What Is Vendor Email Compromise (VEC)?

August 6, 2023

A new cyber threat that impacts individuals and organizations has developed, with financial transactions completed on digital platforms or by email. Business Email Compromise (BEC)– also known as email account compromise (EAC)— is one of the most financially damaging online crimes. Many people rely on email to conduct business transactions, which BEC exploits.

Illuminated you have mail icon stock photo

In a BEC scam, an email will look as if it came from a known and trusted source and makes a request from the receiver. Below are some common BEC scenarios:

  • A supplier that your company frequently interacts with sends an invoice containing a revised postal address.
  • The CEO of a company instructs an associate to purchase numerous gift cards to give as rewards to employees. She requests the serial numbers so she can send them out immediately.
  • A prospective homeowner receives a communication from his title company providing guidelines on transferring his down payment electronically.

While BEC is common, many overlook a specific type of email compromise known as Vendor Email Compromise (VEC). VEC schemes have increased over the past several years as cybercriminals gain entry into vendors’ email accounts and change payment instructions to divert payment to themselves. Hackers focus on hijacking vendor email “threads” so they can gather context over communications that the vendor sends and receives. VEC happens when vendors use poor passwords, and the hacker utilizes an actual password dictionary to crack the weak password. Once gaining access to the vendor’s email, the hacker collects details such as invoice structure, personal writing tone, and customer emails so they can write emails that sound legitimate. Since they used the vendor’s password, this can go undetected.

Once the hacker diverts funds to themselves, it is often too late to retrieve fraudulently diverted funds when the legitimate vendor notices a payment was not received and notifies the sender/customer.

The best way for accounts payable personnel and clients to prevent VEC is to be aware of the red flags associated with this type of fraud. Below are some things to do to avoid VEC:

  • Be vigilant whenever payment information changes, such as account numbers or bank routing information.
  • Ensure there is a robust validation process, such as calling the vendor using the phone number on file to verify any changes.
  • Wait before sending funds until payment verification is determined to ensure the vendor is legitimate.

Individuals should never respond directly to the email containing the requested payment changes, as the fraudster could be communicating by “spoofed email.”

The first defense against protecting yourself from VEC schemes is awareness; knowing about current scams will help you see the red flags and identify fraudsters. Commercial clients can eliminate VEC risk by using online business banking electronic funds transfers to protect their account details using their login and password.

If you or your company become a victim of VEC, please contact your Private Banker immediately since time is of the essence when attempting to recover funds from a VEC scam.

Sources

https://www.cpapracticeadvisor.com/accounting-audit/news/21205205/how-to-identify-a-new-type-of-bec-vendor-email-compromise

https://www.armorblox.com/blog/identity-theft-invoices-and-impersonation/#:~:text=What%20Is%20Vendor%20Email%20Compromise,that%20ultimately%20benefit%20the%20criminal

Insights

The Power of Vertical Integration in Real Estate Investing

As an investor, you may be considering a vertically integrated approach to real estate investing. This strategy offers greater control […]

Learn more

Beyond Risk Mitigation: How Insurance Supports Long-Term Wealth Strategies

Insurance is often viewed simply as a tool for mitigating risk, but its role in wealth management extends far beyond […]

Learn more

May 2025 Market Commentary

• President Trump announces “Liberation Day” tariffs. • President Trump pauses most “Liberation Day” tariffs for 90 days. • Unusual […]

Learn more

Essential Steps to Prepare Your Finances for Marriage

Marriage is a significant milestone in life, and for those with significant wealth, it’s essential to approach this union with […]

Learn more

Week in Review: May 9, 2025

Recap & Commentary Markets ended the week little changed as investors awaited the Federal Reserve’s Federal Open Market Committee (FOMC) […]

Learn more

Ready to learn more?
Let’s have a conversation.

Embark on a banking experience tailored to your distinct path, focused on achieving personal and business financial prosperity.