Organizations in the food sector are now also targeted in business email compromise (BEC) attacks that aim to steal entire shipments of food, according to a joint advisory issued by several U.S. federal agencies.
As the FBI, the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) revealed, the value of the stolen food reaches, in some cases, hundreds of thousands of dollars.
Tactics used to achieve this include spoofing email addresses and domains or using compromised email accounts belonging to legitimate companies to order large shipments of food products that never get paid.
The advisory also warns that the criminals behind this BEC schemes may also repackage the stolen goods to resell them “without regard for food safety regulations and sanitation practices, risking contamination.”
“In recent incidents, criminal actors have targeted physical goods rather than wire transfers using BEC tactics,” the advisory warns.
“Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products.”
The FBI, FDA, and USDA also urged businesses in the food sector that might become the target of such attacks to take the following measures to defend themselves against BEC fraud attempts and product theft:
- Train employees on how to identify fraudulent email addresses and domains.
- Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.
- Conduct web searches for your company name to identify fraudulent websites that may be used to impersonate you in a scam.