Cyber Criminals are Using Business eMail Compromise (BEC) to Steal from Food Supply Chain

Updated on 2022-12-22: FBI warns about BEC attacks on food industry

The FBI also issued another security advisory last week, warning about BEC attacks on the food industry where criminal groups have redirected shipments of food and ingredients rather than redirecting and stealing a company’s bank funds.

Updated on 2022-12-16

The FBI, the FDA OCI, and the USDA warned against a rising volume of BEC attacks against food shipment, leading to the theft of food products and ingredients. Read more:

• US Food Companies Warned of BEC Attacks Stealing Food Product Shipments
• Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients

Cyber Criminals are Using Business eMail Compromise to Steal from Food Supply Chain

In a joint cybersecurity advisory, the US Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) warn that business email compromise attacks are being used to steal food products and ingredients. Food suppliers and distributors have reported hundreds of thousands of dollars in losses.

Note

• Forgive the cliché, but ‘tis the season: the holidays are a time where users are distracted and need that extra support to remain vigilant. Make sure they are aware of both every day precautions as well as your reporting mechanisms. Make sure that your MFA deployment isn’t derailed or bypassed in the name of holiday without serious top cover.
• Not simply credit, but any commodity can be fraudulently redirected. Those processing transactions should pick up the phone. Management should ensure that multiple parties are involved in material transactions.

Read more in

• Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients (PDF)
• FBI: Criminals Using BEC Attacks to Scavenge Food Shipments
• FBI warns that BEC attacks now also target food shipments

Updated on 2022-12-12: BEC scammers detained in the US

The US Secret Service and the Department of Justice have announced the arrest of four individuals accused of participating in BEC attacks and credit card fraud schemes. Officials said the suspects stole and laundered more than $5.4 million following BEC attacks on US businesses. The gang also used stolen credit card numbers to fraudulently charge more than $3.4 million on the stolen cards via point-of-sale machines associated with companies registered in their names. Read more:

• Four Defendants Arrested for Multimillion Dollar Fraud and Money Laundering Scheme
• Four Defendants Arrested For Multimillion Dollar Fraud And Money Laundering Scheme

Overview: Lilac Wolverine

Abnormal Security has a detailed report on Lilac Wolverine, a Nigeria-based BEC group that’s specialized in launching large-scale attacks against personal email accounts rather than corporate targets. Abnormal’s research team says the group typically operates by asking the email recipients for help in purchasing gift cards for a friend or relative and that the tactic has been very successful, primarily due to most people’s willingness to help others in a bind. Read more: BEC Group Compromises Personal Accounts and Pulls Heartstrings to Launch Mass Gift Card Attacks