Cybercriminals are now using business email compromise (BEC) schemes to steal shipments of food products and ingredients valued at hundreds of thousands of dollars, a joint security advisory from the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) warns.
The tactic is the same as with any other BEC scams - cybercriminals would spoof emails of employees of legitimate companies or gain access to email system of a legitimate firm to send fraudulent emails to order food products.
“The victim company fulfills the order and ships the goods, but the criminals do not pay for the products. Criminals may repackage stolen products for individual sale without regard for food safety regulations and sanitation practices, risking contamination or omitting necessary information about ingredients, allergens, or expiration dates. Counterfeit goods of lesser quality can damage a company’s reputation,” the agencies said.
“Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products,” the advisory said.
The advisory also provides recommendations for companies to protect themselves against such attacks, including independently verifying contact information provided by new vendors or customers; checking hyperlinks and email addresses for slight variations that can make fraudulent addresses appear legitimate and resemble the names of actual business partners; regularly conducting internet searches to see if anyone is stealing their identity or abusing their image; implementing a user training program with phishing exercises to raise and maintain awareness among users about risks of visiting malicious websites or opening malicious attachments.