Expel transforms phishing capabilities for Regional Bank

Popular bank gets faster time to remediation, better insights, and increased protection from social engineering attacks with Expel Phishing

The company

This regional bank is the financial institution that residents across one of the southern states in the U.S. have turned to for more than half a century. With billions of dollars in assets, it’s one of the largest financial institutions in the region and has received multiple industry awards. It offers a diversified portfolio of products and services at dozens of banking centers in the region.

The situation

As a regional institution with many local commercial and individual customers, this bank must maintain a robust security strategy to keep customer data secure, as well as protect their financial assets. “As a financial institution, we have a comprehensive security infrastructure that includes everything from security operations, to compliance, to engineering, and even physical security,” explains the bank’s vice president of security operations. “The unfortunate reality is that like many banks, we’re no stranger to threats. The good news is that our leadership has always been supportive of our efforts to make the organization more secure. The result is that we’ve invested significantly in our security capabilities, especially as the threat landscape has grown and transformed in recent years.”

Like many organizations, the bank operates with a lean but highly capable team that works to maximize the use of all the security resources available to them. It’s critical that the tech the team leans on allows them to make quick decisions and take immediate action to mitigate potential issues.

One of the most common ways criminals try to gain entry to the bank’s systems is through phishing, which employs all manner of social engineering techniques in an attempt to fool bank employees. “Phishing is such a popular attack technique—not only for financial institutions but for all sorts of businesses—because frankly, it works,” laments the VP. “When done right, it exploits the natural instinct of people to trust the requests they’re receiving, which often look like they’re coming from their boss or senior leadership.”

The VP continues, “And these requests become more believable every day, especially as artificial intelligence (AI) makes it easier for attackers to be convincing over email. Making phishing even more of a challenge to contain is that many tools can help identify attempts, but don’t have a system in place to address it throughout the organization. That was the situation we found ourselves in.”

With its previous phishing support provider, the bank’s security team had to undertake a long manual process to contain phishing attempts, which sometimes targeted dozens of employees across the company. Identifying the attempt was just the first step, followed by a tedious and time-consuming process to isolate phishing messages in employees’ inboxes—creating a lag that only increased the chances that someone would fall victim.

The VP goes on to explain, “Our previous service wasn’t making things easier for us. If someone marked an email as a potential phishing attempt, it would go into the queue, then over to our email security provider for review, before eventually landing back in Microsoft Outlook. We would then use Powershell on the Exchange server to search for the email recipient, determine if it was phishing, and if it was, we’d have to see who else could have received it and what they did with it. Then we could remove it. Essentially we were reviewing every single email; there was no automation. We were sick and tired of the process and wanted to find a more effective and efficient way of dealing with phishing.”

Evaluating options

The bank’s VP of SecOps had discovered Expel at SchmooCon, a popular hacker convention, several years earlier. Once the search for a new provider started in earnest, he got in touch with the company to better understand Expel® Phishing.

“Expel was easy to work with from the beginning,” he recalls. “The team was very forthcoming and open about the technology. They agreed to a proof-of-concept, and everything that followed was simple and seamless. They worked with us to connect all our systems where they needed visibility, and even Slack for easy communication and collaboration. We were impressed—and encouraged—from the start.”

Simple onboarding is a great first step, but the real value is in how Expel handles phishing attempts and remediates attacks. The process is simple and effective: once employees report suspicious emails, Expel correlates and prioritizes those messages based on perceived risk and determines if the emails are malicious or simply unwanted spam. From there, Expel analyzes URLs, domains, and attachments and investigates who else in the organization is compromised. It then provides detailed guidance on remediation to remove malicious emails from affected inboxes.

“After we saw how easy it was to set up Expel Phishing—and then how the team investigated and remediated phishing attempts—it was an easy choice to bring Expel on,” says the VP. “Expel gave us a lot of confidence around a part of our security operations that was previously a weak spot.”

How Expel helps

The most notable difference for the bank’s security team was Expel’s process for handling phishing attempts. “It’s no exaggeration to say that our security team hated the old process. It was tedious, and worse, ineffective,” the VP says. “Expel takes over the heavy lifting with experts that use their automation tech to handle attempts. Now we get detailed directions on what’s happening and what to do so we can close the books on the incident fast, reducing the chances that a phishing attempt spreads.”

He adds, “Expel then takes the natural next step and dives deeper to ensure our environment isn’t compromised as a result.”

Expel doesn’t just investigate and help wrap up incidents quickly, it also provides the VP and security team with metrics into how the system is performing. “We pay a lot of attention to the dashboard in Expel Workbench; it’s clear and easy to understand, and we even report that data to our CISO (chief information security officer) and board,” he explains. “In an industry where phishing is a big threat, knowing that we have Expel looking at our posture, making recommendations on how to strengthen it, and providing metrics around our phishing readiness helps us all sleep better at night.”


The most important benefit for the VP is the time saved in investigating and remediating phishing attacks. “I’d say we were spending 10 or more hours per week manually investigating phish reports,” he recalls. “Now, we spend practically no time investigating—since the Expel team handles that heavy lifting, and we simply take action on the back of Expel’s recommendations. The whole process is a lot faster.”

That reduced time to remediate has a ripple effect on the bank’s security team, too. Since Expel does all the investigating behind the scenes, the team doesn’t need to drop what it’s doing, mobilize, and shift priorities around phishing attempts.

“An attempted phish used to put us back on our heels and into ‘crisis’ mode while we figured out what was going on,” the VP recalls. “Expel eliminates that crunch. We know Expel has a handle on the work, and the recommendations they deliver are simple. There’s no ambiguity—we take the remediation steps and are back in business.”

Expel even contributes to the institution’s efforts to educate employees about phishing—both on and beyond the security team. “We had an employee who was a little too liberal with reporting potential phishing attempts, and Expel flagged it for us so we could help educate her on what to look for before reporting,” he notes. “The team at Expel has also been great about sharing the processes and evaluation criteria it uses with our security analysts to help them better understand how Expel Phishing works. It’s been great for us.”

The VP says that there’s another metric he tracks that tells him Expel Phishing is working as intended: user feedback has been overwhelmingly positive. “It boils down to the fact that our employees know that when they submit an email for investigation, it’s done quickly, they’re updated and aren’t left to wonder if something is safe or malicious,” he says. “We get peace of mind, our employees get it, too, and everyone wins.”

When asked if he has any advice for companies consider Expel Phishing, he replies with his own question. “What’s the hesitation? There’s no reason not to go with Expel. The product speaks for itself. It’s an easy decision. If you love getting accurate intel, actionable recommendations, and metrics that tell a great story, you can’t go wrong with Expel. Your CISO will thank you later.”

Benefits of partnering with Expel

  • Reduced remediation time by more than 90%, eliminating the tedious manual process of investigating phishing attempts
  • Delivers easy to follow recommendations to handle phishing emails throughout the org
  • Team members get critical education about phishing practices and how to identify attempts