- X코드 없이도 맥OS·리눅스에서 스위프트 설치·관리 가능··· 애플, ‘스위프트리 1.0’ 공식 도입
- The 35+ best Amazon Spring Sale Apple deals: iPhones, Apple Watches, iPads, and more
- The 30+ best Amazon Spring Sale robot vacuum deals: Hurry, sale ends tonight
- The Segway Max G2 electric scooter is $400 off during this anti-Amazon Spring Sale deal
- 정철환 칼럼 | 코딩만 잘하면 될까? 미래의 개발자가 갖춰야 할 역량
Vendor Email Attacks Surged by 137% in Financial Sector in 2023

The global financial services industry has witnessed a 137% increase in Vendor Email Compromise (VEC) attacks over the last year, according to new data by Abnormal Security.
The majority of these threats were related to socially engineered email attacks, with the sector receiving an average of 200 advanced attacks per 1000 mailboxes each week.
Notably, peak attack periods occurred in late January, late September and mid-December last year.
VEC involves threat actors impersonating business providers, like suppliers or vendors, to manipulate financial transfers. These attacks, often hard to detect due to their apparent legitimacy, can result in substantial financial losses for organizations.
In a new report published today, Abnormal Security reported instances of VEC attacks targeting millions of dollars, with one case involving a staggering $36m.
A detailed example contained in the document also illustrated the intricacy of a $1.4m VEC attack against an Australian financial holding company. The threat actor, leveraging legitimate communication patterns and invoices, successfully changed banking details in a seemingly harmless email.
The financial services industry also witnessed a 71% increase in Business Email Compromise (BEC) attacks in 2023. These attacks involved cybercriminals impersonating executives or employees to orchestrate payroll or banking-related fraud.
Despite lacking malicious links or attachments, BEC attacks easily bypass traditional security tools through social engineering tactics. Abnormal noted that the median open rate for text-based BEC attacks reached nearly 28% last year, highlighting the efficacy of these approaches.
Read more on BEC attacks: BEC Volumes and Ransomware Costs Double in a Year
According to the firm, the sophistication of such attacks, combining authenticity and subtle changes to evade detection, poses a significant challenge to both legacy email security systems and human vigilance.
“If these trends continue, organizations in the financial services industry should prepare for the increasing frequency of email-based attacks targeting human fallibility,” the company wrote.
“While VEC, BEC, and scams can often circumvent traditional security solutions, organizations are meeting the challenges presented by sophisticated email attacks head-on by adopting sophisticated cloud email security.”