff up to date between trainings.

Some companies will get their IT team to purposely send out phishing emails to see how employees handle it. “We get bi-weekly, three-minute videos and take a four-question quiz at the end, along with semiannual tests on cybersecurity training,” said Nate Yagle, vice president of credit at Premier Companies (Seymour, IN). “We have a dashboard that lets us monitor progress and compete with our teams to see who gets the better score.”

When recovering from a cyberattack, one of the best ways to move forward is through creating a business continuity plan. The plan should be specific to your department with attention to critical items along with an alternate plan to maintain access to data during a potential outage.

“There is AI technology out there that organizations can adopt to filter new data from customers and vendors that makes it so much easier to detect and identify fraud,” said Clark. “The IT teams should work with credit to train associates on phishing scams and what to look for when it comes to fraudulent activity. These criminals get very creative.”

The bottom line: With the increasing threat of cyberattacks, organizations must prioritize regular security awareness training for employees and develop robust business continuity plans to mitigate risks and ensure swift recovery from potential incidents.

To learn more about cybersecurity best practices, register now for Credit Congress 2024 and reserve your spot for session #33077. Something Smells Phishy: Cybersecurity Is a Credit Problem.