What is Vendor Email Compromise (VEC)?
Vendor email compromise exploits trusted business relationships and established communication patterns. Attackers gain access to vendor email accounts through phishing, weak passwords, or previous breaches, then monitor communications to understand business relationships, payment processes, and timing. The compromise allows sending seemingly legitimate emails from real vendor accounts with fraudulent payment instructions, updated banking details, fake invoices for services rendered, requests for sensitive information, or malware attachments. Because emails originate from legitimate accounts, they bypass technical security controls and appear trustworthy to recipients. VEC is particularly effective because companies expect and act on vendor communications without the same scrutiny applied to unknown senders.
Business Impact
Organizations victimize by VEC face direct financial losses from misdirected payments averaging $125,000 per incident, complex recovery challenges since funds were sent to criminals through legitimate business processes, damaged vendor relationships and trust, difficult attribution determining whether vendors or their customers have security issues, and potential liability questions. Even organizations with strong internal security can be victimized through compromised vendor accounts. The attack highlights supply chain security risks and the need for payment verification procedures that account for the possibility of compromised vendor accounts.
Allure Security's Approach
While VEC primarily involves compromised accounts rather than impersonation, understanding the broader business email compromise landscape and monitoring for signs that your organization or vendors are being targeted enables proactive defense and incident response planning.