What Is Vendor Email Compromise (VEC)?

August 6, 2023

A new cyber threat that impacts individuals and organizations has developed, with financial transactions completed on digital platforms or by email. Business Email Compromise (BEC)– also known as email account compromise (EAC)— is one of the most financially damaging online crimes. Many people rely on email to conduct business transactions, which BEC exploits.

Illuminated you have mail icon stock photo

In a BEC scam, an email will look as if it came from a known and trusted source and makes a request from the receiver. Below are some common BEC scenarios:

  • A supplier that your company frequently interacts with sends an invoice containing a revised postal address.
  • The CEO of a company instructs an associate to purchase numerous gift cards to give as rewards to employees. She requests the serial numbers so she can send them out immediately.
  • A prospective homeowner receives a communication from his title company providing guidelines on transferring his down payment electronically.

While BEC is common, many overlook a specific type of email compromise known as Vendor Email Compromise (VEC). VEC schemes have increased over the past several years as cybercriminals gain entry into vendors’ email accounts and change payment instructions to divert payment to themselves. Hackers focus on hijacking vendor email “threads” so they can gather context over communications that the vendor sends and receives. VEC happens when vendors use poor passwords, and the hacker utilizes an actual password dictionary to crack the weak password. Once gaining access to the vendor’s email, the hacker collects details such as invoice structure, personal writing tone, and customer emails so they can write emails that sound legitimate. Since they used the vendor’s password, this can go undetected.

Once the hacker diverts funds to themselves, it is often too late to retrieve fraudulently diverted funds when the legitimate vendor notices a payment was not received and notifies the sender/customer.

The best way for accounts payable personnel and clients to prevent VEC is to be aware of the red flags associated with this type of fraud. Below are some things to do to avoid VEC:

  • Be vigilant whenever payment information changes, such as account numbers or bank routing information.
  • Ensure there is a robust validation process, such as calling the vendor using the phone number on file to verify any changes.
  • Wait before sending funds until payment verification is determined to ensure the vendor is legitimate.

Individuals should never respond directly to the email containing the requested payment changes, as the fraudster could be communicating by “spoofed email.”

The first defense against protecting yourself from VEC schemes is awareness; knowing about current scams will help you see the red flags and identify fraudsters. Commercial clients can eliminate VEC risk by using online business banking electronic funds transfers to protect their account details using their login and password.

If you or your company become a victim of VEC, please contact your Private Banker immediately since time is of the essence when attempting to recover funds from a VEC scam.

Sources

https://www.cpapracticeadvisor.com/accounting-audit/news/21205205/how-to-identify-a-new-type-of-bec-vendor-email-compromise

https://www.armorblox.com/blog/identity-theft-invoices-and-impersonation/#:~:text=What%20Is%20Vendor%20Email%20Compromise,that%20ultimately%20benefit%20the%20criminal

Insights

Week in Review: July 12, 2024

Recap & Commentary Markets ended the week higher with the S&P 500 and NASDAQ setting new records along the way. […]

Learn more

Top Investment Trends For 2024

As January 2023 began, the American economy faced significant challenges from inflation and rising interest rates. These pressures intensified as […]

Learn more

June 2024 Market Commentary

The saying “April showers bring May flowers” can be traced to an English poet from the 1500s. Today, the quote […]

Learn more

Cybersecurity Risks in the Summer: How to Stay Safe Online

Summer is a time for relaxation, vacation, and fun, but it can also be a time for cyberattacks. Hackers and […]

Learn more

Five Strategies for Tax-Efficient Investing Diversification

Tax-efficient portfolio diversification is a nuanced and dynamic process critical for effective wealth management. By strategically balancing investments to minimize […]

Learn more

Ready to learn more?
Let’s have a conversation.

Embark on a banking experience tailored to your distinct path, focused on achieving personal and business financial prosperity.