{"id":1466,"date":"2022-10-31T18:57:39","date_gmt":"2022-10-31T13:27:39","guid":{"rendered":"https:\/\/blog.kdmarc.com\/blog\/?p=1466"},"modified":"2024-08-13T11:30:49","modified_gmt":"2024-08-13T06:00:49","slug":"vec-attacks","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/vec-attacks\/","title":{"rendered":"Vendor Email Compromise (VEC) Attacks: An Emerging Danger"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">To understand the concept of&nbsp; VEC attacks (Vendor Email Compromise), it is important to first understand Business Email Compromise (BEC) attacks. So, let\u2019s start off by getting a general idea about BEC attacks.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Business_Email_Compromise_BEC_Attacks\" >Business Email Compromise (BEC) Attacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#What_Exactly_is_a_Vendor_Email_Compromise_VEC_Attack\" >What Exactly is a Vendor Email Compromise (VEC) Attack?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#How_does_Vendor_Email_Compromise_VEC_Attack_Work\" >How does Vendor Email Compromise (VEC Attack) Work?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Phase_1_Stealing_Credentials_Through_Phishing\" >Phase 1: Stealing Credentials Through Phishing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Phase_2_Compromised_Accounts_Takeover\" >Phase 2: Compromised Account\u2019s Takeover<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Phase_3_Monitoring_the_Inbox\" >Phase 3: Monitoring the Inbox<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Phase_4_Start_Sending_Spear_Phishing_Emails_to_the_Vendors_Customers\" >Phase 4: Start Sending Spear Phishing Emails to the Vendor\u2019s Customers<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Two_Cases_of_Vendor_Email_Compromise_VEC_Attacks\" >Two Cases of Vendor Email Compromise (VEC Attacks)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Protection_Against_Vendor_Email_Compromise_VEC_Attacks\" >Protection Against Vendor Email Compromise (VEC Attacks)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/#Being_Vigilant_Vendors_Duty_and_Need\" >Being Vigilant: Vendor\u2019s Duty and Need<\/a><\/li><\/ul><\/nav><\/div>\n\n\n<style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n<div class=\"row\">\n<div class=\"colLeft\">\n<p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n<p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n\n<div>\n<div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\">\n<div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a><\/div>\n<\/form><\/div>\n<\/div>\n<\/div>\n<div class=\"colRight\">\n<div>\n<div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Business_Email_Compromise_BEC_Attacks\"><\/span><span style=\"color: #000000;\"><b>Business Email Compromise (BEC) Attacks<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">In a <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/bec-attack\/\"><b><span style=\"color: #183994;\">BEC attack<\/span><\/b><\/a><span style=\"font-weight: 400;\">, a cybercriminal impersonates an employee, colleague, or executive to send an email to another employee. This email usually contains a request for a fund transfer. The cybercriminal may also ask for personally identifiable information (PII) from employees. In this case, it can further lead to fraud or identity theft.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The emails used in BEC attacks typically carry instructions related to payment approvals or client data sharing. Employees can easily fall into this trap as the criminals usually impersonate a senior employee within an organization.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">BEC attacks can lead to huge financial losses. A <\/span><a style=\"color: #000000;\" href=\"https:\/\/www.tripwire.com\/state-of-security\/security-data-protection\/bec-scams-cost-victims-26b-over-a-three-year-period-finds-fbi\/\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #183994;\">report<\/span><\/b><\/a><span style=\"font-weight: 400;\"> by the FBI suggested that <\/span><b>BEC attacks cost organizations $26 bn in total over 3 years from June 2016 to July 2019<\/b><span style=\"font-weight: 400;\">.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Between July 2019 and December 2021, the <\/b><a style=\"color: #000000;\" href=\"https:\/\/www.ic3.gov\/Media\/Y2022\/PSA220504\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #183994;\">FBI reported<\/span><\/b><\/a><b> a 65% increase in losses from Business Email Compromise attacks (BEC attacks).<\/b><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Exactly_is_a_Vendor_Email_Compromise_VEC_Attack\"><\/span><span style=\"color: #000000;\"><b>What Exactly is a Vendor Email Compromise (VEC) Attack?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">A Vendor Email Compromise (VEC attack) is slightly different from a BEC attack. In a VEC attack, a threat actor compromises and uses the email account of an organization\u2019s legitimate vendor. Equipped with a legitimate email identity, the cybercriminal has now become more powerful than ever<\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Once the target is picked, the attacker designs an email template that suits the setting of the target organization. This makes the email more believable. They send these realistic-looking emails to the employees in charge of handling payments. They attach fake invoices and change the payment information from the vendor\u2019s side to redirect the payment to an account controlled by the miscreant.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">This example will give you a better understanding of the spread of a VEC attack:<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><i><span style=\"font-weight: 400;\">\u201cA\u201d company has 20,000 suppliers. So practically, there are 20,000 vendor companies whose email domains can be compromised. VEC attacks on \u201cA\u201d company can be launched using these compromised email domains. Therefore, from the point of view of \u201cA\u201d company, a VEC attack can come from 20,000 different sources.<\/span><\/i><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-8207 size-full\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1602\" height=\"1018\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC_02@2x-100.jpg\" alt=\"Vendor Email Compromise\" class=\"wp-image-8207\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">Each vendor is a potential tool for attackers to carry out a VEC attack on the client company<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The damage potential of a VEC attack is huge. This is majorly due to the fact that the attacker gets hold of the legitimate vendor identity to launch it. A VEC attack leverages the usual communication between vendors and organizations. This is one major difference between a BEC attack and a VEC attack.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_does_Vendor_Email_Compromise_VEC_Attack_Work\"><\/span><span style=\"color: #000000;\"><b>How does Vendor Email Compromise (VEC Attack) Work?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">A BEC or a VEC attack relies on <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/social-engineering-attack\/\"><b><span style=\"color: #183994;\">social engineering attack<\/span><\/b><\/a><span style=\"font-weight: 400;\">. However, it is set apart as in the VEC attack, the targets are supplier\u2019s customers. A payment request is sent to those customers for a service they expect to pay for. There are different phases of VEC attack.<\/span><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-8208 size-full\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"775\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack-Work.jpg\" alt=\"Vendor Email Compromise Attack\" class=\"wp-image-8208\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">How Do Vendor Email Compromise (VEC) Attacks Work? (Source: Bleeping Computer)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_1_Stealing_Credentials_Through_Phishing\"><\/span><span style=\"color: #000000;\"><b>Phase 1: Stealing Credentials Through Phishing<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">For VEC attackers, the foremost step is to get into the vendor\u2019s email account. To achieve this they run several <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/phishing-attacks\/\"><b><span style=\"color: #183994;\">phishing<\/span><\/b><\/a><span style=\"font-weight: 400;\"> campaigns. They research those organizations that sell products and services. Then, they send emails containing malicious links to the employees of the targeted company. Many employees think that these links or landing pages are legitimate and may open or provide essential credentials without checking. Those credentials allow attackers to enter and compromise vendors\u2019 email accounts.<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_2_Compromised_Accounts_Takeover\"><\/span><span style=\"color: #000000;\"><b>Phase 2: Compromised Account\u2019s Takeover<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">After getting all the details, the attackers can then enter into their email inboxes. After this, they take over the accounts and trail communications. They would create email rules to guide copies of all incoming emails from the relevant vendors to the hackers\u2019 inboxes. After all the rules are implemented, victims are not likely to notice that someone is spying on their email accounts. Therefore, hackers can spy for a long time.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_3_Monitoring_the_Inbox\"><\/span><span style=\"color: #000000;\"><b>Phase 3: Monitoring the Inbox<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">In a VEC attack, once an attacker enters a vendor&#8217;s email account, they watch the day-to-day activities and interactions closely. These threat actors spend months observing the victim\u2019s behavior. The email exchange between the vendor company\u2019s employees and their customer company\u2019s point of contact is closely monitored to figure out the pattern of raising invoices and payment methods. After noticing these activities between them, they will start the final phase of the scam.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_4_Start_Sending_Spear_Phishing_Emails_to_the_Vendors_Customers\"><\/span><span style=\"color: #000000;\"><b>Phase 4: Start Sending Spear Phishing Emails to the Vendor\u2019s Customers<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The attacker then proceeds to send <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/difference-between-spear-phishing-and-phishing\/\"><b><span style=\"color: #183994;\">spear phishing<\/span><\/b><\/a><span style=\"font-weight: 400;\"> emails containing fake invoices that look like the usual real ones. The vendor typically sends these emails at the same time the client is billed. The cybercriminal will ask the vendor\u2019s customers to transfer payments to a new bank account under their control by sending these fraudulent emails. These spear phishing emails are expertly designed so as to not cause any suspicion even while departing from the status quo. The VEC attack becomes successful when the customer falls for these emails with fake invoices and sends the money to the new bank account controlled by the attacker.<\/span><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Two_Cases_of_Vendor_Email_Compromise_VEC_Attacks\"><\/span><span style=\"color: #000000;\"><b>Two Cases of Vendor Email Compromise (VEC Attacks)<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">In 2019, an <\/span><a style=\"color: #000000;\" href=\"https:\/\/securityintelligence.com\/news\/silent-starling-group-stages-vendor-email-compromise-attacks\/\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #183994;\">article<\/span><\/b><\/a><span style=\"font-weight: 400;\"> published by Security Intelligence revealed that the Silent Starling cybercriminal group was conducting VEC attacks. The group launched phishing emails to trick the employees of the vendor companies into giving up the credentials of their official email accounts.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">They used these email accounts to watch the email flow pattern between the vendor companies and the client companies. The group waited and watched for a very long period before hitting the target client companies at an opportune time.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">They used the compromised email accounts of the vendor companies to send fake invoices to the client companies. The payment information included the banking details of a bank account controlled by the attacker.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">In another event, SolarWinds, an American software company, suffered a huge VEC attack. Suspicious activity was observed in its Office365 environment, the company <\/span><a style=\"color: #000000;\" href=\"https:\/\/www.crn.com\/news\/security\/solarwinds-ceo-confirms-office-365-email-compromise-played-role-in-broad-based-attack\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #183994;\">revealed<\/span><\/b><\/a><span style=\"font-weight: 400;\">.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Hackers used a compromised email account to gain access to the credentials of <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/\"><b><span style=\"color: #183994;\">SolarWinds<\/span><\/b><\/a><span style=\"font-weight: 400;\">\u2019 personnel in business and technical roles. This allowed the hackers to gain access to the SolarWinds Orion Development environment.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">A Russian hacking group exploited the vulnerabilities in its software. Around 18,000 of its customers downloaded the compromised version of this software.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Wait, there\u2019s more! As per a 2021 <\/span><a style=\"color: #000000;\" href=\"https:\/\/www.businesswire.com\/news\/home\/20210217005473\/en\/Risk-of-SolarWinds-Style-Attacks-Through-Vendor-Email-Compromise-Increased-82-Abnormal-Threat-Research-Report-Reveals\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #183994;\">article<\/span><\/b><\/a><span style=\"font-weight: 400;\"> published by Business Wire, organizations face an 82% increase in the chances of being attacked through a SolarWinds-style VEC attack in a given week. This article also mentioned that the average potential loss from VEC attacks is 144% more than the loss caused by standard BEC attacks.<\/span><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Protection_Against_Vendor_Email_Compromise_VEC_Attacks\"><\/span><span style=\"color: #000000;\"><b>Protection Against Vendor Email Compromise (VE<span style=\"color: #000000;\">C Attacks)<\/span><\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Protection against vendor email compromise (VEC Attacks) requires proactivity at every step, i.e., before, during, and after an attack. Firstly, possession of knowledge about these attacks is a prerequisite for organizations to set up a strong defense against them.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Therefore, making sure that everyone on the staff knows what these attacks are and how they work is essential for organizations. Along with this, knowing the correct way of requesting and providing payment details, funds, or sensitive information is also important for the employees.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Furthermore, the employees are less likely to fall for a VEC attack if they are aware of the regular flow of emails in the organization. Any irregularity in this email flow will be enough cause for creating suspicion.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Even if an email doesn\u2019t raise any suspicion due to the pattern of its flow, there will always be something about the content that is odd. It might be the sender\u2019s name, signature, or body of the email.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">However, changes in payment information raise immediate red flags. Any email regarding a change in payment information must be immediately verified using methods like video calling the vendor or sending the vendor some codes to revert to.<\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-8209 size-full\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1602\" height=\"1018\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC_01@2x-100.jpg\" alt=\"Vendor Email Compromise Attack\" class=\"wp-image-8209\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">Vendor Email Compromise (VEC Attack) suspicion due to irregularity in payment information<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">In an event where the damage has already been done, i.e., if the money has been transferred or the information has been stolen, mitigation measures should be put in place right away. In case of wrongful transfer of money, the insurer, the bank, and the authorities should be informed immediately.&nbsp;&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If any sensitive information of the organization has been compromised, mitigation measures should be directed towards minimizing damage to the reputation of the company and preventing the misuse of that information.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Being_Vigilant_Vendors_Duty_and_Need\"><\/span><span style=\"color: #000000;\"><b>Being Vigilant: Vendor\u2019s Duty and Need<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">As mentioned above, attackers use phishing emails to trick employees of vendor companies into giving up their email account credentials. Therefore, <\/span><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/benefits-and-purpose-of-security-awareness-training\/\"><b>cybersecurity awareness<\/b><\/a><\/span><span style=\"font-weight: 400;\"> for employees using tools like <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\"><b><span style=\"color: #183994;\">TSAT<\/span><\/b><\/a><span style=\"font-weight: 400;\"> becomes essential for an organization. It uses simulation through five different attack vectors to sensitize employees with respect to cyber attacks.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">For vendor companies, the implementation of email domain security tools is very important. This minimizes the risk of misuse of their email domain in VEC attacks. An <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatpost.com\/dmarc-adoption-nonexistent\/146751\/\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #183994;\">article<\/span><\/b><\/a><span style=\"font-weight: 400;\"> by Threat Post reported that standard email authentication protection is nonexistent in 80% of company web domains! Isn\u2019t that mind-boggling?<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Email authentication tools are game-changers when it comes to preventing email domain misuse. <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/tdmarc\"><b><span style=\"color: #183994;\">TDMARC<\/span><\/b><\/a><span style=\"font-weight: 400;\"> is counted among the best email authentication and anti-spoofing tools. It detects and defends email domain forgery.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">This tool can identify all the sources that are abusing your email domain and prevent anyone from sending fraudulent emails on your behalf. Consequently, it also increases the <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/increase-domain-reputation-and-email-deliverability\/\"><b><span style=\"color: #183994;\">email deliverability rate and email engagement rate<\/span><\/b><\/a><span style=\"font-weight: 400;\">.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">VEC attack is a threat on the rise and it is imperative for both vendor companies and client companies to be on the lookout for them. Vigil and alertness can thwart VEC attacks right at their onset.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To understand the concept of&nbsp; VEC attacks (Vendor Email Compromise), it is important to first understand Business Email Compromise (BEC) attacks. So, let\u2019s start off by getting a general idea about BEC attacks. Business Email Compromise (BEC) Attacks In a BEC attack, a cybercriminal impersonates an employee, colleague, or executive to send an email to [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":7372,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,45,43],"tags":[],"class_list":["post-1466","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attacks","category-email-security","category-social-engineering"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Emerging Danger: Vendor Email Compromise (VEC) Attacks<\/title>\n<meta name=\"description\" content=\"Protection against VEC attacks requires proactivity at every step i.e. before, during and after an attack. Firstly, possession of knowledge\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/vec-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging Danger: Vendor Email Compromise (VEC) Attacks\" \/>\n<meta property=\"og:description\" content=\"Protection against VEC attacks requires proactivity at every step i.e. before, during and after an attack. Firstly, possession of knowledge\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/vec-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-31T13:27:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-13T06:00:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Kumar Shantanu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kumar Shantanu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/\"},\"author\":{\"name\":\"Kumar Shantanu\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/fb68b06665d9ecb47912ab0c3768ff23\"},\"headline\":\"Vendor Email Compromise (VEC) Attacks: An Emerging Danger\",\"datePublished\":\"2022-10-31T13:27:39+00:00\",\"dateModified\":\"2024-08-13T06:00:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/\"},\"wordCount\":1626,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/VEC-Attack.webp\",\"articleSection\":[\"Cyber Attacks\",\"Email Security\",\"Social Engineering\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/\",\"name\":\"Emerging Danger: Vendor Email Compromise (VEC) Attacks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/VEC-Attack.webp\",\"datePublished\":\"2022-10-31T13:27:39+00:00\",\"dateModified\":\"2024-08-13T06:00:49+00:00\",\"description\":\"Protection against VEC attacks requires proactivity at every step i.e. before, during and after an attack. Firstly, possession of knowledge\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/VEC-Attack.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/VEC-Attack.webp\",\"width\":1250,\"height\":1200,\"caption\":\"VEC Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/vec-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vendor Email Compromise (VEC) Attacks: An Emerging Danger\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/fb68b06665d9ecb47912ab0c3768ff23\",\"name\":\"Kumar Shantanu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Shantanu-Image.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Shantanu-Image.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Shantanu-Image.jpeg\",\"caption\":\"Kumar Shantanu\"},\"description\":\"Senior Writer Shantanu is an accomplished content strategist and technology enthusiast at Threatcop Inc. With a knack for translating technical intricacies into reader-friendly narratives, Shantanu contributes to making cybersecurity insights both informative and enjoyable for tech enthusiasts and general audiences alike.\",\"sameAs\":[\"http:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging Danger: Vendor Email Compromise (VEC) Attacks","description":"Protection against VEC attacks requires proactivity at every step i.e. before, during and after an attack. Firstly, possession of knowledge","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/vec-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Emerging Danger: Vendor Email Compromise (VEC) Attacks","og_description":"Protection against VEC attacks requires proactivity at every step i.e. before, during and after an attack. Firstly, possession of knowledge","og_url":"https:\/\/threatcop.com\/blog\/vec-attacks\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2022-10-31T13:27:39+00:00","article_modified_time":"2024-08-13T06:00:49+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack.webp","type":"image\/webp"}],"author":"Kumar Shantanu","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Kumar Shantanu","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/"},"author":{"name":"Kumar Shantanu","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/fb68b06665d9ecb47912ab0c3768ff23"},"headline":"Vendor Email Compromise (VEC) Attacks: An Emerging Danger","datePublished":"2022-10-31T13:27:39+00:00","dateModified":"2024-08-13T06:00:49+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/"},"wordCount":1626,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack.webp","articleSection":["Cyber Attacks","Email Security","Social Engineering"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/vec-attacks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/","url":"https:\/\/threatcop.com\/blog\/vec-attacks\/","name":"Emerging Danger: Vendor Email Compromise (VEC) Attacks","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack.webp","datePublished":"2022-10-31T13:27:39+00:00","dateModified":"2024-08-13T06:00:49+00:00","description":"Protection against VEC attacks requires proactivity at every step i.e. before, during and after an attack. Firstly, possession of knowledge","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/vec-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/03\/VEC-Attack.webp","width":1250,"height":1200,"caption":"VEC Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/vec-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Vendor Email Compromise (VEC) Attacks: An Emerging Danger"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/fb68b06665d9ecb47912ab0c3768ff23","name":"Kumar Shantanu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2024\/01\/Shantanu-Image.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2024\/01\/Shantanu-Image.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2024\/01\/Shantanu-Image.jpeg","caption":"Kumar Shantanu"},"description":"Senior Writer Shantanu is an accomplished content strategist and technology enthusiast at Threatcop Inc. With a knack for translating technical intricacies into reader-friendly narratives, Shantanu contributes to making cybersecurity insights both informative and enjoyable for tech enthusiasts and general audiences alike.","sameAs":["http:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1466","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=1466"}],"version-history":[{"count":9,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1466\/revisions"}],"predecessor-version":[{"id":11689,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1466\/revisions\/11689"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/7372"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=1466"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=1466"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=1466"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}