The Hidden Cost of Trust New Data Reveals Alarming Employee Engagement with Vendor Email Compromise
Your workforce is your greatest asset, and your vendors are integral to the success of the enterprise. It’s no surprise, then, that cybercriminals are targeting both, exploiting the trust in these partnerships to deceive, defraud, and divert funds.
Much like traditional business email compromise (BEC), vendor email compromise (VEC) involves the misuse of a familiar identity. In these attacks, however, the person being impersonated is an external third party rather than an internal employee. Posing as trusted partners, threat actors attempt to trick targets into paying fake invoices, initiating fraudulent wire transfers, or updating banking details to reroute funds into attacker-controlled accounts.
To understand just how effective these attacks have become, we conducted an extensive study of real-world employee behavior. Today, we’re releasing research that exposes the startling extent to which employees engage with these deceptive attacks—and the results should serve as a wake-up call for every organization.