If you are a Restaurant Depot customer, don’t open that phishing email

September 17, 2019

The true cost of a data breach in 2019
Wendi Whitmore, IBM X-Force global lead for incident response and intelligence services, talks to Tonya Hall about how the cost of data breaches is determined by the time it takes to detect and respond to the breach.

Restaurant Depot customers are reporting phishing emails sent from what appears to be the wholesaler’s mailing list.

On Tuesday, customers took to Twitter with queries concerning strange emails that landed in their inboxes which appeared to be from Restaurant Depot.

The phishing emails, as basic as they are, inform customers that they have an invoice worth thousands of dollars to pay, and the amount will be taken out of their accounts in the near future.

Based in College Point, NY, Restaurant Depot is a members-only wholesale cash carry provider of goods to commercial food service entities including equipment, point of sale (PoS) systems, and refrigeration units.

CNET: The pivot to privacy could come with a $100 million grant

As the case with phishing emails in general, the link to the ‘invoice’ is malicious and recipients of the messages, which make use of a spoofed Restaurant Depot email address, should not click the link or pay the email any heed.

An example of the phishing email forwarded to ZDNet is below, and included the spoofed Restaurant Depot restaurantdepot@jetrord.com email address, the customer’s trading name, and address (redacted):

Another example posted online demanded an invoice payment of $1924.04. Some customers have received more than one suspicious email.

On Twitter, one user said they had managed to get through to the company and that the wholesaler is aware of the email list compromise, adding “It’s pretty big, the breach.”

TechRepublic: 33% of executives don’t trust their organization to protect employee data

ZDNet has requested comment from Restaurant Depot over email, but no response has been received at the time of publication. Attempts to reach the company over the phone have failed due to engaged lines. We will update when we hear back.