Phishing

Definition: A form of cyber fraud where attackers impersonate legitimate businesses or individuals to trick recipients into revealing sensitive information—such as banking credentials, account logins, or payment details—often through emails, texts, or fake websites.

Examples: A business received a phishing email pretending to be from its bank, asking the accounting department to “verify account credentials” through a fraudulent link.

A company’s accounts payable team nearly fell victim to a phishing attempt when they received an email claiming to be from a long-standing vendor requesting an urgent change to their bank information. The message looked authentic, but a routine verification call prevented a fraudulent transfer.

During a collections process, a debtor claimed to have “already paid,” but the payment was actually routed through a phishing email that mimicked the creditor’s invoice system. The fraud disrupted the reconciliation process and caused delays in resolving the outstanding balance.

Phishing poses a major risk in credit and collections because it can compromise bank accounts, reroute payments, or expose sensitive financial data. Businesses with inadequate verification procedures are especially vulnerable to fraudulent payment redirects.

When phishing succeeds, it can create confusion, disputes, and significant financial losses for both lenders and clients. Strengthening authentication procedures—such as requiring verbal confirmation for payment changes—helps protect commercial transactions and ensures funds reach the intended party.