Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

business documents on office table with smart phone and laptop computer and graph financial with social network diagram and three colleagues discussing data in the backgroundAnalysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods.

There’s no industry that has more money than the one dealing in it. So, it shouldn’t come as a surprise that attacks on the financial services industry continue at an increasing rate.

According to new data shared by cybersecurity vendor Abnormal Security,  the financial services industry is a major target for email-based attacks. They receive approximately 200 advanced attacks per 1,000 mailboxes each week.

Of these, those that qualify as business email compromise (where a specific executive or employee is impersonated) increased 71% last year, while vendor email compromise (where a supplier or vendor of the victim organization is impersonated) increased 137%.

In both cases, fake invoices are presented, banking account changes are requested, and payments are asked to be paid asap in these types of attacks.

According to Abnormal Security, employees aren’t helping mitigate these attacks with an open rate of 28% and a 15% reply rate. It’s evident that the users being targeted are not enrolled in new-school security awareness training on a continual basis. If they were, they would be up to speed on the latest techniques used, details of how to identify a fake email, and generally be more vigilant around such requests, reducing those open and reply rates significantly.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews