Criminals are increasingly using business email compromise (BEC) strategies to steal shipments of food products, including ingredients like powdered milk and sugar, warn the FBI, FDA and US Department of Agriculture.
A joint Cybersecurity Advisory (CSA) from the federal agencies notes that the fraudsters are creating email accounts and websites that closely mimic those of a legitimate company, and use them to place orders with food businesses.
In one example, a food distributor received an email purportedly from a multinational snack food and beverage company requesting two full truckloads of powdered milk, using the name of the purchasing company's chief financial officer. The victim company had to pay their supplier more than $160,000 for the shipment after responding to the fraudulent request, says the advisory.
The agencies note the targeting of physical goods is a spin on the usual modus operandi of trying to get money fraudulently through wire transfers.
"Criminals may repackage stolen products for individual sale without regard for food safety regulations and sanitation practices, risking contamination or omitting necessary information about ingredients, allergens, or expiration dates," says the alert.
The agencies recommend that companies to use a "risk-informed analysis to prepare for, mitigate, and respond to cyber incidents and cyber-enabled crime."
That includes independently verify contact information provided by new vendors or customers through reputable online sources like associations or business directories, paying close attention the verified company name and spelling and typos in correspondence.
They should also check for hyperlinks and email addresses for slight variations that can make fraudulent addresses appear legitimate, and encourage workers to be on the lookout for BEC scams.
©
SecuringIndustry.com