Organizations in the food sector are now also targeted in business email compromise (BEC) attacks that aim to steal entire shipments of food, according to a joint advisory issued by several U.S. federal agencies.
As the FBI, the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) revealed, the value of the stolen food reaches, in some cases, hundreds of thousands of dollars.
Tactics used to achieve this include spoofing email addresses and domains or using compromised email accounts belonging to legitimate companies to order large shipments of food products that never get paid.
The advisory also warns that the criminals behind this BEC schemes may also repackage the stolen goods to resell them “without regard for food safety regulations and sanitation practices, risking contamination.”
“In recent incidents, criminal actors have targeted physical goods rather than wire transfers using BEC tactics,” the advisory warns.
“Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products.”
The FBI, FDA, and USDA also urged businesses in the food sector that might become the target of such attacks to take the following measures to defend themselves against BEC fraud attempts and product theft:
Train employees on how to identify fraudulent email addresses and domains.
Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.
Conduct web searches for your company name to identify fraudulent websites that may be used to impersonate you in a scam.
BEC fraud behind $43 billion in reported losses
In May, the FBI revealed that losses due to BEC scams continue to grow each year significantly, with a 65% increase in identified global exposed losses recorded between July 2019 and December 2021.
From June 2016 to July 2019, the FBI’s Internet Crime Complaint Center received complaints about more than 241,000 domestic and international incidents, with a total exposed dollar loss of over $43.3 billion.
In 2021 alone, victims have reported roughly $2.4 billion in losses, according to 19,954 complaints linked to BEC attacks and targeting individuals and businesses.
BEC scammers have also been targeting U.S. federal funding programs like Medicare and Medicaid, as the U.S. Department of Justice (DOJ) revealed when charging ten suspects for stealing more than $11,1 million.
US DOJ said the attackers allegedly spoofed the email addresses of hospitals to request public and private health insurance programs to switch to new bank accounts (under their co-conspirators’ control) to send payments for medical services.
Unfortunately, as the FBI has said in the past, the success rate of BEC fraudsters is very high because they generally choose to impersonate someone the target trusts, like business partners or company executives.