Glossary / Fraud & scams

Vendor Email Compromise (VEC)

Vendor email compromise (VEC) is a scam where an attacker takes over or spoofs a supplier's email account to send fraudulent invoices or bank detail changes to that supplier's customers.

How does vendor email compromise work?

Vendor email compromise flips the usual attack around: instead of compromising your mailbox, the criminal compromises your supplier’s. From inside the supplier’s genuine email account, they watch real invoice conversations and then send fraudulent invoices or bank detail changes to that supplier’s customers, including you. Because the message truly originates from your supplier’s address and sits within an authentic thread, it passes almost every sniff test. A typical Australian example: a builder receives an updated remittance instruction from a materials supplier’s real email, referencing the correct project and amount, and updates the account in good faith. The supplier had no idea their account was being used.

Why it matters for Australian finance teams

VEC is especially hard to catch because the trust signals your team relies on, the sender address, the email history, the branding, are all legitimate. The Australian Signals Directorate and Scamwatch group these losses under business email compromise, one of the highest-loss cybercrime categories for local organisations. For finance teams, the risk is amplified across the supply chain: a single compromised vendor can defraud many of their customers at once.

How ezyshield helps

ezyshield does not rely on the email being trustworthy. It verifies the person, the business through ABN and ASIC records, and bank account ownership before a payment is made, so an instruction from a compromised supplier mailbox cannot resolve to a fraudster’s account. When details change, re-verification is triggered automatically, and each check is written to an append-only audit trail that is logged and never deleted. See how it works and supplier verification in Australia.

Also known as: VEC, supplier email compromise

Last updated: 7 July 2026

Stop payment fraud before money moves

Verify the person, business, and bank account before any payment leaves your account.