Buckle Up: BEC and VEC Attacks Target Automotive Industry

Research reveals the automotive industry has become a popular target for business email compromise and vendor email compromise attacks. Learn why.
April 10, 2024

While every organization across every vertical is at risk of experiencing advanced email attacks, there are certain industries that, for various reasons, periodically become the go-to target for threat actors. Our research revealed that the automotive industry currently finds itself in the crosshairs of cybercriminals launching business email compromise (BEC) and vendor email compromise (VEC) attacks.

These attacks, designed to deceive employees and extract money or sensitive information, pose a significant threat to an automotive organization’s financial stability and reputation. One alarming case that highlights the severity of the issue is the $37 million loss suffered by auto parts supplier Toyota Boshoku. In this attack, fraudsters used an email scam to manipulate an employee into changing bank account information for a wire transfer.

Although BEC and VEC attacks are on the rise across the board, the data on the automotive industry is especially alarming. Here’s a closer look at what our research uncovered.

Threat Actors Rev Up BEC and VEC Attacks on the Automotive Industry

So why are organizations in the automotive industry particularly popular targets for BEC and VEC attacks? First, high-value transactions for parts and inventory are common. Second, automotive groups rely on complex supply chains and vast vendor ecosystems—providing attackers with ample third parties to impersonate and vulnerabilities to exploit.

Between September 2023 and February 2024, BEC attacks against businesses in the automotive industry increased by 70.5%. This represents 1.7 BEC attacks per week, compared to 1 attack per week during the prior six-month period. The first quarter of 2024 was particularly active, potentially indicating a trend for the rest of the year.

Auto Industry Blog Median Number of BEC Attacks per Week

VEC attacks targeting automotive organizations were similarly elevated between September 2023 and February 2024, with 63% of Abnormal Security customers in the automotive industry experiencing at least one VEC attack. This is a higher rate than experienced by organizations in the energy/infrastructure (54%), hospitality (50%), and finance (35%) industries during the same timeframe.

The financial implications of falling victim to these attacks are substantial, with the average cost of a successful BEC attack exceeding $137,000. Adding to the challenge, these sophisticated social engineering tactics often bypass traditional security measures, leaving employees—notoriously the weakest link in the cybersecurity chain—as the last line of defense.

By impersonating colleagues or trusted vendors through spoofed email addresses or compromised accounts, threat actors trick targets into divulging sensitive information or making unauthorized financial transactions.

Looking Under the Hood of a Real Attack

In the business email compromise attack below, the threat actor posed as the president of a truck dealership and emailed the dealership’s accounts payable department. The message was designed to appear as if the impersonated president was forwarding an invoice from a professional services provider along with his approval to remit payment.

Auto Industry Blog Email E

Example of email attack targeting an organization in the automotive industry

Because this attack has no obvious indicators of compromise and was sent from an established, trusted domain, it is unlikely to be flagged as malicious by a legacy email security system. Additionally, because the attacker took several steps to increase the appearance of legitimacy (e.g., changing the sender display name and email account name to that of the dealership’s president and creating a fraudulent email thread referencing a real business), the average employee would likely believe the message and the request are legitimate.

Clearly, automotive organizations need more sophisticated security to meet the evolving threat landscape head-on.

Defending Automotive Organizations Against Sophisticated Email-Based Attacks

The auto industry faces a rising tide of email attacks that exploit the human element of cybersecurity. Secure email gateways and other traditional security tools cannot detect email threats that rely on social engineering and lack traditional indicators of compromise, such as suspicious links or malicious attachments.

Abnormal’s solution, on the other hand, uses behavioral AI to understand known good behavior and determine when an email or an event is anomalous, enabling it to detect sophisticated attacks that bypass other platforms. Because Abnormal automatically remediates malicious messages, it removes the possibility of end-user engagement. This gives automotive organizations a way to proactively protect themselves against BEC, VEC, and other email-based attacks.

Learn how to protect employee inboxes against the ever-evolving attack landscape in our latest email threat report.

Download the Report
Buckle Up: BEC and VEC Attacks Target Automotive Industry

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B travelscams
Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.
Read More
B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More