Financial services businesses see spike in vendor email compromise

A new report from Abnormal Security shows that vendor email compromise (VEC) attacks against financial services organizations increased by 137 percent in 2023.

This is an industry that handles a wide array of sensitive personal and financial information of the type hackers love to get their hands on. This makes organizations within the financial services sector particularly susceptible to cyberattacks, including socially-engineered email attacks.

According to the findings, the financial services industry receives approximately 200 advanced attacks per 1,000 mailboxes weekly, making it one of the most attacked industries tracked. Peaks in attacks occurred in January, with 258 weekly, in September, with 282, and in mid-December, with 272.

Mick Leach, field CISO at Abnormal Security, writes on the company's blog, "Vendor email compromise or VEC occurs when threat actors impersonate a business provider (such as a supplier or vendor) in hopes of stealing money from that vendor's customers -- often through billing account updates or invoice fraud. Some threat actors create spoofed email accounts while others leverage compromised vendor email accounts to request these financial transfers -- a tactic that is much harder to detect given the account legitimacy."

Business email compromise attacks against the financial sector are also increasing, with an average of 0.94 weekly BEC attacks per 1,000 mailboxes in 2023, representing a 70.9 percent increase over the previous year.

The average weekly probability of BEC attacks against organizations in the financial services industry was 74 percent in 2023, representing an 11 percent increase over the previous year.

You can read more and get the full report on the Abnormal Security blog.

Image credit: SIphotography/depositphotos.com