Defend Against Business Email Scams And Vendor Email Compromise
Summary: This 3-minute article discusses Vendor Email Compromise and how to protect your SMB and vendors from an email attack. Cyber security requires multiple defense layers. Contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com to schedule a vulnerability assessment and discuss email security solutions to ensure your SMB has the best possible small business cyber security.
Small Business Email Compromise
SMB owners tend to be less concerned about cyber security than they should be. They often think that their business is too small to get the attention of cybercriminals. However, the opposite is true: Hackers look at small to midsized businesses as the “low-hanging” fruit, set up for “easy picking.” Because SMB budgets are small and the owners are focused on operating their businesses, many companies don’t have the email security they need.
Many users have heard of Business Email Compromise or BEC. However, business email scams include Vendor Email Compromise (VEC).
Vendor Email Compromise
VEC attacks are BEC attacks that specifically target vendors. The hacker’s premise is that vendors work with many other businesses and by pretending to be a vendor, they can trick those businesses and steal their money. Human nature is to trust business relationships that have been established over time. However, this blanket trust makes it much easier for a cybercriminal to launch a successful VEC attack.
VEC attacks are more difficult to stage. However, the payoff can be substantial if the hacker chooses the right vendor to compromise. By impersonating a vendor via email, the attack may be as simple as attaching an invoice with different payment instructions than previously used to transfer funds. Additionally, a good vendor impersonation can fool employees in accounting departments into paying invoices to rogue accounts. There are two typical phases to a successful VEC attack:
- Phishing Attacks Against a Vendor – Hackers usually start a VEC attack by sending phishing emails to a vendor’s employees, trying to trick them into sharing their credentials. Once the cyber thief has an employee’s credentials, they can access their account and begin their VEC attack. Once in the account, the hackers use this starting point to learn more about the vendor and how it does business. Also, they can forward all vendor employee emails to their phony accounts to help garner more information to support their attack. Clandestine forwarding is particularly helpful because the hacker can work with the data gleaned without risking continued breaches that might get noticed.
- Vendor Customer Contact – Once the attacker has accumulated enough data to create a robust impersonation of the vendor, they contact the vendor’s customers using the same email or a fake email that looks almost exactly like the vendor’s own email account. Having already studied the payment schedules and typical transactions, the hacker can then send invoices to the SMB’s vendors to request large transfers of funds that appear legitimate in the ordinary course of doing business. Often, accounting departments will just pay the bogus invoices routinely.
Both Vendors and Customers Are At Risk
VEC attacks affect the vendor and all its customers. For the vendor, their reputation is at stake. Building customer trust and a reputation for doing business legitimately take a long time. As the vendor isn’t the one to steal the money, their monetary cost might manifest in losing customers. Also, the attack is designed to ask for amounts of money typical to previous transactions, making the transfer request less likely to raise any red flags. However, the customers have paid money to an anonymous cyber thief and cannot be reimbursed for the scammed transaction.
How Can I Protect Against VEC?
One of the primary reasons that VEC attacks are successful is insufficient employee training. Employees who are not trained in IT best practices are more likely to fall for a cyberattack unwittingly and either share their private credentials or click on a link without considering its legitimacy. Cyber security best practices include training for new employees and ongoing training for all employees. As hackers continue to find new ways to compromise your hard-earned business data, everyone in your company must be on the same page.
Many small to midsized businesses do not have the budget for a top-notch IT expert on staff. However, ensuring that you and your employees stay current on cyber threats is worth hiring IT professionals to help formulate and maintain company-wide cyber security best practices.
DIGIGUARD’s Innovative Solutions For SMBs
As your SMB grows, expands its network and adds more platforms and devices, such as Bluetooth devices, smart controls and wireless remote, your network’s vulnerability grows, too. DIGIGUARD specializes in proactive cyber threat protection and network security and has a wide array of solutions for small to midsized businesses to defend against cyberattacks and other network data breaches. They are cyber security experts who can help you create a cyber security budget and help you ensure your confidential personal, business and financial data have the best protection possible.
Furthermore, DIGIGUARD can help establish cyber security best practices and provide employee training so your employees can spot cyber threats and not inadvertently expose your company to a cyberattack. That training will work in tandem with the rest of your cyber protections so that everyone knows what they must do to prevent a data breach and precisely what to do in the event of a real cyberattack. DIGIGUARD’s services in cyber security are up-to-the-minute and cost-effective. They will enable SMB owners to concentrate on operating their businesses without fear of a data breach crippling their operations.
Contact DIGIGUARD CYBER SECURITY at 833-332-CYBER (833-332-9237) www.DIGIGUARDsecurity.com to discuss the best cyber threat protection for your SMB before you face a deadly cyberattack.