What is Vendor Email Compromise?
VEC scams are technically a form of BEC, yet they are distinctive in their required level of sophistication, sourced intelligence, and savvy customization—as well as in their superior payout potential. BEC fraud relies on economies of scale to convert leads into financial rewards. In a typical BEC scheme, fraudsters gather information on possible targets by researching job roles and contact email addresses, as well as the name of the CEO or other high-profile executives. The fraudster then uses that intelligence to spoof the email address of a trusted executive, sending emails to lower-level employees requesting wire transfers or gift cards. A certain number of recipients will be hoodwinked into making a payment.
But as the percentage of people who can be tricked into completing requests drops off, the less successful the campaign becomes. By contrast, VEC is something far more insidious. The front-end of these attacks can be as broad as BEC campaigns, but once an email account is compromised within a target organization, threat actors must exercise extreme patience. Lurking in the background, they find opportunities to compromise additional email accounts, typically targeting those in the finance department. These are the most important accounts, as they have the appropriate authority to issue invoices to the organization’s customers or authorize payments on invoices coming from suppliers.
Anatomy of an Attack
Vendor Email Compromise spreads from one business to others like a contagion across the extended enterprise. Well-funded, organized cyber crime rings use hijacked business email accounts and social engineering tactics to gather insider information that is then used to create meticulously crafted and timed attacks. In this way supply chain partners inherit risk from each other as employees are tricked into performing seemingly innocuous, but harmful actions.
The Fortra Advantage
Detect Fake Email From Legitimate Accounts
VEC attacks originate from legitimate email accounts that have been hijacked. Messages pass domain authentication and sail right through whitelists and other security controls.
On visual inspection, even highly trained security experts can’t spot them, and they contain highly-convincing business and personal details.
Agari detects these rapidly evolving VEC attacks and can prevent them from reaching employee inboxes through policy-based, automated forensic analysis that understands the identity behind the message.
The Emergence of VEC
Agari researchers uncovered a West African cybercriminal organization that uses VEC to surveil the communications of hundreds of companies and steal millions from their global supply chains.
This guide offers a first-hand, in-depth look into how the VEC attack chain unfolds.
Email Account Takeover Protection
The first step in preventing a VEC attack is detecting compromised business email accounts.
Agari inspects incoming messages, but also messages flowing from employee-to-employee across the organization for indicators of compromise.
This unique approach can detect fraudulent messages originating from legitimate email accounts.
See Cloud Email Protection In Action
Try this product tour to see why companies use Cloud Email Protection to protect their inboxes.