Of all the dangers on the Internet, Phishing is undoubtedly one of the most dangerous and at the same time present. But of course, not all attacks are created equal, and hackers are constantly perfecting their techniques. In this article we are going to talk about how a VEC or business email compromise attack works. We will explain how it works and also give some tips to avoid problems.
What is a VEC attack
This type of Phishing variant is known as VEC, which stands for Vendor Email Compromise. In Spanish we can translate it as business email commitment. E-mail is a widely used means of communication by companies and organizations and they generally trust that it is reliable. This makes it possible for cybercriminals to take advantage of it.
What a Phishing attack does is impersonate an identity to defraud. For example a social network, a platform to buy online, etc. However, a business email compromise attack goes further. The attacker is going to impersonate a high-level employee or someone important within a company.
For this to be possible, the cybercriminal will need some previous work . You will need to know that company very well, the functions that each employee performs, etc. Today many companies share information on the Internet, so it is something public and it does not cost them much work.
From there, the attacker creates an email address with the name of that high-level employee. His mission is going to be to contact another worker of that organization and pretends to be his superior. A very common attack is that it will indicate that it needs to make an urgent bank transfer and gives a reason that may be credible.
The employee, for fear of having problems in the company with his superiors, will do what they are asked. The problem is logically it is a scam and that transfer goes into the hands of the attackers.
different variants
Once we know how a business email compromise attack works, it should be noted that there are different variants. Some are oriented towards suppliers , others against final sellers , etc. However, in all of them the objective is similar: pretend to be a relevant person and defraud a worker.
In this way they can obtain customer data, carry out sales or purchase scams, infect an entire business system, etc. All this can cause significant damage to the company and even damage its reputation with customers.
What can we do to avoid this type of problem? Undoubtedly the most important thing is common sense . It is essential not to make mistakes, such as making a payment without confirming that it is really legitimate, downloading a file that may be dangerous, etc. You can always inform yourself in advance in case of doubts. It is essential to detect Phishing attacks.
In addition, in order to avoid security problems in the system, it will be essential to have a good antivirus and also to have everything updated . Some attacks will exploit vulnerabilities in a system. Therefore, installing patches and security updates can help prevent many problems.
