Rising Threat of Vendor Email Compromise Attacks Revealed in New Report

Vendor email compromise (VEC) attacks are a growing and sophisticated threat [4]. These attacks exploit trusted relationships between customers and vendors [4], impersonating individuals from trusted vendor organizations to convince victims to take finance-related actions [4]. The increasing threat of VEC attacks has been highlighted in a recent report from Abnormal Security.


Abnormal Security’s report reveals that the likelihood of falling victim to a VEC attack has risen from 45% in June 2022 to 70% in May 2023 [1]. These attacks often target specific vendors or repeat the same scheme across multiple vendors [4]. Critical infrastructure organizations have been particularly targeted, with the attackers compromising vendor email accounts to reroute invoices to new bank accounts. They use familiar language and known domains to bypass traditional security defenses [1]. The Silent Starling gang [2], connected to Nigeria [2], has been identified as one group employing these tactics. Business email compromise scams [1] [2] [3], including VEC attacks, have been on the rise [2], costing U.S. [2] firms an estimated $300 million per month [2].

To address VEC threats [3], organizations need robust email security controls that can detect tell-tale signs of VEC attacks [3]. Additionally, strong business processes for changing payment information on suppliers are crucial [3]. Traditional email security tools are becoming less effective against VEC attacks [4], leading cybersecurity leaders to seek new tools that utilize behavioral AI to detect deviations from normal user behavior [4]. Agari [2], the security firm that discovered the Silent Starling gang’s new approach, has already shared details with law enforcement [2].


VEC attacks pose a significant risk to organizations, with a rising likelihood of falling victim to these attacks. The financial impact on U.S. firms is substantial, highlighting the urgency to address this threat. Implementing effective email security controls and robust business processes for changing payment information are essential mitigations. However, as attackers continue to evolve their tactics, the need for advanced tools utilizing behavioral AI becomes increasingly important. Collaboration between security firms and law enforcement is crucial in staying ahead of these threats and protecting organizations from the financial and reputational damage caused by VEC attacks.


[1] https://www.infosecurity-magazine.com/news/repeatable-vec-attacks-critical/
[2] https://www.bankinfosecurity.com/vendor-email-compromise-new-attack-twist-a-13170
[3] https://www.csoonline.com/article/647040/vec-campaign-targets-critical-infrastructure-firms-with-invoice-fraud-attack.html
[4] https://abnormalsecurity.com/blog/vec-attacks-replay-critical-infrastructure


Vendor email compromise, VEC attacks, trusted relationships, customers, vendors, finance-related actions, Abnormal Security, likelihood, falling victim, June 2022, May 2023, specific vendors, same scheme, critical infrastructure organizations, vendor email accounts, reroute invoices, new bank accounts, familiar language, known domains, Silent Starling gang, Nigeria, business email compromise scams, rise, U.S. firms, $300 million per month, address VEC threats, robust email security controls, detect tell-tale signs, strong business processes, changing payment information, traditional email security tools, cybersecurity leaders, new tools, behavioral AI, Agari, law enforcement, significant risk, financial impact, urgent, implement effective email security controls, robust business processes, mitigations, evolve tactics, advanced tools, collaboration, protecting organizations, financial damage, reputational damage.