First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
AdobeStock_1437095930_640x375.png
WE HAVE IDEAS.

Get monthly ideas delivered right to your inbox.

Subscribe for Ideas

For Your Business June 20, 2025

Phishing Threats: What Every Business Owner Should Know

By: Ralph Mullenax, Senior Vice President of Treasury Management Business Admin and Marla Freeman, Senior Vice President of Treasury Management Client Services

Imagine receiving a phone call from your bank. The person on the other end tells you they have identified fraudulent activity on your account, and they are calling to confirm so it can be cancelled. Concerned, you’re thankful they called so it can be resolved proactively!

Before they can continue, they need to verify your identity. They tell you they’ve sent a code to the number on file and ask for you to read it back to them. You cheerfully comply when the text message arrives. Now that you’re verified, they give you certain transaction information asking if it was you who initiated the transaction. You tell them you did not. They assure you they will cancel the transaction and you’ll be receiving another code via text message. You read that code back to them as well, it was needed to authorize the cancellation. They confirm the transaction was cancelled. You thank them and end the call. Phew! What a relief!

The next day, you log into your bank account and notice $550,000 has been wired out to an unknown beneficiary. Unfortunately, you’ve fallen into a phishing scam.

In today’s digital landscape, phishing has become one of the most prevalent and costly cyberthreats facing any business. Phishing occurs when fraudsters pose as legitimate contacts—often through emails, texts, or phone calls—to deceive recipients into sharing sensitive information or transferring funds. The consequences can be devastating: financial loss, compromised data, damaged reputations, and disrupted operations.

Phishing attacks are not just random; they’re increasingly sophisticated and often target specific businesses or industries. Cybercriminals may impersonate a trusted vendor, financial institution, or even a company executive, tricking employees into clicking malicious links or wiring funds to fraudulent accounts. In many cases, phishing emails bypass basic spam filters and look convincingly real. The damage from a successful attack can include loss of funds, exposure of proprietary information, regulatory penalties, and erosion of customer trust.

Small to mid-sized commercial businesses are especially vulnerable because they often lack the robust cybersecurity infrastructure of larger enterprises. According to the FBI’s Internet Crime Complaint Center, phishing remains the top reported cybercrime, with business email compromise (BEC) schemes causing billions in losses annually.

Five Ways to Defend Against Phishing

Employee Education and Training

One of the most effective defenses is education. Train employees to recognize the signs of phishing, such as urgent language, unexpected requests for financial transactions, and misspelled email domains. Regular phishing simulations can reinforce best practices.

Implement Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring users to verify their identity through multiple methods. Even if a password is compromised, unauthorized access is still prevented.

Verify Payment Requests

Establish internal protocols for verifying any financial requests, especially those involving wire transfers or changes in vendor payment information. A quick phone call to confirm can prevent a major loss.

Keep Software and Systems Updated

Ensure that all systems, browsers, and security software are up to date. Many phishing schemes exploit known vulnerabilities that have already been patched by software providers.

Use Advanced Email Security Tools

Invest in email security solutions that filter and flag suspicious content. Look for tools that use machine learning to adapt to emerging phishing tactics.

How Old National Bank Treasury Management Can Help

In addition to internal safeguards, you can rely on specialized tools to protect your assets. ONB Treasury Management services are designed to help monitor, manage, and mitigate financial risk.

Positive Pay helps prevent check fraud by matching checks presented for payment against a list provided by your business.

ACH Positive Pay and ACH Block allows you to control which entities can debit your accounts via ACH or block them altogether.

Real-Time Alerts can notify you of activity via email or SMS text to help detect unusual activity quickly.

Now is the best time to discuss how your business is protected with your Old National Treasury Management Consultant. They can help guide you on what is best for your business, don't hesitate to reach out to your Relationship Manage to begin the conversation!

Subscribe for Insights

Subscribe