Fintech company selects Expel to manage anti-phishing efforts

Expel Phishing helps GreenSky reduce time spent on phishing investigations by 75 percent

The company

Since its inception, over 3.4 million consumers have financed over $25 billion of commerce using GreenSky’s paperless, real time “apply and buy” technology.

Founded in 2006, GreenSky, Inc. is a leading technology company “Powering Commerce at the Point-of-Sale” for a growing ecosystem of merchants, consumers and banks. They enable nearly 18,000 merchants to offer frictionless promotional payment options to consumers, driving increased sales volume and accelerated cash flow. Banks use GreenSky’s technology to provide loans to super-prime and prime credit consumers nationwide.

By working with Expel, we’re getting a more accurate picture of what’s happening in our environment. ”

⎯Lori Temples | Vice President of IT Security and Business Continuity

The situation

Ever since Lori Temples, Vice President of IT Security and Business Continuity, joined GreenSky in 2017, phishing was one of the organization’s most pressing security concerns. To help combat this, Temples and her team built an extensive phishing education and awareness program aimed at teaching employees how to spot a phishing attempt and when to report a suspicious email.

In addition to educating employees about phishing, Temples and team also prioritized the prevention of suspected phishing attempts. “All it takes is one person clicking on the wrong link to bring down the network if other security tools do not detect the malicious act,” said Temples.

Temples and her team hired Expel to do 24×7 security monitoring in 2018, which helped reduce the time her analysts were spending on the day-to-day monitoring and alert triage. This allowed Temples’ team to focus on other things, such as reviewing the growing number of employee-reported phishing messages generated by the success of their phishing awareness program.

Temples and her team invested in a tool to help automate some of the analysis of potential phishing emails — but it was “all automation with no human touch and direct response to our associates.” This required the GreenSky team to play a very active role in the day-to-day anti-phishing efforts.

“Automation is helpful, but at some point you need to have trained human eyes on these emails,” Temples said.

Despite their investment in that tool, several people on Temples’ team were still dedicating a meaningful portion of their workday to phishing; they had less time to focus on more strategic projects.

Evaluating options

When Temples and her team started looking for solutions to help take over their phishing investigations, she reached out to Expel since GreenSky was already working with Expel to monitor its cloud and on-premise infrastructure. Using Expel Phishing was a natural next step.

“We’d already had a great experience with Expel’s 24×7 managed detection and response (MDR) service,” said Temples. “The speed of our onboarding with them was unbelievable, and the entire process was easy. My team absolutely likes the shared Slack channel, too — it feels like Expel is an extension of our team versus two different companies.”

I feel confident knowing that Expel is reviewing all of our phishing emails. They feel like a true extension of our team. ”

⎯Lori Temples | Vice President of IT Security and Business Continuity

How Expel helped

By using Expel Phishing, Temples and her team not only gained more insight on phishing attempts, they also drastically reduced the amount of time they spend reviewing potentially harmful emails.

Temples and her team love the fact that Expel Phishing is integrated with their endpoint detection and response (EDR) tools, so Expel’s analysts can dig deeper into potential phishing attempts.

“When a potentially malicious email pops up, the Expel team first determines whether or not it’s truly malicious. If it is, they investigate further using our EDR tool to tell us who else received that email and whether anyone was compromised as a result,” said Temples.

“By working with Expel, we’re getting a more accurate picture of what’s happening in our environment.”

While Temples’ team still reviews some phishing emails that Expel flags, they’ve reduced the time they spend doing those reviews by 75 percent — from four hours a day to about one hour.

Part of Temples’ determination for hiring expel was this: “We wanted eyeballs on all reported emails — even if they weren’t actual phishing attempts — and this required an immense amount of our time.”

“When we discovered a legitimate phishing attempt, it required even more time for blocking and tackling,” she continued. “Now that we’re working with Expel to review and investigate these emails, Expel is on the front lines and handles all of that for us. Once they conduct their analysis, the team gives us clear instructions on what to do next, like blocking a specific URL.”

As a result, GreenSky’s team can focus on more strategic projects, like data loss prevention efforts.


Temples and her team quickly realized several benefits by using Expel Phishing including more time to focus on more strategic projects, faster investigations of suspected phishing emails and access to more detailed data about anti-phishing efforts to share with stakeholders around the company.

Looking ahead

Going forward, Temples is looking to use the time Expel has freed up to focus on additional strategic projects. Plus, she hopes that as Expel identifies new trends and tactics in the phishing emails targeting GreenSky, she and her team can use this insight to further focus the phishing awareness program.

“The entire team at Expel is so responsive, and their knowledge of phishing emails is second to none. I feel confident knowing that Expel is reviewing all of our phishing emails. They feel like a true extension of our team.”

Bots mascots