According to a joint security advisory from the US Department of Agriculture (USDA), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the Federal Bureau of Investigation (FBI), cybercriminals are now using business email compromise (BEC) schemes to steal shipments of food products and ingredients valued at hundreds of thousands of dollars.
The strategy is the same as with previous BEC scams; hackers would send fake emails to purchase food supplies by impersonating workers of actual businesses or breaking into the email system of a legitimate company.
"The victim firm sends the items and completes the order; nevertheless, the thieves do not pay for the goods. Without respect for food safety laws and sanitary procedures, criminals may repackage stolen goods for individual sale, risking contamination or deleting crucial information about ingredients, allergies, or expiry dates. Lower-quality counterfeit products may harm a company's brand, according to the authorities.
According to the advise, businesses from all industries, including suppliers and purchasers, "should think about taking action to safeguard their brand and reputation against fraudsters who exploit their name, image, and likeness to perpetrate fraud and steal merchandise."
The advisory also offers suggestions for how businesses can defend themselves against such attacks, such as independently verifying the contact information provided by new suppliers or clients; scrutinizing hyperlinks and email addresses for minute differences that could cause fraudulent addresses to resemble the names of genuine business partners; routinely running internet searches to check if anyone is misappropriating their identity or exploiting their image; and putting into practice the recommendations.