Get access to hundreds of financial resources as an RFP INSIDER

Learn More

Resourceful Finance Pro

Vendor email compromise scams on the rise

Alyssa Pedrick
By: Alyssa Pedrick

About the Author

Alyssa, a member of the Resourceful Finance Pro staff, has written extensively on business and finance for several years. She has produced content for accounts payable professionals and finance executives and has developed whitepapers and infographics for the finance and accounting industry.

Show Less
Last Updated: September 1, 2020
2 minute engagement

Finance is likely all too familiar with business email compromise. But now, a variation of those scams – referred to as vendor email compromise (VEC) – is growing and putting your company money at risk.

So says Crane Hassold, the head of threat research at Agari Cyber Intelligence Division. According to Hassold, VEC scams occur when a vendor’s account is infiltrated and used to send messages to your finance department, typically asking for payment on a pre-existing invoice.

The finer points

Why do finance staffers tend to fall for VEC scams?

Simply put, they hide in plain sight and are quite hard to detect. They target vendors your staff is used to conversing and working with. And since the scammer compromises a vendor’s real account, they can “lie in wait,” observing as exchanges flow back and forth. As a result, they know how to appear legitimate when they finally go in for the attack.

Going forward, thwarting VEC scams will require your staffers to continually analyze authentic-looking emails and look for discrepancies. And it helps if they know exactly how these scams are carried out.

Here’s a three-part rundown you can share with your finance staff:

  • The invasion: First, criminals infiltrate an actual vendor email account by mimicking apps like OneDrive or DocuSign.
  • The manipulation: In the vendor’s email account, the attackers redirect copies of incoming emails to a fake account they’ve created. Then they can go through the emails with real invoices to duplicate later.
  • The follow-through: The criminals send an email to your finance staff for an invoice payment that’s due.

A VEC key to remember

Once your staff understands these scams, how can they work to avoid them?

Here’s one foolproof way they can catch scammers in the act: Check whether the bank account where the vendor’s payment is usually sent has changed.

If it has, that’s a potential sign of a VEC scam. Encourage your staff to halt the process there and consult their manager, so company funds don’t get into the wrong hands.

Filed under

Free Training & Resources

Webinars

Eliminate Burnout and Boost Efficiency: Learn How Modern AP Solutions Create Happier, Higher-Performing Teams

White Papers

Consolidation 3.0: The future of finance is here

White Papers

UJET Solution Brief: Enhancing Security, Compliance, and Customer Experiencein the Financial Services Industry

White Papers

How Expanding Cost Drivers are Rewriting the CFO’s Healthcare Playbook

Resources

Further Reading

Uncovered a serious violation? Self-reporting it can save your company’s reputation

Heads up: Companies can avoid criminal prosecution and million-dollar payouts for serious violations and mistakes by taking advantage of th...

DEI Pro Who Stole Millions from Woke Firms Jailed for 5 Years

How did a diversity, equity and inclusion (DEI) program manager defraud Facebook and Nike of more than $5 million? With the help of crooked...

The SEC raises the bar on ESG enforcement: Was $35 million fine warranted?

The Securities and Exchange Commission (SEC) just fined a company $35 million because it didn’t maintain adequate disclosure rules fo...

Uh oh: IRS taking a closer look at companies’ stock option plans

Publicly traded companies that offer stock options may want to touch base with their tax accountants. That’s because the IRS is l...

Tech CEO Off to Jail for Cooking the Books

The wave of tech fraudsters landing in the slammer rolls on. Elizabeth Holmes of Theranos infamy, crypto hustler Sam Bankman-Fried … ...

Uh Oh: Cyber Extortion is Spiking Again

Extortion attempts such as ransomware attacks are on the rise again. Companies may want to consider cyber insurance policies to protect the...

Privacy Policy | Terms of Service
Copyright© 2026 SuccessFuel