CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » Phish tales
Operations Subscribers

Phish tales

The weakest part of your phishing defense probably lies in the human at the keyboard.

August 27, 2021
James Collins
No Comments
2021_Fall_Branching-out_119784

I’ve never been a good fisherman. So, when I took up fly fishing it was akin to a Ford Pinto entering the Indy 500.

Still, I love the thrill of it, the endless hours of striving to make the perfect cast—one that didn’t land in the trees, bushes, or my fishing buddy’s earlobe (which did provide some lively activity as I reeled him in).

I yearn for time on a river, standing at dusk presenting to the fish a tantalizing lure to which its pea-sized brain cannot resist.

Any angler will tell you this is best accomplished by “reading the river,” a process of analyzing the water temperature, the time of day, and the local insect population. If you ask any successful fishing store clerk, however, it also includes spending at least $50 on gear.

The reward is worth it, giving you the most exciting minute of your life as the fish takes the hook and you fall into the river.

Another contest also grabs my attention: Phishing. Only in this endeavor the trawler is an evil scoundrel, you are the fish, and the fly is an irresistible offer dangled in front of you via email.

Like many credit unions, we regularly send fake phishing scams to employees to test their wherewithal in detecting the obvious signs of a phishing email. These include misspelled names, odd links for something they never ordered, and return emails that end in AOL.com.

Sophisticated scam emails, however, are difficult to detect. Even worse are sophisticated scam emails with a “hook.”

The hook is like the fisher’s fly—something so enticing they’re impossible to resist, like a toddler with Sharpie, a wall, and 60 seconds of unsupervised time.

Scientific proof has identified such a beast. It is perfect in every way, tantalizing beyond measure, and always overpowering: the free coffee gift card.

When we tested this hypothesis, we sent three emails with offers of $5, $10, and $15 cards, and learned the following:

  • $5 does not get you much coffee or elicit many responses.
  • $10 gets some interest, but also a fair amount of skepticism.
  • $15 is the apparent price of a human soul.

The obvious risks of phishing are hard to ignore. The May 2021 ransomware attack on Colonial Pipeline is suspected to have started with a phishing attack.

This risk has increased greatly due to the explosion of remote workers, virtual private networks, and a propensity for staff to open any email that mentions “stimulus check.”

In fact, the weakest part of your phishing defense probably lies in the human at the keyboard. So, how can you reduce your risk?

  • Mandate two-factor authentication for remote workers. A username/password is about as useful as a laser toy is to a blind cat.
  • Educate employees about topical subject lines scammers may use. The bad guys read the news, too, and often change their wording to match to recent events.
  • Know the difference between regular phishing (which even a rudimentary spam filter can eliminate) and spear phishing, where scammers carefully research their targets and craft messages to the recipients.

According to the FBI’s 2020 Internet Crime Report, U.S. organizations reported more than 241,000 phishing attempts costing $54 million dollars in 2020. The impact of falling for one of these is both financial and reputational—and with members increasingly turning to electronic services, the impact will only grow.

Now, pardon me but I just got an unexpected email from “Fishing Lord 2001” who is promising me a $15 fly fishing discount card if I act fast.

JAMES COLLINS is president/CEO of O Bee Credit Union in Tumwater, Wash. Contact him at 360-943-0740 or at jcollins@obee.com.

KEYWORDS cybersecurity fraud phishing

Post a comment to this article

Report Abusive Comment

Credit Union Magazine: Winter 2022

Winter 2022

Credit Union Magazine’s Winter 2022 issue highlights data-driven marketing, the board’s role in cybersecurity, elder abuse scams, credit unions’ auto lending advantage, and more.
Digital Edition •  Subscribe

Trending

  • Reps introduce bipartisan Credit Union Board Modernization Act

  • Compliance: Experts analyze NCUA’s 2023 supervisory priorities

  • CFPB must convene SBREFA panel for credit card fee rulemaking

Tweets by CUNA_News

Polls

How do you feel about the economy in 2023?

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us