Don’t Take the Bait: Protecting Your Business from Phishing Attacks w/ Mike Gross #ExperianLive

Podcast:

56% of IT decision makers say targeted phishing attacks are their top security threat. – CSO

How many of you have almost fallen victim to one of the oldest and most common fraud scams in the books — a phishing email?

Phishing is the fraudulent practice of sending emails claiming to be from reputable companies.

Fraudsters do this to get recipients to click a link and reveal personal information, like passwords and credit card numbers. Sometimes, they will even install malware on your mobile device or computer, directing you to a fake storefront to pilfer information like bank accounts or create new fraudulent accounts using your identity information.

Phishing scams today have become more sophisticated and personal. We are all busy with life – work, family, commute, and dinner plans, along with keeping up on the latest news cycle. Virtually anyone could be inclined to quickly click on a link stating there is an issue with their recent order.

In this #ExperianLive event, we spoke with Mike Gross, Head of Global Identity and Fraud Product Innovation, about how consumers and organizations can protect themselves from phishing and online fraud.

Learn more by checking out his team’s latest Global Identity and Fraud Report.

Transcript

Here’s a complete transcript of our conversation with Mike Gross about phishing:

Mike Delgado: Hello, friends. Welcome to Experian Live, a show featuring Experian leaders talking about technology, innovation, and ways to improve business. Today, we’re chatting with Mike Gross about phishing and how organizations can protect themselves from online fraud. Mike Gross is head of Global Identity and Fraud Product Innovation. Mike, thank you so much for being our guest today.

Mike Gross: Thanks so much, Mike. Happy to be here.

Mike Delgado: Mike, can you share a little bit about your background and how you got involved with Experian and the fraud team?

Mike Gross: Sure. So I’ve been working in fraud prevention ever since graduating college, started out here in Scottsdale, Arizona at a company called Early Warning Services and was there for about eight years working on mostly fraud prevention for banks, working on collaboration to kind of share negative data and then moved to 41st Parameter, a startup here in Scottsdale back in 2011 and was head of a risk team here for a couple of years before Experian acquired 41st and had been with Experian on our global identity and fraud group ever since.

So I lead our product innovation group now, a team of about five folks, that we’re all about how do we accelerate product development to make sure we’re getting ahead of the fraudsters, introducing new technologies, new approaches to kind of out game some of the best gamers out there, the fraudsters.

Mike Delgado: It’s so cool that you went right into this after college. What was something that was really attractive to you about helping to stop online fraud?

Mike Gross: Yeah, I think there’s two things. The dynamic nature of it, every day is completely different, so just when you think you’ve figured something out, you’ve got to start planning ahead for what’s the next thing that’s coming. You’ve got to try to stay ahead of the fraudsters. And then the impact of it was the other thing. I’m a big believer in having a big social impact or a big impact on fighting the bad guys, and it’s really important when you see the effect of your work. When you stop a bad guy, it’s not just saving a bank a lot of money. It’s also keeping consumers from being victimized. It’s keeping money out of the hands of attackers that are going to do bad things with that money, whether it’s funding terrorists, funding their drug trade. There’s lots of things that that money goes to.

Mike Delgado: Yeah, it’s interesting because when I look at how phishing’s kind of evolved from back in the day to where it is now. When I read the things to watch out for to protect myself from phishing personally, I still have fallen victim myself just recently. So I have a website, and I use a web host, and I got this email from what looked like my web hosts saying, “Hey, there was a malware attack on our servers. Make sure to log in immediately to do x, y, z.” And so I was freaked out, so that scare tactic, that kind of got me worried, and that email had a link to click on to go log in to my website.
And so what do I do? I click on the link and then I go onto this website that looked exactly like my web host, and I log in, and then I realized, “What did I just do?” I totally got scammed and then immediately was freaking out, so then I had to call up, and thankfully I got it all solved quickly, but it happened that easy for me.

Mike Gross: I think the funny thing about that is that people in this space and the fraud prevention space, you’re kind of expected to be invincible to those types of attacks, and we’re not. I mean, it happens every day. It’s becoming more challenging than ever to distinguish a legitimate email from the fraudster’s ones. Oftentimes, they’re using a compromised email to understand what types of things you’re looking for, to understand who you do business with. They know who your provider is. The best phishing email would be something like, “We’re doing 100% password resets for our database access.” That’s the most likely to get clicked is something like that because it goes up against something that we’re all trained. It’s urgent. It’s fear. It’s something that we all feel like we have to act upon quickly.

And unfortunately, it’s not even really curiosity. It’s just really, we feel like we need to act on this situation very quickly. Otherwise, there’s a penalty involved. So I think phishers know that, and they prey on that. It’s no longer these, back 15 years ago, the phishing was, the 419 scams, it was the lottery checks that you’d get in the mail and asked to deposit that money to your account and then send $1,000 overseas. A lot of people fell victim to that, but nothing compared to how personalized it is today. Phishing’s become a, almost like a digital marketer’s dream. That’s the type of role that a good phisher fills is they understand people, and they understand how to specifically target the things that they care about, and that’s why they’re so successful.

Mike Delgado: Yeah, they kind of work off that trust that you’d have in that organization or that person that you think that you’re communicating with to kind of slowly build that relationship and then all of a sudden, boom, they hit you with something that you’re not expecting because you’ve developed some sort of trust, and you have no idea what’s coming.

Mike Gross: I mean, that’s the whole nature behind one of the biggest phishing scams for businesses is business email compromise over the past several years. And basically what that is is I’m sending you an email purporting to be someone that you work with, a vendor, and saying that, “I changed my account that you’re going to send your funds to. Please send it to this account instead of the one you’d previously been sending to.” And if there’s some sort of urgency behind that, it’s more likely to get, to be taken advantage of and those funds to be paid out. Google recently was a victim of this, 20 some million dollars, Facebook, about a hundred million dollars in the last couple of years. And so, it’s not just the small companies that have to be aware of this. Everybody has to be cognizant of this.

Mike Delgado: Wow. What are the different types of phishing that are out there? Because I’ve seen the email, that’s a very common one, and that’s the one I’ve been hit by and not taken advantage of thankfully, but I was a victim. What are you seeing as far as trends for types of phishing that are out there?

Mike Gross: They’re definitely evolving. So phishing emails have evolved over time as you kind of can attest to, right? It wasn’t something that was unbelievable with spelling errors. It’s very personalized to you. So that’s where we’ve seen an evolution of… Even email based phishing is a lot of this automation. I can take a little bit of compromised data from all the different data breaches over the past 10 years or so.

If I know a little bit of information about you, I can use that to specifically target you, so I can target you with an email that sounds like something you care about, maybe even personalized to something that you actually are a part of or an organization you’re part of. Knowing that you worked at Experian makes it really easy for somebody to target you at your work address.

We’ve also seen kind of an evolution of the different types of phishing from mobile phones, so that’s called “smishing”. That’d be like an SMS based attack. So that’s where if you get a link to your phone or a text with a link in it and saying, “Hey, click this for the coolest video,” and it looks like it’s coming from your friend. Little did you know, it’s a fraudster that’s spoofing your friend’s phone number and sending you a link, and it even looks like it comes into your friend’s contact. So it’ll come into a message thread that you’ve had with them, and you’re just more likely to click those types of links.

And then “vishing” would be via voice, the same kind of thing where someone’s calling you pretending to be somebody they’re not and trying to get personal information from you.

Mike Delgado: That is so scary that you could have a message thread with your friend and all of a sudden, a message comes up, and you think it’s your friend, who you trust, have a relationship with, but they’re using this technology to mimic that this message is coming from that phone.

Mike Gross: We’ve really started to see this evolution of technology being more used in phishing attacks. A great example, a UK bank, I think it was about a year or so ago. They’ve got great authentication controls with their clients, with their customers, and consumers have come to expect that if I see something that’s an anomalous transaction, my bank’s going to call me and verify that it wasn’t really me. Well, we saw fraudsters actually take advantage of that.

They had compromised the usernames and passwords of thousands of their customers, and they were going in and logging in and setting up the transfer then calling to that legitimate customer and saying, “Hey, we had a fraud attack that we just realized within your account. Someone tried to send $5,000 overseas. That wasn’t you, right?” And the consumer, immediately concerned just like anybody would, and say, “No, absolutely. That wasn’t me.”
And the bank said, “Okay, well we just need you to confirm that. We need to make sure that you’re actually the person we expect to be talking to. You’re actually the account holder.

Give us this text code that we’re going to send you here in just a minute. We’ll send it through to your phone. Provide that to us on the phone while we’re with you, and we’ll take care of everything. We’ll cancel out the transaction, so it won’t go through.” Well, little did they know the attackers were just using that as a mechanism to submit the transfer on the back end, wait for that SMS code to come through to the legitimate consumer, and while they’re on the phone, they’re providing that SMS code back to the fraudster who then initiates the transfer, and now they pass a two factor verification.

Mike Delgado: Oh, my.

Mike Gross: You think that organizations are out to protect you, and they are. They’re doing great things within the space and upping their authentication game, but fraudsters, phishing is a form of social engineering. They use all of that technology, and things that you know as a consumer around how you can be protected, they use that against you.

Mike Delgado: I read this article. It was in CSO magazine about, that the average ransomware attack cost a company $5 million on average, which is just amazing. And that there was another article in Forbes that said that 90% of breaches or malware, the last year, started with a click. And I think about just the email that I get that I’m guessing, supposed to come from another person that I trust, maybe even has the business template. Everything looks right about it, and I’m being encouraged to click on something to go do something. What should organizations be doing? How can they protect their employees from these really smart phishing tactics?

Mike Gross: So I think it’s a combination of technology and training. So technology tools have to be in place to block those types of emails that are coming from suspicious sites or unsecure sites, and organizations by and large do a really good job of that. The challenges, those ones that do get through, a lot of organizations hire outside consultants to come in and talk about this exact thing with their employees. But the key here is not to get static, not to rely on training that was in place 15 years ago because when you talk about phishing that was happening then, it’s very different than today because it is so personalized today.

The best phishing attack is somebody calling up an administrative assistant for an executive and saying, “I need this payment sent to another account,” or “Hey, we’re a contractor working with you on this project,” because they have some knowledge of that project, and the CEO happens to be out of town. “We just need this money wired to this. It’s based on this contract, and the CEO is perfectly fine with it.”

If they can’t immediately get ahold of that CEO, and there’s some urgency behind it, they’re likely going to go ahead and submit that wire transfer. And that’s real dangerous because organizations, you can be trained all day long, but when it comes down to it, and you have to send money out the door and pay a bill or something, that’s something that people are just more likely to accept. Or calling up, if you’re in customer support, you get a call that says, “I’m an upset customer,” and they try to do some authentication, and they don’t pass the first time, organizations are trying to be as friendly as they can to consumers.

They want to be able to help you, but if you can’t pass that authentication, it’s sometimes a very black and white scenario of them being blocked or having access. So organizations will try to make it easier on them. They’ll try to give them a little bit of information to try to help pass that authentication that maybe they’re not failing, and unfortunately, that sometimes gives the fraudsters more information to commit these types of attacks.

Mike Delgado: Are you seeing any trends with these fraudsters using AI at all with chat or SMS to help to find targets?

Mike Gross: Yeah. A big part of phishing is what we call “spear phishing”, which is targeting a specific individual. Another term is “whaling”, which is basically targeting a specific high profile individual. As we know with some of the election stuff that happened in 2016, if you can get access to high profile individuals, that can be extremely impactful on a lot of things. So absolutely, fraudsters, is no longer just sending out that blanket generic email with the same misspellings and things to millions of people. It’s very targeted, and they can do that using machine learning, using AI, and complimenting that with the all the breach data.

So if I get ahold of millions of breached records with all of your identity information, I can easily set up a mail merge basically for that phishing email and then it’ll target things that you care about. So it’s based on things in your location. They can be based on your political preferences. It can be based on where you work. All those things, if a fraudster has that wealth of knowledge about you as an individual, becomes much easier to target you, and it’s not somebody kicking out an email to use specifically. It’s putting it into a big mail merge, essentially, using machine learning to put the right fields in the right information and to target you very directly.

Mike Delgado: As you’ve been watching this space for awhile, I’m kind of curious about the data that’s being collected and what that data is kind of worth because I think in some instances, there’s maybe data that’s not worth a lot, maybe an email, but I’m kind of curious about these different tactics, and the datas being gathered and the worth of that data.

Mike Gross: I mean, just like phishing has evolved pretty dramatically over the last, even the last couple of years, payment card data was some of the most compromised data up until about five years or so ago, and it really dramatically shifted to identity data. So knowing your name, your address, your phone, your email, your social security number, your date of birth, all of that personal information became much more valuable. You see accounts like your Netflix profile, your LinkedIn profile becoming a lot more valued than typical even social media data because it’s a wealth of information about how you shop.

Things like Amazon, if I had access to your Amazon account, I know the types of things you like to buy, when you typically buy them. And as we see more and more consumers adopting those types of shopping sites, you have a really a big audience as a digital market or a fraud. I know on the, during the holiday season, that majority of Americans are going to buy something from Amazon, so that’s a great attack vector if I’m a fraudster, to use that and say, “Oh your Amazon account’s been compromised. Click here to reset your password or to check your order details.”

But so we’ve seen that type of kind of increase in cost for credentials for those types of sites, and the personal information has become a lot more valuable because now if I can piece together information about you, I don’t need to use an existing account that you already have. I can go set up new accounts in your name instead.

Mike Delgado: Do you notice any sort of seasonality, and when phishing tends to spike up.

Mike Gross: The holidays are definitely one side because so many people are accessing their shopping sites, so whether it’s the Amazons or the big retailers, a lot of shopping is being done online now. About 50% of of all online orders are coming via mobile phones now too. So individuals, consumers are using those types of channels to connect to the businesses that they want to shop at.

Another great time is tax season. So we just got past tax season here in the US. That was a big time for fraudsters, for phishers to come out, trying to talk about, “Submit your tax forms here,” using one of the major vendors. There’s a lot of scare tactics as well. So while it’s good that you’ve got this knowledge of the types of fraud attacks that are going on right now, phishers can use that against you as well. “How do you protect yourself? Well, click on this link to learn more. Click on this link to download software to protect yourself.” So tax season is another good time, but really it’s become any news cycle.

Fraudsters pay attention to the news, so whether it’s the cathedral fire last week, that would be a great opportunity for a phisher to try to get funds from people that are trying to donate to the cause. Natural disasters are another kind of terrible situation obviously, but that’s what phishers used to prey on people that are trying to help those in need. And unfortunately, that’s where we see a lot of phishing activity really spike.

Mike Delgado: Wow. Yeah. That is just so sad that they take these tragedies and try to profit off of them because people are trying to find a way to give and then they exploit this tragedy. What about some examples of how organizations and employees can fall victim to phishing?

Mike Gross: I mean, the biggest thing is just being vigilant at all times. Email is one way, but again, fraud technology and email filters do a pretty good job of flushing that out. Where we’ve seen kind of another growth is, most people have mobile phones in the office as well, so you might see a phone being targeted with a smishing link or something while you’re on the corporate network.

Those types of things, if your phone is increasingly attached to a corporate network, that could be all the fraudsters need is some sort of mechanism into your network, into your work environment. So people need to be cognizant of that. They need to be vigilant. Don’t click on links at any time that you don’t know who they’re truly from. But definitely don’t do it while you’re connected to a work Wi-Fi or some sort of work network.

We’ve also seen things that look like… Basically, you’re taking a URL. The first part of the URL looks legitimate and because the limited amount of space that you have at the top of a URL bar in a mobile phone, it’ll look perfectly legitimate, but the end of it is fraudulent as well. So they’ll compact that first part of the URL with something that is legitimate and then send you to a phishing site or to an attack site from that type of a URL if you’re linked there.

Mike Delgado: Yeah, I remember reading this story about a phishing attack where they pretty much created a URL that looked legitimate. I think they targeted bankofthewest.com, and instead of the W, they use two V’s next to each other, which looks just like a W on a browser. And so when they share those links on email, people saw, “Oh, bankofthewest.com, looks legitimate.” You go over, and yup, that’s the URL, but it was just the two V’s.

Mike Gross: That’s right. Yeah. L’s and capital I’s, the same kind of thing. So they’re definitely creative, and you have to be really careful. I think as employees, we rely very heavily on technology, and sometimes we think that we’re protected no matter what. But vigilance does have a lot of value, and your corporate security folks, well, thank you for being extra vigilant in those types of things because when they do bring in outside consultants, you’ll find that in more times than not, there’s a really high click rate on phishing emails, and that’s something that takes some time, takes a lot of of training to help mitigate that.

Mike Delgado: You know what’s scary too is we’re seeing more stories about how with AI, they can take video footage of somebody and basically make that person say whatever it is you want them to say, calls to action, things like that. And it’s kind of getting scary because in the future with a FaceTime with somebody you think you know, it could potentially be a fraudster.

Mike Gross: It’s a great example of organizations have increased their use of of things like biometric technologies for authentication, especially for those CFO, CEO type commercial accounts. So you imagine that you are using some sort of authentication capability that says, “I know that I’m dealing with this person if I can see them or if I can hear their voice.” And unfortunately, these tools, they’re called “deepfakes”, there’s been a lot of research around how AI has enabled those. And basically, if you have any kind of truth set or any kind of set of that person talking for an extended period of time, you have any video of them from activities like this online… Mike, we could probably take all of your previous Experian live events here and create a nice deepfake for you because there’s enough video and audio footage of you to recreate your voice and recreate, to make your mouth move basically to anything I want it to say.

So there’s some great research out there on deepfakes. The universities have done a great job bringing this to light and bring more attention to it. But you can imagine, in a world of news hot topics, if some foreign leader in another country, he says something that is kind of it sparks some sort of outrage. It can spark civil unrest in that country or even global conflict, so the verifying the authenticity of videos and these deepfakes is going to be increasingly important as technology continues to enable things like that.

Mike Delgado: It’s interesting because you’re going to have AI helping people do deepfakes and then another AI to help combat and discover what it is, right?

Mike Gross: That’s right. Yeah. And the government’s gotten pretty good with things like authenticity of foreign leaders. They’ve got teams of people tackling this type of problem to verify authenticity very quickly. But as we know in kind of this news age where everything’s spreads so quickly, that could have a huge impact financially on the markets and globally on stability. Someone may not wait the even few minutes it takes for somebody to issue a retraction and say, “That wasn’t really this person speaking,” but you can imagine how devastating that could be to financial markets that drop within seconds of… There was a news headline of something that didn’t really happen at the White House, and that immediately caused a a big drop in the stock market. It recovered right afterward, but it does have a huge impact and could potentially have a major impact.

Mike Delgado: Mike, you mentioned some of the technology that businesses can use to help reduce phishing and scammers taking advantage of employees. Can you talk just briefly about what sort of technologies, especially for the business owner that’s not aware, that there’s technology available to help them?

Mike Gross: Yeah, I think the biggest one is using some filtering on email, so our security group here at Experian is constantly working on making sure we’re keeping phishing emails out of our inboxes, so that’s number one. If you don’t ever see the email, you can click on a fraudulent link, so they do a great job. It’s technology looking at, email filtering basically, would be the technology or looking for attachments that don’t belong. So while somebody may recreate an email that looks like it’s coming from your colleague, if it’s actually not sourced from that location, if it has an attachment that’s not allowed, whether it’s an executable or some sort of PDF with malwhere in it, those types of things are typically caught by email filtering.

I mean, there’s still the employee side of things that you do have to be vigilant on the things that do get through. So there’s really not technology for somebody to not click a link. You can use a web blocking software for certain Internet sites not being allowed. And again, that’s another area that most corporations do a pretty good job of filtering what content individuals, employees can have access to. So if you try clicking on a phishing link in some cases, you might even get blocked. But again, you’re leaving that up to chance.

Phishers are always coming up with new, unique ways, new creative sites, so the best thing is to make sure that employees understand the risks of this and doing regular training. So send out an email that looks legitimate but is a phishing email and see what percentage of your employees click on it and have that reported back through those consultants or back through the organization. And that gives you a good understanding of where to target your training a little bit more effectively over the course of the year. But it has to be ongoing. It can’t just be a point in time, training that people go through once when they start at a new company. It has to really be ongoing.

Mike Delgado: And you definitely have to have a security team. If I see something that looks like fraudulent potentially, I can just report it immediately to our team to have a review, so I like that. Something interesting you mentioned, malware in a PDF. That is fascinating. I had no idea. I think about executable files. I’m not going to open those, but I’m curious. What other type of files could people attach where there could be malware?

Mike Gross: Pretty much any kind of attachment could have malware associated with it. Images technically can have malware associated with them or embedded in them. You have Word documents with macros, Excel documents with macros and things. That’s one of the best ways that organizations can give up control of their system is via malware from one of those types of either a link that somebody goes to a site where it starts downloading malware automatically, key loggers automatically, or it’s some sort of embedded macro within an Excel spreadsheet or a Word document because those are documents we use every day. Again, it’s evolved from, it’s not just an executable file or a zip file that you’re supposed to stay away from. It really can be anything.

Mike Delgado: Wow, that is fascinating. So you’ve given so many different examples of how phishing is happening today and just how it’s evolved and how people are, they’re using really, really smart tactics to trick people through trust, through channels that you wouldn’t expect like messaging SMS. So to the business leaders that are listening in, what would you say would be some advice on how they can protect themselves and what Experian can do to help them?

Mike Gross: So business email compromise is probably the one big thing that everybody needs to understand in depth. If you’re a senior leader for a business, you need to understand what types of channels they might use to try that type of attack. You need to have a very good working relationship with all of your vendors to make sure that if there’s ever any concerns with the account, any changes with the account, they’re going to reach out to you directly. Put dual controls in place. So an administrative assistant or a CFO, no one person can make a big decision and send money overseas as an example without two people signing off on it first.

So those types of controls are really important. But I think it’s also important organizations while we talk about the viral video for millennials, talking about financial accounts being targeted for the elderly population, it has become so personalized, and we should expect this to continue. That fraudsters are going to understand more and more about the people that they are targeting. So if you have individuals in your organization across all spectrums, whether it’s with families or not with families, single, married, it doesn’t matter anymore. And if fraudsters have that information, they’re going to target them very directly to try to get access to the organization.

Some of the biggest breaches have come through either vendor systems, where they had a small amount of access to get into the system and then the fraudsters have kind of exploded that access within the organization. And then it led them to compromising data downstream. So you can’t just have this idea that, “I’m only going to protect my employees. I’m only going to protect the walls of my business here physically.” And from an InfoSec perspective, you have to be thinking of every possible access method, whether it’s contractors coming into your site, whether it’s people having access to your business outside of that site. All of those can be used as avenues for attack.

Mike Delgado: Can you speak a little bit about Experian and the products and solutions available?

Mike Gross: Sure. I mean, from an ID and fraud perspective, most of our solutions are targeted toward institutions, organizations to protect themselves, so we’re putting out solutions that would help you identify your customers more effectively. How do you help recognize those customers using things like device intelligence? How do you involve biometrics or behavioral biometrics with your authentication strategies? So how do we help you better enable your customers while protecting your business and protecting your customers from fraud? So there’s a big benefit to consumers in that we’re always out looking after you.

We’re trying to help enable commerce, enable you to access that account as quickly and easily as possible. 99% of the people that try to access accounts are the legitimate account holder. It’s that 1% though that causes a lot of the friction for good consumers most of the time. So we’re trying to make it easier for those consumers to quickly pass through all the controls if they can indeed be authenticated.

But when there’s risk, we want to have the appropriate level of step up. So if it’s the first time some new device is seen accessing an account, that’s one level of risk, and you can easily mitigate that, but then now you’re starting to see account changes. The email address on file is being changed, or an address is being changed, or I’m sending money to somebody I’ve never sent before. Those types of things need an equivalent level of step up, and we really need this type of kind of identity based continuous authentication in place for organizations. So we’re helping our clients work through those types of challenges, helping them recognize their customers better and helping prevent fraud.

Mike Delgado: That is awesome. So funny, Mike. The last year, I moved, and so I had to go in and change my address, and it was actually kind of painful for me to change my address on credit cards and some different institutions that I work with because they wanted to verify that it truly was me changing my address. So even though it was very painful to do it, to verify it, it’s essential. We’re in a day and age where we have to take extra steps to make sure that institutions and organizations to know who we really are.

Mike Gross: And we didn’t talk about that angle of the work we do very much here, but digitally and in an offline world also being able to recognize consumers and authenticate them is a big part of our focus and our business. Right now, I think everybody can agree that there’s no good way out there, no perfect solution out there, to recognize me every time, to manage those types of changes in a seamless way.

It’s extremely frustrating, and it’s frustrating when you get challenged when you’re the legitimate customer, so we’re trying to help organizations do a better job of recognizing those customers and making sure that we’re helping them find the fraudsters on the backend, but we’re making that recognition, that authentication, as seamless as possible, and it’s the right level of scrutiny for the right type of question you’re trying to answer.

Mike Delgado: That’s great. Mike, thank you so much for being our guest today. For those listening in, this is Mike Gross. He’s head of Global Identity and Fraud Product Innovation here at Experian. If you’d like to learn more about the different solutions and products available to help your business fight phishing, you can go to the short URL is: ex.pn/phishing.

Mike, thank you so much for sharing. You shared so much really valuable information, interesting examples of phishing happening today, the trends, what’s coming up in the future, how AI is being used. It’s kind of scary, but it’s exciting to hear also about how you and your team is always looking, “What’s next? How do we protect businesses? How do we help consumers?” So thank you for all your work and all the research you’ve been doing to help protect people.

Mike Gross: Thank you so much, Mike. It was a pleasure.

Learn more by checking out his team’s latest Global Identity and Fraud Report.

About Mike Gross

Mike Gross has worked in fraud prevention for over 15 years and currently leads the Experian Global Identity & Fraud Product Innovation team. His responsibilities include prioritizing analysis of emerging threats, prototyping new technologies, advancing machine learning, and helping recognize every consumer on the planet. He previously led Experian’s Global Risk Analytics team and also spent several years at Early Warning Services, preventing identity and payments fraud for the consortium of top US banks.