Employees in large enterprises engage with malicious vendor messages 72% of the time

LAS VEGAS: Abnormal AI, the leader in AI-native human behavior security, today released a new threat intelligence report, Read, Replied, Compromised: Employee Engagement Trends Across VEC Attacks. Drawing on behavioral data from over 1,400 organizations worldwide, the report reveals the extent to which employees are actively engaging with advanced text-based threats like vendor email compromise (VEC) and explores the blind spots attackers are exploiting with highly targeted, socially engineered attacks.

The data revealed that employees frequently struggle to differentiate between legitimate messages and attacks, especially when those emails appear to come from a trusted vendor. The findings are eye-opening: employees at large enterprises engaged with VEC messages 72% of the time after reading them—taking follow-up actions such as replying or forwarding.

In just 12 months, attackers attempted to steal more than $300 million via VEC, with 7% of engagements coming from employees who had engaged with a previous attack. Meanwhile, the overall reporting rate for advanced text-based email threats was just 1.46%, revealing a significant visibility gap for security teams.

“Email-based social engineering has never been more convincing or more effective,” said Mike Britton, CIO at Abnormal AI. “Today’s attackers are hijacking legitimate vendor threads and crafting sophisticated messages that pass undetected through legacy defenses. And because employees believe these emails are real, they are engaging with them at alarming rates.”

The report also identifies engagement rate trends across industries, roles, and regions:

• Telecommunications saw the highest VEC engagement rate of any industry at 71.3%, dwarfing the second-ranked energy/utilities sector at 56%.
• Sales roles, especially entry-level, were among the most vulnerable, with junior sales staff engaging with read VEC attacks at a rate of 86%.
• Organizations in EMEA are highly susceptible to interaction with VEC attacks, despite exercising vigilance around business email compromise (BEC) attacks. In EMEA, the VEC engagement rate exceeds BEC by 90%, and repeat engagement with VEC is the highest of any region—over twice that of BEC. These organizations also demonstrate the lowest reporting rate for VEC (0.27%), yet highest reporting rate for BEC (4.22%).

“While VEC volume remains lower than phishing or ransomware, its success rate—and potential financial impact—is far greater, especially as weaponized AI makes it easier than ever for attackers to impersonate trusted vendors,” Britton added. “To prevent costly human error, organizations must move beyond reactive training and adopt proactive defenses that block threats before they reach the inbox.”

Download the full report: Read, Replied, Compromised: Employee Engagement Trends Across VEC Attacks

About Abnormal AI

Abnormal AI is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior and analyze the risk of every cloud email event—detecting and stopping sophisticated, socially-engineered attacks that target the human vulnerability.

You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly. Additional protection is available for Slack, Workday, ServiceNow, Zoom, and multiple other cloud applications. Abnormal is currently trusted by more than 3,200 organizations, including over 20% of the Fortune 500, as it continues to redefine how cybersecurity works in the age of AI. Learn more at abnormal.ai.

Fonte: Business Wire