How to teach a credit union to catch a phish

Frequent testing and associate accountability help Orange County’s Credit Union spot would-be fraudsters before they attack.

Hackers want two things: Money and personal information. The fact credit unions have access to both makes them a target for bad actors, and one way fraudsters get what they want is through phishing.

Phishing is the practice of sending fraudulent emails to trick an individual into revealing valuable information — including passwords, credit card numbers, and more. Phishing has been around for a decade or more, says Kevin Hill, the information security expert for Orange County’s Credit Union ($2.1B, Santa Ana, CA), yet it has become more prevalent in recent years as more sophisticated cybersecurity has made other forms of hacking more difficult.

“Most organizations have the right security controls in place to make actions like trying to get through the firewall obsolete,” Hill says. “Phishing is more focused on the human element. They are trying to gather information by tricking a person rather than a system.”

Hill’s work has helped Orange County’s achieve a phishing failure rate that is 2% lower than the industry average. In this Q&A, he discusses the steps the credit union is taking to combat phishing emails, how to train associates, what measures credit unions should consider adopting, and more.

 

continue reading »