- FBI has warned that threat actors are now using BEC to steal food deliveries, hurting both companies and consumers.
- Threat actors steal food deliveries and re-sell them on the black market for hundreds of thousands of dollars.
- This hurts providers, suppliers, and consumers, wasting thousands of dollars and putting people’s health at risk with unregulated food.
Hackers have now started using business email compromise (BEC) to steal food deliveries by using their usual methods. The hackers gain access to an executive’s email account, use it to place fake orders, or just pretend to be a third-party email provider placing an order. Whatever the circumstances, the outcome is always the same: food companies ship out food products but never get paid for them.
Hackers re-sell stolen food on the black market
Hackers then sell the stolen food which can be hundreds of thousands of dollars worth on the black market for profit. Since the threat actors do not care about food safety regulations and they do not get checked, the food that is being sold by them has the chance to infect many people with several illnesses. FBI says,
« Companies in all sectors, both buyers and suppliers, should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products. »
BEC is one of the most financially damaging online crimes. According to the FBI’s Internet Crime Complaint Center, victims reported losses of almost $2.4 billion in 2021, based on 19,954 recorded complaints linked to BEC attacks targeting individuals and businesses.
Cybersecurity advisory recommendations
Some of the recommendations provided in the advisory include:
- Enable anti-phishing and anti-spoofing security features that block malicious emails.
- Enable multi-factor authentication for all email accounts.
- Enable alerts for suspicious activity, such as foreign logins.
- Verify all payment changes, credit requests, and transactions in person or via a known telephone number rather than through a number or link provided in a suspicious email.
- Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.
The FBI has BEC resources here.