According to a joint advisory issued by several US federal agencies, food organizations are now also being targeted by commercial email compromise (BEC) attacks that aim to steal entire shipments of food.

As revealed by the FBI, the Food and Drug Administration’s Office of Criminal Investigations (FDA OCI) and the United States Department of Agriculture (USDA), the value of stolen food reaches, in some cases, hundreds of thousands of dollars.

Tactics used to achieve this include spoofing email addresses and domains or using compromised email accounts belonging to legitimate companies to order large quantities of food items that are never paid for.

The advisory also warns that the criminals behind these BEC schemes may also repackage stolen goods for resale “disregarding food safety regulations and sanitation practices, at the risk of contamination”.

“In recent incidents, criminal actors have targeted physical assets rather than wire transfers using BEC tactics,” the advisory said. warns.

“Companies in all industries – buyers and suppliers – should consider taking steps to protect their brand and reputation from scammers who use their name, image and likeness to commit fraud and steal products.”

The FBI, FDA, and USDA have also urged food companies that may become targets of such attacks to take the following steps to defend against attempted BEC fraud and product theft:

• Train employees on how to identify fraudulent email addresses and domains.
• Implement user training and phishing exercises to raise awareness of the risks of suspicious links and attachments.
• Do web searches for your business name to identify fraudulent websites that could be used to misrepresent you as a scam.

BEC fraud responsible for $43 billion in reported losses

In May, the FBI revealed that losses from BEC scams continue to grow significantly each yearwith a 65% increase in identified global exposed losses recorded between July 2019 and December 2021.

From June 2016 to July 2019, the FBI’s Internet Crime Complaint Center received complaints about more than 241,000 domestic and international incidents, with a total exposed dollar loss of more than $43.3 billion.

In 2021 alone, victims reported losses of around $2.4 billion, according to 19,954 complaints related to BEC attacks and targeting individuals and businesses.

BEC scammers have also been targeting US federal funding programs such as Medicare and Medicaid, as revealed by the US Department of Justice (DOJ) in indicting ten suspects for stealing more than $11.1 million.

The US DOJ said the attackers allegedly spoofed hospitals’ email addresses to instruct public and private health insurance programs to switch to new bank accounts (under the control of their co-conspirators) to send payments for. medical services.

Unfortunately, as the FBI has said in the past, the success rate of BEC fraudsters is very high because they usually choose to impersonate someone the target trusts, such as business partners or company executives. ‘company.