Phishing Attacks in the Food & Beverage Industry

December 12, 2017 by Infosec


An unfortunate reality of today’s world is that companies large and small become the target of many forms of cyberattack, including phishing. The food and beverage industry, while it might not seem like an obvious choice for these kinds of attacks, has had a rough history of breaches and cyberattacks. SpiderLabs reported that in 2011, companies in the food and beverage industry made up 44% of their data breach investigations alone.

Phishing is one of the most common types of cyberattacks because it tends to be relatively simple for the perpetrators to carry out. Shawn Henry, a retired FBI executive AD who specialized in cybersecurity, has said that hackers are looking for many types of information, not just credit card numbers. They are also looking for IP, along with R&D information, and information about corporate strategies, acquisitions, and mergers. They want to know as much about the company as possible because they know that information can be quite valuable.

Why Phish the Food & Beverage Industry?

Many of the hackers who are phishing want to turn their activities into actual money as quickly as they can. They want to “get in and get out” so to speak, and that is one of the reasons that the food and beverage industry becomes so attractive to them. They tend to have a very high volume of business for starters. There is always information to be found and money to be taken.

However, they also target this industry because it is often very easy to infiltrate, according to the head of SpiderLabs, Nicholas J. Percoco. One of the primary reasons for this is the fact that so many of the food and beverage companies out there are still under the mistaken belief that they would never be targeted. Without the proper security and precautions in place, it means that once the hacker is in the system, they have free reign over what they are doing and as much time as they want to gather data before someone finds them, if they ever do.

One of the other problems that affects food and beverage chains is the fact that they will typically use the same IT and security system for all of the stores they operate. A hacker that can phish and get into one system will often have an even easier time getting into the systems of other locations, so they can replicate the attacks, causing even more issues. These problems have been on the rise for years, and companies in this industry, as well as others, are still playing catchup when it comes to halting the hackers.

In addition to taking information and data from companies, another common tactic of phishers is to spread viruses. These viruses could infect all of the computers on a company’s network, making all of them vulnerable.

How Are Food & Beverage Companies Phished?

Phishers utilize an array of strategies when it comes to attacking food and beverage companies. One of the most common types of attack is through email. In many cases, the phisher will send an email to someone who works at the company. This could be a random person or someone they target specifically. The email might appear as if it is coming from a customer or client, another official business, or even someone else within the company.

The emails tactics used today can often be difficult to detect, as they have the appearance of being legitimate. They will often warn that there is a problem with their account or password, and that they need to click on a link or download a file to fix the matter. Others might offer a discount or reward for taking a survey. Many who do not understand the nature of phishing click on these links and provide the information, not realizing that they have made an error.

Would you click on this fake Twitter password confirmation email? It doesn’t reveal itself to be a fake unless you read all the fine print.

In 2015, the FBI released statistics that showed CEO fraud, which is phishing targeted at executives in a company, was responsible for more than $1.2 billion lost for companies around the world. This continues to be a serious problem, and the hackers continue to get better.

Three Strategies for Preventing Phishing in the Food & Beverage Industry

Education and Training

The first and best strategy to help prevent problems with phishing is to ensure that all employees have training on what to look for when it comes to these types of emails and other phishing tactics. An overview of phishing that will help them to understand what it is and how it works is essential. However, you should also make sure your IT staff is fully trained on what to look for and how to halt a phishing operation if they discover it is happening within the company. InfoSec offers tutorials that can help to get everyone up to speed.

Testing and Evaluation

In addition to education, it is important to test the employees on the knowledge they have gained and see whether they will still fall for phishing scams. InfoSec offers a range of templates that can be used to begin a phishing testing campaign with the employees at the food and beverage company. It then becomes easy to determine which employees clicked on the links in those emails and who will need further training.

Use AwareEd’s interactive modules to teach your employees how to be more security savvy


It is also essential that you have a reporting system in the business that makes it easy for the employees or clients to report what they believe to be a phishing scam. Everyone needs to know what to do and who to report the email to.


While the problem with phishing continues to grow, it becomes more important than ever for companies in the food and beverage industry to take the steps outlined above to help reduce their risk.

One of the best options is to work with a reputable company that can help to train staff to recognize phishing scams and other potential cyberattacks. InfoSec has been in the business for close to two decades now, and in that time, they have trained more than 15,000 professionals in the IT industry to improve their cybersecurity knowledge.

The tools, tutorials, and training offered by InfoSec can help you remain safe. It takes just minutes to set up an account, run a PhishSim test and get started.


Posted: December 12, 2017
View Profile