ORLANDO, Fla. (Nov. 4, 2019) – “The City of Ocala, Fla. and Nikkei America made recent announcements that they were victimized in independent BEC attacks, resulting in losses of nearly $750,000 and $29 million, respectfully. These appear to be the latest examples of successful Vendor Email Compromise (VEC) attacks.
“VEC, an attack type coined by Agari, is where the email account of a third-party vendor and/or supplier gets compromised and the email account is used to send incredibly realistic-looking messages to customers, requesting payment for an existing invoice. This type of attack (VEC) has been on the rise among BEC actors and is extremely difficult to detect. The malign actors compromise the vendor/supplier email and lie in wait, watching messages flow through the email inbox and gaining valuable context. In our recent Silent Starling threat actor dossier, we provided in-depth insight into the inner-workings of the criminal groups that perpetrate these fraudulent schemes.
“The VEC attack chain is separated into three primary components. First, the scammers compromise vendor email accounts using credential-phishing attacks that mimic common enterprise applications, like OneDrive or DocuSign. Second, the attackers set forwarding or redirect rules on the compromised accounts that send copies of all incoming emails to a separate account controlled by the scammers. These emails are harvested for valuable intelligence about a vendor’s normal billing practices, to include identifying their customers and obtaining copies of legitimate invoices. Third, using this intelligence, a VEC attacker sends an email to a supplier’s customers asking for payment for an invoice that is actually due. Because they’re based on actual communication patterns used by the compromised vendor employee, these emails look and feel legitimate. The only difference? The bank account where the payment should be sent has been changed.”
Crane Hassold, head of threat research at Agari Cyber Intelligence Division (ACID), will be speaking on this topic tonight at 6:55 p.m./EAST in Theater 7 at the Microsoft Ignite Conference in Orlando.
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses and consumers worldwide. Learn more at www.agari.com.
Jean Creech Avent
Sr. Director, Global Corporate Communications