THE SecurityWeek piece, published on 23 April 2026, reports that new analysis from Abnormal AI shows attackers have shifted away from technical exploits toward weaponising trusted relationships and routine workflows. Phishing remains the primary method, making up 58% of attacks, with BEC accounting for 11% and VEC comprising more than 60% of all BEC attacks.
The analysis highlights that nearly 40% of all BEC attacks exploit the trust employees place in colleagues and internal departments, and 45% of these impersonate a named non-executive colleague. It also notes that BEC lateral attacks are more common in larger organisations, rising to more than 23%, and that higher education is notably susceptible, with 33% of BEC attacks being lateral.
In VEC, invoice fraud dominates in North America (42% of campaigns) and procurement-stage pretexts dominate in EMEA (41%), underscoring how geographic business practices shape attack methods. According to Abnormal AI’s 2026 Attack Landscape, the attackers now blend into workflows with sophisticated pretexts, moving away from the old typo-strewn emails and suggesting defensive AI can help flag these “business as usual” moments before victims engage.