Buckle Up: BEC and VEC Attacks Target Automotive Industry

While every organization across every vertical is at risk of experiencing advanced email attacks, there are certain industries that, for various reasons, periodically become the go-to target for threat actors. Our research revealed that the automotive industry currently finds itself in the crosshairs of cybercriminals launching business email compromise (BEC) and vendor email compromise (VEC) attacks.

These attacks, designed to deceive employees and extract money or sensitive information, pose a significant threat to an automotive organization’s financial stability and reputation. One alarming case that highlights the severity of the issue is the $37 million loss suffered by auto parts supplier Toyota Boshoku. In this attack, fraudsters used an email scam to manipulate an employee into changing bank account information for a wire transfer.

Although BEC and VEC attacks are on the rise across the board, the data on the automotive industry is especially alarming. Here’s a closer look at what our research uncovered.

So why are organizations in the automotive industry particularly popular targets for BEC and VEC attacks? First, high-value transactions for parts and inventory are common. Second, automotive groups rely on complex supply chains and vast vendor ecosystems—providing attackers with ample third parties to impersonate and vulnerabilities to exploit.

Between September 2023 and February 2024, BEC attacks against businesses in the automotive industry increased by 70.5%. This represents 1.7 BEC attacks per week, compared to 1 attack per week during the prior six-month period. The first quarter of 2024 was particularly active, potentially indicating a trend for the rest of the year.

VEC attacks targeting automotive organizations were similarly elevated between September 2023 and February 2024, with 63% of Abnormal Security customers in the automotive industry experiencing at least one VEC attack. This is a higher rate than experienced by organizations in the energy/infrastructure (54%), hospitality (50%), and finance (35%) industries during the same timeframe.

The financial implications of falling victim to these attacks are substantial, with the average cost of a successful BEC attack exceeding $137,000. Adding to the challenge, these sophisticated social engineering tactics often bypass traditional security measures, leaving employees—notoriously the weakest link in the cybersecurity chain—as the last line of defense.

By impersonating colleagues or trusted vendors through spoofed email addresses or compromised accounts, threat actors trick targets into divulging sensitive information or making unauthorized financial transactions.

In the business email compromise attack below, the threat actor posed as the president of a truck dealership and emailed the dealership’s accounts payable department. The message was designed to appear as if the impersonated president was forwarding an invoice from a professional services provider along with his approval to remit payment.

Because this attack has no obvious indicators of compromise and was sent from an established, trusted domain, it is unlikely to be flagged as malicious by a legacy email security system. Additionally, because the attacker took several steps to increase the appearance of legitimacy (e.g., changing the sender display name and email account name to that of the dealership’s president and creating a fraudulent email thread referencing a real business), the average employee would likely believe the message and the request are legitimate.

Clearly, automotive organizations need more sophisticated security to meet the evolving threat landscape head-on.

The auto industry faces a rising tide of email attacks that exploit the human element of cybersecurity. Secure email gateways and other traditional security tools cannot detect email threats that rely on social engineering and lack traditional indicators of compromise, such as suspicious links or malicious attachments.

Abnormal’s solution, on the other hand, uses behavioral AI to understand known good behavior and determine when an email or an event is anomalous, enabling it to detect sophisticated attacks that bypass other platforms. Because Abnormal automatically remediates malicious messages, it removes the possibility of end-user engagement. This gives automotive organizations a way to proactively protect themselves against BEC, VEC, and other email-based attacks.

Learn how to protect employee inboxes against the ever-evolving attack landscape in our latest email threat report.