The Australian Cyber Security Centre (ACSC) has warned of a growing trend affecting construction companies and their customers: an increase in cyber-criminals targeting Australia’s building and construction industry.
While every industry was impacted by COVID-19, many parts of the construction sector fared better than other industries. But this brought a downside, which is that it became a prime target for scammers looking for better opportunities.
Australian construction companies can better protect their assets, employees and customers by being aware of the risks and taking precautionary measures to avoid becoming an email scam victim.
Among the most common threats Australian construction companies face are business email compromise (BEC) scams. According to the ACSC, there were 4,255 reported instances of BEC scams in FY 2019-2020, with losses exceeding $142 million. That figure is steadily rising year-on-year.
Typically, in BEC scams, cyber criminals hack into your suppliers’ email systems. When a supplier sends you an invoice, the criminals manipulate the banking details in the email. Without knowing it, your accounts payable team processes an EFT payment to the scammer’s bank account.
Scammers may also compromise the email accounts of an organisation’s CEO or CFO. Fake emails are then sent to the accounts team, instructing them to wire funds to the scammer’s bank account.
The important point to remember is that once your accounts team processes an EFT payment, there’s no retrieving the funds.
With construction and building companies constantly procuring supplies and paying invoices, the opportunities for scammers are endless.
However, following some basic security measures can help mitigate the risk significantly.
All accounting teams in construction companies should be extra vigilant when communicating by email, particularly when discussing bank account details or invoicing. Assume that emails are vulnerable, and be sure to follow strict callback controls.
The ACSC also suggests following these steps:
eftsure has pioneered a unique fraudtech solution to address the challenge of EFT payment security. By aggregating banking and other corporate data from over 2 million Australian organisations, we have built the nation’s largest independently verified database. Each time your accounts team processes an EFT payment, the banking details are cross matched against this database.
Sitting over your banking platform, eftsure gives your accounts team real-time intelligence via ‘green-thumb’ or ‘red-thumb’ signals. These indicate whether the banking details you are using to process an EFT payment match the details used by other companies to pay the same supplier.
eftsure recently helped one of Australia’s leading construction and engineering companies avoid a $1 million fraud as a result of a supplier’s email account being compromised.
With eftsure integrated into their systems, the construction and engineering company was alerted to the fact that the IP address being used to populate supplier banking details didn’t match the IP address of the region where the supplier was actually located.
This critical red-flag ensured that the payment was put on hold pending further investigations, which revealed the fraudulent activity.
Contact eftsure today for a demonstration of how we can also help your construction and building company avoid costly email scams.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud is usually associated with deception, manipulation, and crime, but what many people don’t realize is that not all scams are illegal. …
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
