Our certified specialists can work with you to find the best solution to deliver the business outcomes you need, no matter the challenge.
We take the time to understand your unique business needs and challenges. Our certified specialists can work with you to find the best solution that suits you.
A lot of businesses now understand the importance of security awareness training to prevent phishing attacks. But what about attacks that you can't plan for, no matter the depth your training or the sophistication of your security strategy?
Let's talk about the next wave of cyber attacks that could threaten your business - vendor email compromise (or VEC) attacks.
VEC is the tougher, smarter big brother to BEC.
Business email compromise (BEC) is a form of social engineering attack targeting businesses. It usually occurs in the form of spoofing emails from a senior member of the business asking staff to do something that the attacker wants. The targets are often people within the finance, HR and payroll departments as they have access to money or the power to make decisions of a financial nature.
VEC is a step up from this, where attackers use their (illegal) access to a business email system to target an organisation's vendors (or customers), allowing for sophisticated attacks that can be easy to fall for – such as requests to pay an already existing invoice – to the uninitiated.
They're able to do this because they can take over legitimate email accounts and monitor activity, giving them the upper hand when it comes to successfully collecting intel about a business and then sending attacks via that individual's actual email address.
While a BEC campaign will generally bait one staff member with the intention of scamming money, VEC attacks aim to use businesses against their customers. Large organisations will often have huge numbers of active customers, so if attackers are willing to take the time and effort to gain access to a business' systems and learn more about them, they may well end up being very successful with their campaign.
Both are bad news for your business, but VEC attacks are far-reaching, and the impact on your relationships with customers can be impacted for a long time to come, not to mention the potential damage to your brand reputation, as trust is hard to rebuild once it has been lost.
VEC attacks are complicated, and attackers must successfully pass through three phases to complete their campaign:
Regardless of if you are the vendor or the customer, there are several things to look out for to protect your business from a VEC attack:
There are constantly new challenges with technology and cyber security, which is why the team at The Missing Link are tasked with continued learning, so they can stay ahead of the pack when it comes to protecting your business. Want to know more, contact us today.
Threat intelligence is a rather timely topic, as m...