Vendor Email Compromise (VEC) is a sophisticated fraud scheme where criminals compromise or impersonate vendor email accounts to redirect payments or obtain sensitive information. This attack specifically targets business-to-business relationships and supply chains.
Attack Methods
- Email account takeover
- Domain spoofing
- Invoice manipulation
- Payment redirection
- Relationship exploitation
Warning Signs
- Changed payment details
- Unusual communications
- Invoice irregularities
- Urgent requests
- Communication style changes
Risk Factors
- Regular payments
- Large transactions
- Multiple vendors
- International transfers
- Limited verification
Prevention Measures
- Multi-factor authentication
- Payment verification
- Contact validation
- Process controls
- Staff training
Best Practices
- Verify changes directly
- Double-check details
- Document procedures
- Monitor communications
- Regular audits
VEC attacks can cause significant financial losses, requiring robust verification procedures and careful monitoring of vendor communications.