US Advisory: Hackers Using Emails to Steal Shipments of Food

Eric Goldstein
Eric Goldstein Chief Editor
Eric Goldstein Eric Goldstein Chief Editor

The FBI, with the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) announced a joint Cybersecurity Advisory to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise to steal shipments of food products and ingredients valued at hundreds of thousands of dollars.

The hackers spoofed emails and domains to impersonate employees of legitimate companies to order food products. When the company fulfills the order and ships the goods, the criminals fail to pay for the products.

Then, the hackers sometimes repackage the stolen products for individual sale without regard for food safety regulations. And, these products, typically of lesser quality,  can damage a company’s reputation.

There are very recent examples of hackers targeting the Food & Agriculture sector.

A US sugar supplier received a request through their web portal for a full truckload of sugar in August. The request contained grammatical errors and purportedly came from a senior officer of a US non-food company.

The sugar supplier identified the email address had an extra letter in the domain name and independently contacted the actual company to verify there was no employee by that name working there.

Also in August, a food distributor received an email purportedly from a multinational snack food and beverage company requesting two full truckloads of powdered milk. The criminal actor used the real name of the chief financial officer of the snack food company but used an email address containing an extra letter in the domain name.

The victim company had to pay their supplier more than $160,000 for the shipment after responding to the fraudulent request.

The US agencies provided a list of recommendations for what Food and Agriculture companies should look for and what to do if they feel a hacker is attempting to steal shipments of food.

About the Author
Eric Goldstein
Eric Goldstein
Chief Editor

About the Author

Eric Goldstein is Chief Editor at SafetyDetectives. As an internet security researcher and IT journalist, he has over 3 years of experience writing and editing articles and blog posts about VPNs, parental controls, and other cybsersecurity products and tools. In addition, Eric writes and edits news stories focused on cybersecurity issues for SafetyDetectives. He also spent 20+ years as a sportswriter for multiple media outlets and served in a communications role for a national corporation. When he's not working, he can be found spending time with his family, working out, and watching his favorite sports teams.