The nation’s leading cyber security agency has warned Australians against a particular scam that is targeting builders and construction companies.
The Australian Cyber Security Centre (ASCS) yesterday issued an alert about a rise in business email compromise scams aimed at the construction industry.
The latest warning comes as Aussies lost a record amount of money to scams last year.
In this type of scam, cybercriminals will abuse trust in well-known and already-trusted institutions and pretend to be from legitimate businesses.
The scammer will then ask for outstanding or future invoices to be paid – but to a different bank account or through a different payment method.
“These emails typically target the customers of the business and will ask them to change bank account details for future invoice payments,” the ASCS alert stated.
“Victims assume this request is legitimate and will then send invoice payments to a bank account operated by the scammer.”
WATCH BELOW: 4 Tips for Spotting and Avoiding Common Scams
The compromised emails may be sent from fake domains that look very similar to legitimate companies, typically with swapped letters or added characters, or could also be sent from legitimate email accounts that have been hacked.
If you’re not careful, it’s easy to fall for this kind of scam, the ASCS warned.
“At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal.
“Successful BECs may go unnoticed for weeks or months until the construction company follows up on missing payments.”
How to spot these scams
There are three mitigation strategies that tradies and builders can use when communicating through email:
Verify payment-related requests with an individual: If you get a request to transfer a large amount of money or change bank details, pick up the phone and give the business representative a ring or see them face-to-face to verify whether the request is real.
Secure your email account: All businesses, no matter large or small, can be targets. Be sure to use strong passwords, enable multi-factor authentication, and consider email security software.
Train your staff and colleagues: Everyone in the business should be taught how to recognise suspicious emails that contain payment-related requests or requests to verify or change login details.
“The latter may be a phishing attack which could compromise account security.”
These tradie-targeted scams aren’t the only ones that Aussies should be on the lookout for: tax-related scams are currently rife in the community as people prepare to file their tax returns.
And if you’re encountered a scam spoofing the ATO or related to myGov, you can report it to the ATO here.