Cybercriminals have in recent months stolen hundreds of thousands of dollars’ worth of shipments from US food suppliers by placing fraudulent orders for milk products, the FBI and other federal agencies warned on Friday.
The unnamed criminal groups set up email accounts impersonating top executives of food companies and convinced their suppliers to ship them truckloads of powdered milk, according to the advisory from the FBI, Food and Drug Administration, and Department of Agriculture.
In some cases, the suppliers had already shipped well over $100,000 of milk products before realizing they had been conned, prompting the federal agencies to urge companies to “consider taking steps to protect their brand and reputation.”
It’s the latest example of a type of fraud known as business email compromise (BEC) that has cost Americans far more than any other type of online crime. The FBI received nearly 20,000 BEC complaints last year with estimated losses of $2.4 billion.
In some cases, big pots of federal money have been stolen. In August, someone tricked officials in Lexington, Kentucky, into wiring them $4 million in federal funding that was meant for housing assistance
BEC attacks, however, don’t command the same national attention as ransomware attacks – which lock victims’ computers until a ransom is paid – because they are less noticeable and don’t create disruptions like computer outages. And while multimillion-dollar ransom payments grab headlines, BEC thefts can be smaller sums for individual victims.
But the rampant nature of BEC theft is a top concern for FBI and Secret Service agents.
“We’re talking billions of dollars in loss, and it’s life-impacting loss that a lot of these are having,” Stephen Dougherty, a Secret Service official who investigates BEC fraud, previously told CNN. He oversees a team of agents that investigates BEC fraud around the world and tries to intercept fraudulent money transfers before it’s too late.
As of August, the Secret Service said it had prevented it about $30 million in losses from BEC scams this year. But timing is critical for thwarting fraudulent wire transfers.
“If these aren’t reported to us quickly, chances are slim we can get a recovery,” Dougherty said.
And BEC fraudsters are increasingly targeting the shipment of goods, and not just wire transfers, as the FBI advisory makes clear.
“We’ve been seeing a rapidly growing number of BEC attacks impersonating external third parties, primarily supposed vendors or suppliers,” Crane Hassold, a former behavioral analyst at the FBI, told CNN.
“If a company produces or sells a tangible [business-to-business] product, they’re a potential target of an attack like this,” said Hassold, who is now director of threat intelligence at cybersecurity firm Abnormal Security.