Vendor email compromise attacks get more effective in large enterprises


A new report from Abnormal AI shows that employees in large enterprises engage with malicious vendor messages 72 percent of the time.
Drawing on behavioral data from over 1,400 organizations worldwide, the report reveals the extent to which employees are actively engaging with advanced text-based threats like vendor email compromise (VEC) and explores the blind spots attackers are exploiting with highly targeted, socially engineered attacks.
The data reveals that employees frequently struggle to differentiate between legitimate messages and attacks, especially when those emails appear to come from a known vendor. VEC attacks consistently drove either the highest or second-highest rates of replies and forwards, irrespective of organization size, industry, or geographic location.
In a reversal of the trend you might expect, employees in the largest organizations -- those with a workforce of 50,000 or more -- had the highest rate of second-step engagement with vendor email compromise.
Mick Leach, field CISO of Abnormal AI, says, "Larger organizations can struggle, to some extent, with context, understanding who works with this person. We saw a lot of forwarding of messages, which I guess, once you think about it, makes sense. You receive a message, you go, 'Oh, I, I don't handle these, but Marjorie, over in finance does let me just send this over to her.' The fact that it's now being forwarded from a colleague, and you see someone that you typically do business with and a company you do business with, further escalates the engagement rate of those attacks because now it's doubly coming from a trusted source."
Looked at by sector, second-step engagement rate for the telecommunications industry is by far the highest for any vertical at 71.3 percent, well above the 56 percent observed in energy/utilities providers, which rank second.
Sales-focused roles are heavily represented among the job categories with the highest second-step engagement rate, holding three of the top four spots. These positions rely primarily on email correspondence, are usually among the most public-facing in an organization.
You can get the full report on the Abnormal site.
Image credit: Techa Tungateja/Dreamstime.com