Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A cybersecurity joint advisory issued by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) warns the Food & Agriculture sector of the emerging business email compromise (BEC) attacks on food shipments.
The U.S. federal agencies stated that, in recently observed incidents, criminals used BEC attacks to steal food products worth hundreds of thousands of dollars.
How Does the Attack Take Place?
They accomplished this through tactics such as spoofing email addresses and domains or exploiting compromised email accounts belonging to legitimate businesses in order to make large purchases of food products that are never paid for.
What’s even more worrying is that the criminals may also repackage the stolen products and attempt to resell them “without regard for food safety regulations and sanitation practices, risking contamination or omitting necessary information about ingredients, allergens, or expiration dates”, notes the advisory.
In recent incidents, criminal actors have targeted physical goods rather than wire transfers using BEC tactics. Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products.
The FBI, FDA, and USDA urge businesses to use a risk-informed analysis to prepare for, mitigate, and respond to cyber incidents and cyber-enabled crime.
Mitigation Measures
Some mitigation measures suggested by the U.S federal agencies include:
- Educating employees on how to detect suspicious domains and email addresses;
- Increasing user awareness of the dangers of opening or clicking on questionable links or attachments by conducting phishing exercises and training;
- Conducting web searches for your company’s name to find imposter websites.
The document also contains recommendations for information technology administrators to assist in the prevention of BEC-enabled product theft schemes and the exploitation of the company’s email system in a scam.
The complete advisory issued by FBI, FDA and USDA is available here.
As Bleeping Computer explains, in May, the FBI reported that losses related to BEC scams continue to rise each year dramatically, with a 65% increase in detected global exposed losses documented between July 2019 and December 2021.
For the year 2021, victims have filed 19,954 complaints totaling nearly $2.4 billion in losses due to BEC attacks against both people and businesses. The FBI has previously stated that business email compromise (BEC) fraudsters have a high likelihood of success because they typically impersonate someone the victim trusts, such as a business partner or a company executive.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
