Supply chain attacks fall into two main categories: email fraud and third-party software. In these attacks, cyber criminals compromise vendors or service providers in order to attack their customers and partners. Initial supplier compromise is often by phishing or malware. Once inside a supplier system, attackers can impersonate email accounts to initiate phishing, invoicing fraud or other types of attack against customers. Once attackers have breached customer systems, they can steal confidential data, install ransomware or use access to trigger a further wave of phishing or email fraud attacks.