Restaurant Depot customers are reporting phishing emails sent from what appears to be the wholesaler’s mailing list.
On Tuesday, customers took to Twitter with queries concerning strange emails that landed in their inboxes which appeared to be from Restaurant Depot.
The phishing emails, as basic as they are, inform customers that they have an invoice worth thousands of dollars to pay, and the amount will be taken out of their accounts in the near future.
Based in College Point, NY, Restaurant Depot is a members-only wholesale cash & carry provider of goods to commercial food service entities including equipment, point of sale (PoS) systems, and refrigeration units.
CNET: The pivot to privacy could come with a $100 million grant
As the case with phishing emails in general, the link to the ‘invoice’ is malicious and recipients of the messages, which make use of a spoofed Restaurant Depot email address, should not click the link or pay the email any heed.
An example of the phishing email forwarded to ZDNet is below, and included the spoofed Restaurant Depot firstname.lastname@example.org email address, the customer’s trading name, and address (redacted):
Another example posted online demanded an invoice payment of $1924.04. Some customers have received more than one suspicious email.
On Twitter, one user said they had managed to get through to the company and that the wholesaler is aware of the email list compromise, adding “It’s pretty big, the breach.”
TechRepublic: 33% of executives don’t trust their organization to protect employee data
ZDNet has requested comment from Restaurant Depot over email, but no response has been received at the time of publication. Attempts to reach the company over the phone have failed due to engaged lines. We will update when we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0