Threat actors are transforming business email compromise (BEC) attacks to steal more than just money, experts have warned.
In a joint warning published by multiple US law enforcement agencies, BEC attacks were found to now being against food companies to steal deliveries.
A joint cybersecurity advisory published (opens in new tab) by the Department of Justice (DoJ), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the Federal Bureau of Investigation (FBI) claims hackers are stealing “large shipments of food products and ingredients”, whose market price often reaches “hundreds of thousands of dollars”.
Sending food shipments
The strategy is the same as with any other BEC attack – the hackers would compromise an executive’s email account, and then use it to send fraudulent orders, or would simply imitate an order from a third-party email provider. Whatever the case may be, the result is the same – food companies sending out shipments of food products that never get paid for.
The attackers don’t eat the food, though. They resell it on the black market, which is a risk in itself, as they disregard food safety regulations and sanitation practices, the advisory reads. People that end up eating that food are at risk of various diseases.
“Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation from scammers who use their name, image, and likeness to commit fraud and steal products,” the advisory says.
To protect against these attacks, the organizations say, businesses should educate their employees on the dangers of business email compromise attacks, as well as phishing attacks.
They should also run frequent training, as means of raising awareness about the risks of clicking on suspicious links or downloading suspicious attachments. Finally, they should regularly scan the internet to see if anyone’s stealing their identity (opens in new tab) or abusing their image in any way.
Via: BleepingComputer (opens in new tab)
