Shift in Email-Based Threats: Behavioral and Relationship Exploitation Now Dominant in Phishing, BEC, and VEC Campaigns
Summary
Hide ▲
Show ▼
Analysis of nearly 800,000 email attacks across 4,600+ organizations reveals a significant shift in attacker tactics from exploiting technical flaws to targeting behavioral and organizational trust within workflows. Email-based threats now rely on finely tailored social engineering, leveraging trusted relationships, routine operations, and evasive pretexts to bypass detection. Phishing remains the most prevalent method (58%), while Business Email Compromise (BEC) and its subtype Vendor Email Compromise (VEC)—now comprising over 60% of BEC attacks—deliver higher impact despite lower volume. Attackers exploit predictable workflows such as file-sharing, invoicing, and internal communications, using redirect chains (over 20% of phishing) and popular URL shorteners (e.g., TinyURL, t.co) to conceal malicious destinations. Geographic targeting is evident, with invoice fraud dominating VEC in North America and procurement-stage pretexts prevailing in EMEA.
Timeline
-
23.04.2026 14:06 1 articles · 3h ago
Email threat landscape evolves: Behavioral and relationship exploitation now account for over 70% of attacks
Analysis covering 793,500 email attacks across 4,600+ organizations shows attackers shifting from technical exploits to behavioral and organizational trust abuse in phishing, BEC, and VEC campaigns. Key findings include the dominance of redirect chains in phishing (20%+) using URL shorteners like TinyURL and t.co, and the rise of VEC as a dominant BEC subtype—especially in invoice fraud in North America and procurement pretexts in EMEA. BEC tactics stratify by organization size: small enterprises see high rates of VIP impersonation (43%), while large organizations and higher education experience elevated lateral compromise (up to 33%). Nearly 40% of BEC attacks impersonate named colleagues or generic internal departments to exploit conditioned trust.
Show sources
- The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface — www.securityweek.com — 23.04.2026 14:06
Information Snippets
-
Phishing accounts for 58% of observed email attacks, while BEC represents 11% and VEC constitutes over 60% of all BEC attacks.
First reported: 23.04.2026 14:061 source, 1 articleShow sources
- The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface — www.securityweek.com — 23.04.2026 14:06
-
Over 20% of phishing attacks use redirect chains to obscure final malicious destinations, with TinyURL (31.6%) and t.co (26.6%) being the most commonly abused URL-shortening services.
First reported: 23.04.2026 14:061 source, 1 articleShow sources
- The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface — www.securityweek.com — 23.04.2026 14:06
-
BEC tactics vary by organization size: VIP impersonation is prevalent in small enterprises (43%) but rare in large ones (7%), while lateral compromise increases with company size—from less than 1% in small firms to over 23% in large enterprises and 33% in higher education.
First reported: 23.04.2026 14:061 source, 1 articleShow sources
- The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface — www.securityweek.com — 23.04.2026 14:06
-
Nearly 40% of BEC attacks exploit trust in named non-executive colleagues (45%) or generic internal communications (e.g., fake IT helpdesk alerts, HR updates) (36.7%), leveraging conditioned employee behavior.
First reported: 23.04.2026 14:061 source, 1 articleShow sources
- The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface — www.securityweek.com — 23.04.2026 14:06
-
In VEC attacks, invoice fraud dominates in North America (42%), while procurement-stage pretexts are most common in EMEA (41%), reflecting localized business practices.
First reported: 23.04.2026 14:061 source, 1 articleShow sources
- The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface — www.securityweek.com — 23.04.2026 14:06