Cybercriminals are targeting construction companies to conduct business email compromise scams(BEC’s). All parties to construction projects should be vigilant when emailing about invoices and bank details.
Our friends at the ACSC (Australian Cyber Security Centre) have observed and warned us about a growing phishing trend affecting construction companies and their customers. In the past six months there has been an increase in cybercriminals targeting builders to conduct business email compromise (BEC) scams within Australia.
The goal of these scammers is to steal money or sensitive information from unsuspecting victims through phishing campaigns, with some examples being fake invoices for payment that are emailed as attachments which actually install malware on your computer if you click it; emails containing bank account details seeking verification so they can transfer funds out of victim’s accounts into theirs; requests for transfers over insecure channels such as Skype message chat instead of using secure banking websites where transactions would be encrypted end-to-end.
Successful phishing threats may go unnoticed for weeks or months until the construction company follows up on missing payments.
Phishing (pronounced ‘fishing’) are scams that are made to appear as if they were sent from individuals or organisations you think you know, or you think you should trust. Criminals can steal credentials using phishing techniques and then do further harm, using those compromised credentials to login and send out malicious or fraudulent content to your contacts.
Phishing is not just limited to email. These scams are delivered via SMS, instant messaging and social media, and pretend to be trusted organisations like:
Reputable organisations will not call, SMS or email to verify or update your information. This includes companies such as Amazon, PayPal, Google, Apple and Facebook.
If you have any involvement in any construction projects you need to be vigilant when communicating by email, particularly when discussing bank account details or invoicing.
Some strategies include:
Further advice is available on cyber.gov.au.
If you haven’t already done so, have a read of our blog: What to do if you think you’ve been hacked.
If you would like to discuss any of the the above our Davichi Assure team are happy to have a discussion with you, so reach out via email: firstname.lastname@example.org or give us a phone call on 07 3124 6059.
Construction Industry targeted by Cyber Criminals Cybercriminals are targeting construction companies to conduct business email compromise scams(BEC’s). All parties to construction projects should be vigilant
Please fill in this form, and our sales team will get back to you as soon as possible.