Vendor Email Compromise (VEC) is rapidly surpassing Business Email Compromise (BEC) in sophistication and impact across the EMEA region. Recent findings presented at Infosecurity Europe 2025, reveal that second-step engagement with VEC emails – such as replies or forwards – reached 47.3%, nearly double that of BEC. This alarming statistic underscores the need for Managed Security Service Providers (MSSPs) to reassess their email threat detection and response strategies.
The challenge lies in VEC’s ability to impersonate external vendors or suppliers, making it more difficult to detect with traditional BEC-focused tools. These attacks exploit trust in business relationships rather than organizational hierarchy, requiring MSSPs to implement broader behavioral analysis and third-party identity monitoring.
Compounding the issue is the low reporting rate of VEC incidents in EMEA, which stands at just 0.2%, compared to 4.2% for BEC. This suggests that users are less likely to recognize or escalate vendor impersonation attempts. To address this, MSSPs must deploy advanced email security platforms capable of flagging suspicious third-party behavior, even if it mimics a legitimate supplier or partner. Additionally, continuous user education and simulated VEC phishing exercises are essential to close this gap in awareness.
At AUMINT.io, we specialize in providing tailored cybersecurity solutions to protect organizations from sophisticated threats like VEC. Our services encompass advanced threat detection, employee training, and incident response planning to ensure your organization’s resilience against cyberattacks.
Don’t wait for a breach to occur. Take proactive steps today to safeguard your organization’s most valuable assets – Schedule a consultation with our experts to learn how AUMINT.io can help protect your business from sophisticated cyber threats.