Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients

SUMMARY

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars.

While BEC is most commonly used to steal money, in
cases like this criminals spoof emails and domains to
impersonate employees of legitimate companies to
order food products. The victim company fulfills the
order and ships the goods, but the criminals do not pay
for the products. Criminals may repackage stolen
products for individual sale without regard for food safety regulations and sanitation practices, risking contamination or omitting necessary information about ingredients, allergens, or expiration dates. Counterfeit goods of lesser quality can damage a company’s reputation.

BEC is one of the most financially damaging online crimes. According to the FBI’s Internet Crime Complaint Center, victims reported losses of almost $2.4 billion in 2021, based on 19,954 recorded complaints linked to BEC attacks targeting individuals and businesses.