Cybercriminals’ latest grift: powdered milk and sugar by the truckload
Cybercriminals are increasingly targeting companies in the food and agriculture sector with business email compromise (BEC) schemes, resulting in truckloads of products ending up in scammers’ hands.
In a joint Cybersecurity Advisory from the FBI, Food and Drug Administration and U.S. Department of Agriculture released on Thursday, officials warned of the prevalence of BEC scams, in which threat actors send emails impersonating employees of a legitimate company to place fraudulent orders. In the cases cited in the advisory, the criminals used email addresses with slight differences from those they were imitating.
In one instance, in August, a supplier received a request for a truckload of sugar on credit from a senior employee at an unnamed U.S. company. The recipient of the request noticed the extra letter in the domain name of the address and, after contacting the company, discovered there was nobody there with that name.
Others weren’t so fortunate, however. Also in August, a food distributor received an email from a multinational food and beverage company for two truckloads of powdered milk. The request came from the company’s chief financial officer, and the shipment was sent. In fact, the email address had one extra letter in the domain name and the distributor ended up on the hook for more than $160,000.
Other scams, all for powdered milk, resulted in losses of as much as $600,000.
The agencies recommend that businesses double-check contact information provided by customers and keep an eye out for small changes to domain names. They also suggest that employees undergo training to detect malicious emails.
According to the FBI’s Internet Complaint Center, $2.4 billion was reported lost to BEC schemes in 2021, with nearly 20,000 complaints filed.