Cyber crime

Construction companies targeted in email scams

photo of niek dekker
Niek Dekker
3 Min
An AU construction site being targeted by scammer

The Australian Cyber Security Centre (ACSC) has warned of a growing trend affecting construction companies and their customers: an increase in cyber-criminals targeting Australia’s building and construction industry.

While every industry was impacted by COVID-19, many parts of the construction sector fared better than other industries. But this brought a downside, which is that it became a prime target for scammers looking for better opportunities.

Australian construction companies can better protect their assets, employees and customers by being aware of the risks and taking precautionary measures to avoid becoming an email scam victim.

Business email compromise scams rising

Among the most common threats Australian construction companies face are business email compromise (BEC) scams. According to the ACSC, there were 4,255 reported instances of BEC scams in FY 2019-2020, with losses exceeding $142 million. That figure is steadily rising year-on-year.

Typically, in BEC scams, cyber criminals hack into your suppliers’ email systems. When a supplier sends you an invoice, the criminals manipulate the banking details in the email. Without knowing it, your accounts payable team processes an EFT payment to the scammer’s bank account.

Scammers may also compromise the email accounts of an organisation’s CEO or CFO. Fake emails are then sent to the accounts team, instructing them to wire funds to the scammer’s bank account.

The important point to remember is that once your accounts team processes an EFT payment, there’s no retrieving the funds.

Preventing BEC scams in the construction sector

With construction and building companies constantly procuring supplies and paying invoices, the opportunities for scammers are endless.

However, following some basic security measures can help mitigate the risk significantly.

All accounting teams in construction companies should be extra vigilant when communicating by email, particularly when discussing bank account details or invoicing. Assume that emails are vulnerable, and be sure to follow strict callback controls.

The ACSC also suggests following these steps:

  1. Verify payment-related requests: When receiving a request to make a large transfer or to change bank account details, always verify that the request is legitimate before actioning it. Independently source the supplier’s phone number and call the sender’s established phone number before transferring any funds.
  2. Secure your email account: It is recommended that construction companies and related businesses use strong passphrases and enable multi-factor authentication on all email accounts.
  3. Training and awareness: Ensure all accounting staff are trained to recognise suspicious emails, including fraudulent bank account changes or requests to check or confirm login details. The latter may be a phishing attack which could compromise account security.

How can eftsure help?

eftsure has pioneered a unique fraudtech solution to address the challenge of EFT payment security. By aggregating banking and other corporate data from over 2 million Australian organisations, we have built the nation’s largest independently verified database. Each time your accounts team processes an EFT payment, the banking details are cross matched against this database.

Sitting over your banking platform, eftsure gives your accounts team real-time intelligence via ‘green-thumb’ or ‘red-thumb’ signals. These indicate whether the banking details you are using to process an EFT payment match the details used by other companies to pay the same supplier.

eftsure recently helped one of Australia’s leading construction and engineering companies avoid a $1 million fraud as a result of a supplier’s email account being compromised.

With eftsure integrated into their systems, the construction and engineering company was alerted to the fact that the IP address being used to populate supplier banking details didn’t match the IP address of the region where the supplier was actually located.

This critical red-flag ensured that the payment was put on hold pending further investigations, which revealed the fraudulent activity.

Contact eftsure today for a demonstration of how we can also help your construction and building company avoid costly email scams.

Contact Us
Get in touch to find out how eftsure can help secure your payment system.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.