The FBI and the U.S. Food and Drug Administration have reported an increase in cyberattacks against food companies. The police report says that attackers are actively carrying out BEC attacks, posing as employees of legitimate companies. Typically, scammers send victims fake orders for large food deliveries on credit.
As an example, the FBI cited one of the August attacks, when a supplier received an order for a truckload of sugar on credit from a high-ranking employee of an unnamed American company. The recipient of the request noticed an extra letter in the sender's domain address, after which he contacted the company on behalf of which the attacker wrote to him and found out that there was no such employee.
However, not everyone is so lucky. The FBI described another attack in August when a supplier received an email from an international food and beverage company asking for two truckloads of powdered milk. Since the request came from the “CFO of the company”, the shipment was sent. As it turned out later, the order turned out to be fake, and the supplier was in debt for more than $160,000.
Other milk powder scams have resulted in losses of up to $600,000.
To avoid such incidents, the FBI and the US Food and Drug Administration recommend that business representatives double-check the contact information provided by customers and watch for small changes in domain names. They also advise employees to receive training on identifying phishing emails.