Vendor Email Compromise - How Does It Work?
VEC usually starts with a malicious threat actor that gains access to a vendors email account.
This is usually done through phishing attacks where an attacker sends an email to that vendor which has malicious attachments or links in it.
If the vendor ends up clicking on those links or opening the attachment, they would download malicious software which gives the attacker access to their account unknowingly.
Attackers can then proceed to use the compromised accounts, or through impersonation, to send emails which appear to come from the vendor. These emails are designed to trick customers into thinking they are legitimate.
These emails would have instructions to transfer money, provide sensitive information, or to click a malicious link.
After the customer has followed the action requested the attacker has the ability to use the stolen data or money for their own gain.
Malicious threat actors can use the stolen data to launch other types of attacks which include financial fraud, or Identity theft.
This type of attack is extremely dangerous as they are hard to detect since the email would actually originate from outside the targeted organization, and third parties are required to verify such emails.
Most often victims do not realize until it is too late.
Vendor Email Compromise Examples
There are many forms such attacks can take. Some examples include:
- Invoice Fraud – This is where a malicious threat actor sends a specially crafted invoice to the customer, requesting a payment to a different bank account.
- Payment Diversion – An attacker sends an email to a client. They instruct them to change the payment details for the next invoice.
- Phishing – Attackers send emails to customers requesting sensitive information such as credit card details or login credentials posing as a trusted vendor or partner.
- Fake Orders – Attackers send emails to clients requesting the purchasing of goods or services. These fake orders are usually modelled on legitimate orders previously made through this trusted partner.
Protecting Against VEC (Vendor Email Compromise)
Even though cybersecurity best practices such as the implementation of muti factor authentication as well as monitoring for suspicious email account activity as well as including login IP addresses are strong methods of email compromise prevention, they do not protect against VEC.
The reason that this is tricky to monitor is due to the compromise of a vendor originating outside the visibility and control of the company. The goal is to protect the end users against such attacks not just the prevention of the compromise itself.
In order to achieve this an advanced email security solution is required.
An anti-phishing platform as well as security awareness training are critical components as part of an organization’s email security solution that is required to protect against vendor email compromise attacks.
anti phishing platforms are designed to detect and block malicious emails from entering a company’s network. Such platforms use AI (Artificial Intelligence) and ML (Machine Learning) to detect the malicious emails and prevent them from reaching the users mailbox.
They are also able to detect emails that look to be from trustworthy vendors but in reality they are impostors. Block such emails can help to keep businesses safe from VEC attacks.
Security awareness training, also known as phishing simulation training, is another important part to protect suppliers from vendor email compromise.
Such platforms sending simulated phishing emails that are designed to train and educate the users on how to identify and respond to phishing emails.
Users will learn how to recognize suspicious emails and how to report them to the proper authorities.
It also covers topics such as password security and safe browsing practices which help to protect companies not only from VEC, but other types of malicious attacks.
By implementing an anti phishing platform and security awareness training, companies can greatly reduce the risk of vendor email compromise.
Leave a Reply