Stop Vendor Email Compromise Attacks

Protect your organization from attack emails originating from compromised vendors in your supply chain.
See a Demo
Product Tour: How Abnormal Detects VEC

Trusted by Global Enterprises


Vendor Email Compromise Attacks are Evasive

Attackers often see vendors as the weakest link and use real vendor accounts to target another organization. They change reply-to addresses, add mail forwarding rules, and hijack existing email threads to update banking details or request payments for invoices.

How Abnormal Stops Vendor Email Compromise Attacks

  1. Analyzes thousands of identity attributes to detect compromised vendor accounts.
  2. Detects changes in behavior, including alteration of reply-to addresses and mail forwarding rules.
  3. Uncovers email content associated with attacks, such as urgent tones, unusual banking information, and more.

A Unique Approach to Stopping Vendor Email Compromise

  1. The API architecture ingests thousands of diverse signals to learn normal sending patterns.
  2. Federated knowledge base (VendorBase) provides rich context on vendors across every Abnormal customer.
  3. Natural language processing precisely detects content and tone associated with attacks.

Abnormal Benefits of Stopping VEC


Stopped by Abnormal in largest invoice fraud attack.


Saved by enterprises with Abnormal each year.

15 Hours

Saved for security teams each week.
Abnormal helps us to better protect our organization. We’ve seen a significant drop in BEC and order fraud, so now we have time to be more proactive on security.”
— Ryan Fritts, CISO, ADT

Discover How to Stop VEC

See how you can harness advanced behavioral AI to block vendor fraud.
Get Inbound Email Security

See the Latest VEC Attacks

View the latest attacks blocked by the Abnormal platform.
View More VEC Attacks

Watch the VEC Attack Demo

Discover how Abnormal stops attacks from vendors that evade traditional solutions.
See Abnormal in Action

Stop Attacks from Compromised Vendors

Protect your organization from attacks that originate from compromised vendor accounts.
See a Demo