VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs

New research from Abnormal AI, shared at Infosecurity Europe 2025, reveals that Vendor Email Compromise (VEC) attacks are proving more effective than traditional Business Email Compromise (BEC), particularly across the EMEA region, according to Infosecurity Magazine. For managed security service providers (MSSPs), this shift signals the need to evolve email threat detection and response strategies. VEC attacks impersonate external vendors or suppliers rather than internal executives, making them harder to detect with standard BEC-focused tools.

In EMEA, second-step engagement with VEC emails, such as replies or forwards, reached 47.3%, nearly double that of BEC. Repeat engagements were even more concerning. For MSSPs tasked with protecting clients from social engineering threats, this highlights a blind spot: traditional defenses that focus on executive impersonation may miss more nuanced, vendor-based scams. These attacks exploit trust in business relationships rather than organizational hierarchy, requiring broader behavioral analysis and third-party identity monitoring.

What makes the challenge even more urgent for MSSPs is the low reporting rate of VEC incidents, just 0.2% in EMEA compared to 4.2% for BEC. This suggests users are less likely to recognize or escalate vendor impersonation attempts. MSSPs must consider deploying advanced email security platforms that can flag suspicious third-party behavior, even if it mimics a legitimate supplier or partner. Continuous user education and simulated VEC phishing exercises may also be necessary to close this gap in awareness.

Globally, VEC engagement rates averaged 44%, with slightly lower numbers in North America and APAC. However, BEC attacks remain more effective in those regions, possibly due to cultural differences around workplace authority.