There is an ongoing cybersecurity threat that is targeting our industry, aimed at general contractors, construction companies, and their clients. These are real threats that multiple companies have fallen victim to all through social engineering and phishing scams. The FBI and other entities are fully aware of these incidents and have worked hard to track down the perpetrators. We’re also proactively working to try to protect our clients from these threats, and I’d like to share some of our information and advice so you can protect yourself and your company against fraud.
One of the most common scams circulating our industry today is related to the construction payment process. In this scam, the attackers will send an email from a spoofed/fake address claiming to be from a contractor or construction company you work with, usually pretending to be someone from accounting or involved with financial transactions. In most cases, the email address will have an extra letter in the domain name that is often overlooked by the recipient. They might request a change in the electronic payment procedure, like giving you a new account number to make payments to. The scammers want you to act on good faith and make a payment to the fraudulent account without verifying who the email is from.
Here’s our advice on how to protect yourself and your company:
- Contact the construction companies you work with to make sure you know specific payment due dates, payment procedure, and accounting points of contact at the beginning of every job.
- Be wary of any sudden request for a change in payment procedure by email.
- Fully inspect the sender’s email address and compare it to other correspondence from that company.
- If you do receive a request for payment or transfer of funds, please confirm with the email sender by phone to verify the request is valid.
- If you have any doubts about the validity of an email coming from a company you work with, call them immediately to make them aware of the email.
- Don’t solely rely on your cybersecurity suite of tools. Educate your employees on what social engineering is and the various techniques scammers are using.
In addition, make sure the contractors you work with have cybersecurity measures in place to protect your information. Our Technology division is constantly monitoring the ever-changing landscape of all cyber threats while also investigating and implementing new platforms for additional levels of protection. This includes enhanced measures and regular testing for all our computing devices and networks across the country. We also work closely with the technology companies we partner with to protect the privacy and integrity of our clients’ information.
Finally, it’s important to remember combating these scams is not just the responsibility of your technology staff; it’s everyone’s job. The real solution to the prevention of phishing and social engineering scams is awareness and cybersecurity education.