chat
expand_more

Abnormal Knowledge Bases: Using VendorBase to Prevent Vendor Email Compromise Attacks

Discover how Abnormal provides detailed risk assessments based on vendor email analysis with VendorBase.
December 21, 2022

Organizations spend hundreds of thousands of dollars increasing their security posture to protect against the constant threat of cyberattacks, all of which could cause financial loss, damage to brand reputation, or data loss. But what happens when attackers focus less on you and more on your supply chain? What can you do about the attackers who are targeting you, using real accounts of the vendors with which you do business?

Since its initial identification in 2013, executive impersonation has been the most popular type of business email compromise, as attackers often impersonate the CEO. But over the past few years, attackers have started adjusting their strategies—opting to impersonate third-party vendors and suppliers instead.

Supply chain email compromise, often referred to as vendor email compromise or VEC, is an attack strategy that involves the impersonation of a trusted vendor to gain access to company funds, intellectual property, employee information, or customer data. Attackers may use domain spoofing, user impersonation, or stolen credentials of compromised accounts to engage with organizations.

In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time. This trend has continued each month since, with third-party impersonations making up 52% of all BEC attacks in May 2022. Part of this increase can be attributed to the fact that there are multiple ways for organizations to be targeted by vendors, including with aging report attacks and blind third-party impersonation using information gathered from the public domain.

How Abnormal Stops VEC Attacks

Abnormal’s approach to cloud email security goes beyond simply identifying your employees and assessing the risk for each one. Instead, Abnormal analyzes communications between all senders and recipients, including the vendors in your supply chain.

Using our behavioral AI, machine learning models, natural language processing, and computer vision, we can establish a baseline of communication patterns, track invoice information such as banking details, and analyze the relationship between vendor and organization. Our in-depth content analysis allows us to inspect every email's tone, intent, attachments, and URLs to determine the risk score of the message and provide a risk assessment of the vendor. By understanding normal behavior, Abnormal can detect when changes have occurred across the supply chain and use that risk information to make decisions on incoming messages.

Increase Your Visibility With VendorBase

Abnormal centralizes the email analysis information of your vendors in a Knowledge Base called VendorBase™. VendorBase is a global, federated database that tracks the reputation of every vendor across all Abnormal customers, providing deeper insight and visibility into each vendor’s email activities. By correlating data across all customers, Abnormal can detect when a vendor may be at higher risk for one customer and use that information to block emails from that same vendor for another customer.

Vendorbase1

VendorBase gives Abnormal customers access to the signals used as part of our behavioral AI for every vendor.

This includes:

  • Profile information

  • Relationship analysis, including vendor contacts and internal recipients

  • Common vendor locations and IP addresses

  • Risk assessment scores with in-depth insights

  • Timeline of malicious email activity, including attacks targeting the Abnormal community

In this example, you can see the information Abnormal has gathered about Prolia Systems.

Vendorbase2

The risk assessment of each vendor is computed using signals related to the vendor's identity and behavior, as well as the content of each message. It also includes reports from all Abnormal customers and uses the results as part of the risk assessment computation. This information is included in VendorBase and is available to all Abnormal customers.

Vendorbase3
Vendorbase4

How VendorBase Can Help Your Organization

Before VendorBase, organizations lacked a tool that would offer them clear visibility into the risk of their supply chain, making it difficult to detect email attacks. And because these attacks are often sent from legitimate vendor accounts, they can cause severe loss to organizations.

With Abnormal, preventing supply chain compromise is easy and does not require manual configuration. With our cloud-native, API-based approach, there is no delay in email delivery time, and all inspection and scanning are performed in memory.

Abnormal natively integrates into your cloud office environment, assesses signals about your employees and vendors, and continuously establishes baselines of “known good” behavior throughout the environment. When an email deviates from this baseline, Abnormal automatically remediates the message and thwarts the attack, protecting your organization from both vendor fraud and the full spectrum of attacks.

Want to learn more about VendorBase? Request a personalized demo today to see the product in action.

Abnormal Knowledge Bases: Using VendorBase to Prevent Vendor Email Compromise Attacks

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More