share

Attack of the VEC

Posted by Taylor Cheetham on Sep 7, 2020 9:20:36 PM
Taylor Cheetham

Attack of the VEC

A lot of businesses now understand the importance of security awareness training to prevent phishing attacks. But what about attacks that you can't plan for, no matter the depth your training or the sophistication of your security strategy?

Let's talk about the next wave of cyber attacks that could threaten your business - vendor email compromise (or VEC) attacks. 

 

What is VEC? 

VEC is the tougher, smarter big brother to BEC.

Business email compromise (BEC) is a form of social engineering attack targeting businesses. It usually occurs in the form of spoofing emails from a senior member of the business asking staff to do something that the attacker wants. The targets are often people within the finance, HR and payroll departments as they have access to money or the power to make decisions of a financial nature.

VEC is a step up from this, where attackers use their (illegal) access to a business email system to target an organisation's vendors (or customers), allowing for sophisticated attacks that can be easy to fall for – such as requests to pay an already existing invoice – to the uninitiated.

They're able to do this because they can take over legitimate email accounts and monitor activity, giving them the upper hand when it comes to successfully collecting intel about a business and then sending attacks via that individual's actual email address. 

 

How does it differ from a BEC attack?

While a BEC campaign will generally bait one staff member with the intention of scamming money, VEC attacks aim to use businesses against their customers. Large organisations will often have huge numbers of active customers, so if attackers are willing to take the time and effort to gain access to a business' systems and learn more about them, they may well end up being very successful with their campaign.

Both are bad news for your business, but VEC attacks are far-reaching, and the impact on your relationships with customers can be impacted for a long time to come, not to mention the potential damage to your brand reputation, as trust is hard to rebuild once it has been lost.

 

A complex way to attack

VEC attacks are complicated, and attackers must successfully pass through three phases to complete their campaign:

  • Access: the attacker gain access to your system, most often via an employee within the businesses clicking on a link within a phishing email and entering their credentials into a website where they are captured by the attacker.
  • Intelligence gathering: the attacker then sets up a forwarding rule on that employee's emails and waits and watches, learning about what their interactions look like, how their invoices are laid out and other pertinent information about the business and its finances.
  • Attack: once enough information has been gathered, the attacker can send emails via the employee's account which include a fake invoice that looks the same as the originals, except for the banking details (and an easy thing to overlook for busy accounts payable teams).

What should you look out for?

Regardless of if you are the vendor or the customer, there are several things to look out for to protect your business from a VEC attack:

  • A change in account details, name of the contact or email address: if something looks odd, call and check – it might just save your business a lot of time and money.
  • Requests for urgent, last-minute transfers of money: put measures in place to check and double-check requests for large transfers, especially any that come through with a tight deadline attached to them.
  • Forwarding rules on your company email accounts: if there are any unauthorised forwarding rules, measures will need to be taken to remove them immediately, and a full security audit should be undertaken to assess if any other parts of your business have been breached.

The world of cyber security keeps evolving

There are constantly new challenges with technology and cyber security, which is why the team at The Missing Link are tasked with continued learning, so they can stay ahead of the pack when it comes to protecting your business. Want to know more, contact us today. 

AUTHOR

Taylor Cheetham

Marketing Assistant

Resource

If your network future-proofed?

GRAB A COPY
UP NEXT

What is cyber threat intelligence, and why do I need it?

Threat intelligence is a rather timely topic, as m...

Benefits of hybrid cloud computing

A hybrid cloud computing model gives businesses a ...