Vendor email compromise (VEC) attacks are a type of social engineering attack where a cybercriminal impersonates a trusted vendor to defraud an organization. These attacks are becoming increasingly common, as they are more difficult to detect than traditional phishing attacks.
In a VEC attack, the attacker will first compromise the email account of a legitimate vendor. Once they have access to the account, they will email the victim organization, pretending to be the vendor. The emails will often contain requests for payment or sensitive information.
VEC attacks are often very convincing, as the attacker will take the time to learn about the victim organization and its vendors. They may even use the vendor’s logo and branding in their emails. This makes it more likely that the victim will fall for the scam.
How to Protect Yourself from VEC Attacks
There are a number of things that you can do to protect yourself from VEC attacks. These include:
- Be suspicious of emails from vendors with which you don’t usually do business.
- Don’t click on links or open attachments in emails from vendors unless you are sure that they are legitimate.
- Verify the sender’s email address before responding to any emails from vendors.
- Educate your employees about VEC attacks and how to spot them.
How Security Awareness Training Can Help
Security awareness training can help to protect your organization from VEC attacks by teaching your employees how to spot and avoid these scams. A good security awareness training program will cover topics such as:
- How to identify phishing emails
- How to protect your passwords
- How to be safe online
Get a Free Demo of KnowBe4 from Citynet
Citynet is a partner of KnowBe4, a leading provider of security awareness training. KnowBe4 offers a variety of training programs that can help to protect your organization from VEC attacks and other cyber threats.