Hackers are now targeting food supplies in BEC scams, FBI warns
No, they're not eating the food - but stealing entire deliveries
Threat actors are transforming business email compromise (BEC) attacks to steal more than just money, experts have warned.
In a joint warning published by multiple US law enforcement agencies, BEC attacks were found to now being against food companies to steal deliveries.
A joint cybersecurity advisory published by the Department of Justice (DoJ), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the Federal Bureau of Investigation (FBI) claims hackers are stealing “large shipments of food products and ingredients”, whose market price often reaches “hundreds of thousands of dollars”.
Sending food shipments
The strategy is the same as with any other BEC attack - the hackers would compromise an executive’s email account, and then use it to send fraudulent orders, or would simply imitate an order from a third-party email provider. Whatever the case may be, the result is the same - food companies sending out shipments of food products that never get paid for.
The attackers don’t eat the food, though. They resell it on the black market, which is a risk in itself, as they disregard food safety regulations and sanitation practices, the advisory reads. People that end up eating that food are at risk of various diseases.
"Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products," the advisory says.
To protect against these attacks, the organizations say, businesses should educate their employees on the dangers of business email compromise attacks, as well as phishing attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
They should also run frequent training, as means of raising awareness about the risks of clicking on suspicious links or downloading suspicious attachments. Finally, they should regularly scan the internet to see if anyone’s stealing their identity or abusing their image in any way.
- These are the best endpoint protection tools around
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.