SC Media reported:
A vendor email compromise (VEC) attack that sought to change bank account information on a third-party insurance company’s escrow account and pay a dummy title insurance company a $36 million invoice was recently discovered, pointing out the need for constant vigilance and increased training.
"People get caught by the social engineering and throw all processes and procedures out the window," said Britton. "In this case, everything was similar to the legitimate invoice with the exception of the bank account information. ”
According to the Abnormal Security blog, unlike traditional business email compromise (BEC) that impersonates an executive, a VEC attack occurs when a threat actor either gains control of a vendor email account or impersonates a trusted vendor in an attempt to execute an invoice scam or other financial fraud. These attacks are highly successful because they exploit the trust and existing relationships (like the one described in this story) between vendors and customers through personalization and social engineering.
Find the original article and read more here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
A vendor email compromise (VEC) attack that sought to change bank account information on a third-party insurance company’s escrow account and pay a dummy title insurance company a $36 million invoice was recently discovered, pointing out the need for constant vigilance and increased training.
"People get caught by the social engineering and throw all processes and procedures out the window," said Britton. "In this case, everything was similar to the legitimate invoice with the exception of the bank account information. ”
According to the Abnormal Security blog, unlike traditional business email compromise (BEC) that impersonates an executive, a VEC attack occurs when a threat actor either gains control of a vendor email account or impersonates a trusted vendor in an attempt to execute an invoice scam or other financial fraud. These attacks are highly successful because they exploit the trust and existing relationships (like the one described in this story) between vendors and customers through personalization and social engineering.
Find the original article and read more here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat