Security News > 2022 > December > Email hijackers scam food out of businesses, not just money

Email hijackers scam food out of businesses, not just money
2022-12-17 15:00

In brief Business email compromise continues to be a multibillion-dollar threat, but it's evolving, with the FBI and other federal agencies warning that cybercriminals have started using spoofed emails to steal shipments of physical goods - in this case, food.

Along with the Food and Drug Administration's Office of Criminal Investigations and the US Department of Agriculture, the FBI said several US food manufacturers have already fallen victim to scams, many of which involved fake orders for hundreds of thousands of dollars worth of a single item: powdered milk.

There's nothing different about the guidance the agencies put out to avoid a BEC attack that steals physical goods instead of cash: Keep an eye out for typos and slight variances in spelling or business name, ensure hyperlinks in an email redirect to a legitimate URL and when in doubt contact the company directly to verify their request.

Cyber extortion group Karakurt has added The Learning Channel to its list of alleged victims, and says it's ready to leak 931 GB of the company's "Scripts, videos, internal documentation," and employee information if the company doesn't pay up by December 23rd. Karakurt, which is believed to be affiliated with ransomware group Conti, has been on the FBI, CISA and US Treasury Department's radar since at least this past June, when the agencies issued a joint advisory warning of the threat posed by the group.

Content delivery network Cloudflare is launching an initiative to protect small businesses operating in critical infrastructure sectors that will provide its zero trust platform free of charge - if they qualify.

The products Cloudflare is prepared to offer will be free and will have no time limit, the company said, and will include real-time app user verification, traffic filtering, cloud application security, data loss prevention, email security and remote browser isolation.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/17/in_brief_security/

Related news