Abnormal Security’s recent data exposes a significant surge of 137% in Vendor Email Compromise (VEC) attacks within the global financial services industry in 2023. This surge, marked by an average of 200 socially engineered email attacks per 1000 mailboxes weekly, poses a severe threat to the sector. The attacks, largely related to impersonating business providers, such as suppliers or vendors, have reached alarming levels, with peak periods observed in late January, late September, and mid-December.
Notably, these attacks are not only growing in frequency but also in financial impact. Abnormal Security’s report highlights instances where VEC attacks have targeted millions of dollars, with a staggering case involving a $36 million loss. The document details a $1.4 million VEC attack against an Australian financial holding company, showcasing the intricate methods employed by threat actors. Leveraging legitimate communication patterns and invoices, the attackers successfully manipulated banking details within seemingly harmless emails.
The financial services industry has not only faced a surge in VEC attacks but also witnessed a 71% increase in Business Email Compromise (BEC) attacks in 2023. These attacks involve cybercriminals impersonating executives or employees to orchestrate payroll or banking-related fraud. Despite lacking malicious links or attachments, BEC attacks easily bypass traditional security tools through social engineering tactics. Abnormal Security emphasizes that the sophistication of these attacks, combining authenticity and subtle changes to evade detection, presents a significant challenge to both legacy email security systems and human vigilance.
The company warns that if these trends persist, organizations in the financial services industry must brace for the increasing frequency of email-based attacks targeting human fallibility. To combat these threats, the adoption of sophisticated cloud email security is recommended.
Reference:
