BEC scams hit construction companies; ACSC issues medium alert | #phishing | #scams | #cybersecurity | #infosecurity | #hacker

The Australian Cyber Security Centre (ACSC) has notified construction companies to be more alert after it observed that there was a rise in BEC scams in the industry.

The ACSC has issued a medium alert for construction companies and their customers after it observed that in the past six months, there has been a rise in cybercriminals conducting business email compromise (BEC) scams, targeting builders and construction companies within the country.

The ACSC explains that a BEC scam involves cybercriminals sending fraudulent emails posing as a legitimate business.

The emails target customers and will ask them to change bank account details for future invoice payments. Victims tend to assume that the request is authentic, and will then send invoice payments to a bank account owned by the scammer.

The ACSC says these fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters).

At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal. It may even go unnoticed for weeks or months until the construction company follows up on missing payments.

Tesserent chief information officer Michael McKinnon notes that construction and manufacturing are one of the most vulnerable and targeted industries.

“Australia’s construction industry is highly vulnerable to not only BEC scams, but also for phishing and ransomware attacks,” he says. “This is a result of years of neglect in IT spending in the sector.”

“Construction companies have frequently underestimated the importance of investing in technology and now many are exposed through outdated technologies running in their business and their reliance on less sophisticated managed service providers,” he notes.

McKinnon reports that cybercriminals know which construction companies are ripe for the picking and are attracted by the high volumes of money that change hands in the sector.

“Attackers know that large invoices worth thousands to millions of dollars regularly change hands and they want a piece of that pie. Whether it’s through fraud, scams, changing invoice details, fake supplier information—they’re targeting attacks to try and intercept payments.”

McKinnon concludes: “Construction companies need to urgently review their technology systems and cybersecurity defences and train staff on how to detect and report fraudulent emails.”

The ACSC has laid out mitigation strategies to reduce, and at the very best, prevent these BEC scams. These include:

Verify payment-related requests: If you receive a request to make a large transfer or to change bank account details, you should verify that the request is legitimate before transacting. Call the sender’s established phone number or visit them face-to-face before transferring any funds.

Secure your email account: It is recommended that construction companies and related businesses use strong passphrases and enable multi-factor authentication on their email accounts.

Training and awareness: Ensure that your staff are trained to recognise suspicious emails, including fraudulent bank account changes or requests to check or confirm login details. The latter may be a phishing attack which could compromise account security.


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Original Source link

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.