Anatomy of an Attack

Vendor Email Compromise spreads from one business to others like a contagion across the extended enterprise. Well-funded, organized cyber crime rings use hijacked business email accounts and social engineering tactics to gather insider information that is then used to create meticulously crafted and timed attacks. In this way supply chain partners inherit risk from each other as employees are tricked into performing seemingly innocuous, but harmful actions.

Phase 1
Initial Access
Compromise Email Account

The first step in the VEC attack chain is to compromise business email accounts that can be used to collect intelligence to exploit later in the attack process. Phishing messages often mimic Microsoft OneDrive or DocuSign login pages, as well as voicemail and fax notifications.

Phase 2
Set Up
Lie in Wait

Once a business email account has been compromised, forwarding rules are set up to allow criminals to lurk undetected as they read emails and collect intelligence, waiting for the opportune moment to attack (e.g., when an invoice is due).

Phase 3
Reconnaissance
Gather Intelligence

Equipped with a legitimate identity and insider information, criminals often target employees involved in the payment process and further gather key pieces of information such as AP aging reports containing invoice amounts, payment terms and billing contact details.

Phase 4
Monetize
Defraud the Business

Bogus, but ultra-realistic emails are sent with near perfect timing and context tricking recipients into changing payment instructions, paying fake invoices, and disclosing sensitive information, defrauding the organization or individual.

The Agari Advantage

Detect Fake Email From Legitimate Accounts

VEC attacks originate from legitimate email accounts that have been hijacked. Messages pass domain authentication and sail right through whitelists and other security controls.

On visual inspection, even highly trained security experts can’t spot them, and they contain highly-convincing business and personal details.

Agari detects these rapidly evolving VEC attacks and can prevent them from reaching employee inboxes through policy-based, automated forensic analysis that understands the identity behind the message.

silent-starling-featured
white papers
White Paper
Silent Starling Threat Dossier: BEC to VEC
Learn more
The Emergence of VEC

Agari researchers uncovered a West African cybercriminal organization that uses VEC to surveil the communications of hundreds of companies and steal millions from their global supply chains.

This white paper offers a first-hand, in-depth look into how the VEC attack chain unfolds.

Email Account Takeover Protection

The first step in preventing a VEC attack is detecting compromised business email accounts.

Agari inspects incoming messages, but also messages flowing from employee-to-employee across the organization for indicators of compromise.

This unique approach can detect fraudulent messages originating from legitimate email accounts.

solution briefs
Solution Brief
Account Takeover Attack Prevention
Learn more

Simulated Product Demonstration

Try this simulated product demonstration to see why companies like Honeywell, Ally Financial, and Informatica use Agari Advanced Threat Protection™ to protect their inboxes.

Featured Products

Protect against costly advanced email attacks
Agari Advanced Threat ProtectionTM

Stop sophisticated identity deception threats including business email compromise, executive spoofing, and account takeover-based attacks.

Learn more
Agari Business Fraud ProtectionTM

Automate DMARC email authentication and enforcement to prevent your corporate domains from being used in a business email compromise attack

Learn more

Insights

Webinar
Silent Starling and the Emergence of VEC

Silent Starling is a newly-discovered cybercriminal group ...

Watch It Now
AI Pattern
Ebook
Q4 2019: Email Fraud & Identity Deception Trends

The Email Fraud and Identity Deception Trends ...

Learn More
ISMG Uncovering the Last businesss Email Compromise Attack Trend 2
Webinar
ISMG: Uncovering the Latest Business Email Compromise Attack Trends

Business email compromise (BEC) attacks succeed not ...

Watch It Now
White Paper
Scattered Canary Threat Dossier

Business email compromise (BEC) has continued to ...

Learn More
Blog Post
The Intelligent Inbox: Email Security of Tomorrow, Today

If you want to know why business ...

Learn More
Blog Post
The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Imagine going to the doctor and only ...

Learn More
conquer email threats
Analyst Research
How to Conquer Targeted Email Threats: SANS Review of Agari Advanced ...

In this review of Agari Advanced Threat ...

Learn More
Bec Scams Easier
Blog Post
5 Big Reasons BEC Scams Are Getting Easier to Pull Off

Want to get a sense of the ...

Learn More
Mail Letter

Would you like the confidence to trust your inbox?