According to joint advisory issuance by several U.S. federal agencies, organizations in the food industry are now being aimed in company email compromise (BEC) attacks aimed at stealing entire shipments of food. The FBI has issued a warning that BEC attacks are now targeting food shipments.
According to the FBI, the Food and Drug Administration Office of Criminal Investigations (FDA OCI). As well as the United States Department of Agriculture (USDA), the value of the stolen food can reach hundreds of thousands of dollars in some cases.
Spoofing email addresses and domains, as well as using vulnerable email accounts actually belonged to legitimate companies, are used to purchase huge quantities of food products that are never paid for.
The advisory also warns that the lawbreakers behind these BEC schemes may repackage. And resell stolen goods “without respect for food safety laws and sanitation practices, risking contamination.”
“In recent events, lawbreaker actors have used BEC tactics to target tangible goods instead of wire transfers,” the advisory warns.
Also, read FBI: Hacktivist DDoS attacks had a minimal effect on important organizations
“Companies in all industries, both buyers and suppliers, should think about taking steps to safeguard their reputation. And brand from scam artists who use their title, picture, and similarities to defraud people and steal products.”
The FBI, FDA, and USDA also urged food-related businesses that may become targets of such threats to adopt the following precautions to protect themselves from BEC fraud tries and product theft:
Employees should be taught how to spot bogus email addresses and domain names.
Use user training and malware exercises to educate users about the dangers of malicious links and attachments.
Search the web for your corporation to identify fake websites that could be used to imitate you in a fraud.
BEC fraud behind $43 billion in reported losses.
The FBI revealed in May that losses from BEC scams are increasing year after year, with a 65% rise in identified worldwide exposure losses documented between July 2019 and Dec. 2021.
From June 2016 to July 2019, the FBI’s Cyber Crimes Complaint Center received complaints about over 241,000 domestic and foreign incidents. This totals more than $43.3 billion in exposed dollar purchases.
According to 19,954 people complaining linked to BEC threats and trying to target individuals and businesses, victims reported approximately $2.4 billion in losses in 2021 alone.
Also, read Cuba ransomware alert from CISA and the FBI
BEC scammers have also targeted US federal funding programmes such as Medicare and Medicaid. As revealed by the US Department of Justice (DOJ) when charging ten suspects with stealing more than $11.1 million.
According to the US Department of Justice, the attackers allegedly spoof hospital email addresses in order to request that both public and private health insurance plans switch to new bank accounts (under the control of their co-conspirators) to send payouts for medical services.
Regrettably, as the FBI has stated in the past, BEC fraudsters have a high success rate. Even though they generally want to imitate someone that the target trusts, such as business relationships or company executives.
