Key Highlights
- Phishing has shifted from stealing data to targeting physical food products like milk, cheese, and meat.
- Attackers impersonate trusted suppliers and executives to trick companies into shipping expensive goods without payment.
- These scams have caused losses of hundreds of thousands of dollars and disrupted supply chains worldwide.
- The threat reaches beyond financial damage to food safety risks and serious brand reputation harm.
- Government agencies like the FBI, FDA, and USDA have issued joint warnings about this growing danger.
- Combating these attacks requires more than IT fixes — it demands operational awareness and employee vigilance.
- The Food & Agriculture sector, once seen as an unlikely target for cybercrime, is now under increasing threat from phishing attacks. These attacks are no longer limited to stealing login credentials or sensitive documents—they are now being used to commit large-scale food fraud and disrupt global supply chains.
- In response to these evolving threats, the FBI, the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) issued a joint Cybersecurity Advisory warning the industry about the surge in phishing attacks disguised as legitimate business communications. The implications are serious: financial loss, compromised food safety, and damaged reputations
Phishing Tactics in the Food Industry
- Phishing, a form of social engineering, involves attackers using fraudulent emails to impersonate trusted contacts, manipulate suppliers, and redirect valuable goods—without payment. Unlike traditional phishing, which targets mass users, these attacks are often highly targeted (spear-phishing) and industry-specific, using real company names, job titles, logos, and lookalike domains.
Recent Incidents: A Pattern of Deception
- Several high-value phishing attacks have been recorded between 2022 and 2025, revealing a clear pattern
-
- Dairy Product Fraud (2022–2023): Criminals impersonated food manufacturers using slightly altered email addresses and fake purchase orders. In one case, attackers used a spoofed domain to order nearly $230,000 worth of powdered milk. In another, $600,000 worth of dairy was lost across four fraudulent orders. (Source: FBI Cybersecurity Advisory)
- UK Cheese Scam (2024): A phishing scam in the UK led to £300,000 worth of cheese being stolen after attackers impersonated a legitimate customer of a well-known dairy supplier using a spoofed email address. (Source: The Guardian)
- Meat Shipment Theft (2025): In early 2025, U.S. food logistics firms reported a phishing campaign targeting meat suppliers. Attackers posed as well-known distributors, used genuine names of C-level executives, and tricked vendors into shipping products to unauthorized addresses. (Source: CNBC News)
- These incidents demonstrate how phishing attacks are no longer just a cybersecurity issue—they are now a supply chain threat.
Why This Is Dangerous
- Financial Losses – Phishing schemes now extend beyond data theft—targeting physical goods. Fraudulent orders have resulted in the loss of food shipments worth hundreds of thousands of dollars, with victim companies absorbing the financial hit.
- Supply Chain Disruption – Fake orders cause delays, inventory mismatches, and operational confusion across the supply chain, especially in time-sensitive sectors like food distribution.
- Food Safety Risks – Once diverted, food shipments fall out of regulated control. These goods may re-enter the market through unsafe channels, posing significant public health risks.
- Brand Damage –Falling for phishing-based procurement fraud can severely damage brand reputation and erode customer trust—particularly if publicized or linked to safety incidents.
The Bottom Line
- Phishing is no longer confined to inboxes and stolen passwords. In the food and agriculture sector, it has evolved into a weaponized tool capable of hijacking supply chains, draining inventory, and threatening public health. As attackers continue to exploit trust, familiarity, and urgency, the industry must shift its mindset—phishing is not just an IT problem; it’s an operational risk.
How PhishPrep Helps
- At IARM, our phishing simulation and awareness platform PhishPrep is designed to counter these evolving threats. By simulating real-world scams specific to the food and agriculture industry, PhishPrep helps organizations identify at-risk employees, test their incident response, and reinforce security awareness. The result? Stronger human firewalls and fewer surprises when the next fake order hits the inbox.
Want to Implement Phishing Simulations for Your Team?
Talk to our cybersecurity experts to find the right solution for your business. Fill out the form below—let’s start strengthening your security awareness.