Abnormal Knowledge Bases: Using VendorBase to Prevent Vendor Email Compromise Attacks

Discover how Abnormal provides detailed risk assessments based on vendor email analysis with VendorBase.
December 21, 2022

Organizations spend hundreds of thousands of dollars increasing their security posture to protect against the constant threat of cyberattacks, all of which could cause financial loss, damage to brand reputation, or data loss. But what happens when attackers focus less on you and more on your supply chain? What can you do about the attackers who are targeting you, using real accounts of the vendors with which you do business?

Since its initial identification in 2013, executive impersonation has been the most popular type of business email compromise, as attackers often impersonate the CEO. But over the past few years, attackers have started adjusting their strategies—opting to impersonate third-party vendors and suppliers instead.

Supply chain email compromise, often referred to as vendor email compromise or VEC, is an attack strategy that involves the impersonation of a trusted vendor to gain access to company funds, intellectual property, employee information, or customer data. Attackers may use domain spoofing, user impersonation, or stolen credentials of compromised accounts to engage with organizations.

In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time. This trend has continued each month since, with third-party impersonations making up 52% of all BEC attacks in May 2022. Part of this increase can be attributed to the fact that there are multiple ways for organizations to be targeted by vendors, including with aging report attacks and blind third-party impersonation using information gathered from the public domain.

How Abnormal Stops VEC Attacks

Abnormal’s approach to cloud email security goes beyond simply identifying your employees and assessing the risk for each one. Instead, Abnormal analyzes communications between all senders and recipients, including the vendors in your supply chain.

Using our behavioral AI, machine learning models, natural language processing, and computer vision, we can establish a baseline of communication patterns, track invoice information such as banking details, and analyze the relationship between vendor and organization. Our in-depth content analysis allows us to inspect every email's tone, intent, attachments, and URLs to determine the risk score of the message and provide a risk assessment of the vendor. By understanding normal behavior, Abnormal can detect when changes have occurred across the supply chain and use that risk information to make decisions on incoming messages.

Increase Your Visibility With VendorBase

Abnormal centralizes the email analysis information of your vendors in a Knowledge Base called VendorBase™. VendorBase is a global, federated database that tracks the reputation of every vendor across all Abnormal customers, providing deeper insight and visibility into each vendor’s email activities. By correlating data across all customers, Abnormal can detect when a vendor may be at higher risk for one customer and use that information to block emails from that same vendor for another customer.


VendorBase gives Abnormal customers access to the signals used as part of our behavioral AI for every vendor.

This includes:

  • Profile information

  • Relationship analysis, including vendor contacts and internal recipients

  • Common vendor locations and IP addresses

  • Risk assessment scores with in-depth insights

  • Timeline of malicious email activity, including attacks targeting the Abnormal community

In this example, you can see the information Abnormal has gathered about Prolia Systems.


The risk assessment of each vendor is computed using signals related to the vendor's identity and behavior, as well as the content of each message. It also includes reports from all Abnormal customers and uses the results as part of the risk assessment computation. This information is included in VendorBase and is available to all Abnormal customers.


How VendorBase Can Help Your Organization

Before VendorBase, organizations lacked a tool that would offer them clear visibility into the risk of their supply chain, making it difficult to detect email attacks. And because these attacks are often sent from legitimate vendor accounts, they can cause severe loss to organizations.

With Abnormal, preventing supply chain compromise is easy and does not require manual configuration. With our cloud-native, API-based approach, there is no delay in email delivery time, and all inspection and scanning are performed in memory.

Abnormal natively integrates into your cloud office environment, assesses signals about your employees and vendors, and continuously establishes baselines of “known good” behavior throughout the environment. When an email deviates from this baseline, Abnormal automatically remediates the message and thwarts the attack, protecting your organization from both vendor fraud and the full spectrum of attacks.

Want to learn more about VendorBase? Request a personalized demo today to see the product in action.

Abnormal Knowledge Bases: Using VendorBase to Prevent Vendor Email Compromise Attacks

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 MKT477 Energy Infrastructure Data Blog
Energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. Learn more.
Read More
B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More