Is Your Business at Risk of a Vendor Email Compromise (VEC)?
Created at June 24, 2021
It never fails: just when you feel like you have a grasp on current cybercrime trends, hackers are already coming up with something new that you have to worry about protecting yourself from and educating your employees about. This week, we’re talking about vendor email compromise (VEC).
What is a vendor email compromise?
VEC is a type of business email compromise (BEC) that goes after a company’s critical supply line information instead of targeting the employees themselves, as we see with things like CEO fraud.
First, VEC hackers will monitor a business’s transaction habits and use that data to pinpoint one specific vendor of theirs that would be most lucrative to scam.
Second, they draft phony emails addressed to these vendors that look almost identical to the real thing.
Then, they will use hacked email accounts to send requests for payment to their customers.
Since these invoices are modeled after ones that go out to these customers all the time, vendors will often proceed to pay them, not realizing that they direct to the hacker’s bank accounts and not the legitimate source.
What is the result of a successful vendor email compromise?
According to the same linked article from KnowBe4, the chances of getting hit during any given week have increased by over 80% between Q3 of 2020 and January of this year. That’s a giant leap in a small amount of time, meaning that your entire team should always be as vigilant as possible.
Unfortunately, cybercriminals will never stop working on new ways to make something appear to be what it is not. It doesn’t help when they are particularly good at their job, making it harder and harder to combat them day-to-day. Especially when their attacks start to look like an email you might receive on a normal workday!
So, if your business works with vendors that sound like they could be vulnerable to the attack that we’ve described, then you should pursue cybersecurity awareness training for all of your employees that work directly with financial transactions. It will help them understand the scams they’re up against and how to avoid falling into the traps set in front of them.
Cybersecurity Alert: Beware of Video Verification Deepfakes
Try, for a moment, to remember a time before deepfakes—when technology had not yet allowed us some of the everyday conveniences that we enjoy today: when you could not order things and receive them the same day; when you could not have a...