FBI warns BEC Attacks now targeting Food shipments

According to an advisory joint issued by several U.S. Federal agencies, organizations in the food industry are also being targeted in BEC (business email compromise) attacks. These attack aim to steal whole shipments of food.

The FBI, Food and Drug Administration Office of Criminal Investigations, (FDA OCI) and U.S. Department of Agriculture revealed that the theft of food can reach hundreds of thousands of dollars in certain cases.

This can be achieved by spoofing domains and email addresses or using compromised accounts of legitimate businesses to place large orders for food products. However, they never receive payment.

This advisory warns, however that criminals involved in these BEC schemes could also repackage stolen goods for resale “without regard to food safety regulations or sanitation practices, posing a risk of contamination.”

The advisory states that criminals have targeted physical goods in recent cases rather than wire transfers with BEC tactics.

Companies in every sector, both buyers and sellers, should consider protecting their reputation and brand from fraudsters who will use their image and name to steal their products and commit fraud.

FBI, FDA and USDA advised food industry businesses that could be the victim of these attacks to follow the steps below to protect themselves from BEC fraud and product theft.

  • Training employees in how to spot fraudulent domains and email addresses.
  • To raise awareness of the dangers associated with suspicious attachments and links, it is important to conduct user training.
  • To identify scam websites, conduct web searches using your company name.

Reports of losses at $43 billion attributed to BEC fraud

The FBI announced in May that BEC scams with an additional 65% rise in global exposed losses between July 2019-December 2021.

Between June 2016 and July 2019, more than 241,000 incidents domestically or internationally were reported to the FBI’s Internet Crime Complaint Center, with an exposed loss of $43.3 billion.

According to 19954 complaints related to BEC attacks against individuals and businesses, 2021 has seen losses of approximately $2.4 billion.

BEC fraudsters also targeted U.S. federal funding programs such as Medicare and Medicaid. The U.S. Department of Justice (DOJ), charged ten individuals with stealing over $11,1million.

The US DOJ stated that the attackers had allegedly stolen the hospital email addresses in order to solicit public and private insurance plans to change to bank accounts under their control to receive payments for services.

The FBI stated in the past that the FBI had never been able to prove the BEC fraudsters’ success rates because they choose to pretend to be business partners or executives.