Construction companies warned on cyber fraud vunerability
The Australian Cyber Security Centre (ACSC) has issued an alert for construction companies and their customers over fraudulent emails.
It advises that cybercriminals have worked out that construction companies are ripe for the picking.
Attracted by the high volumes of money that change hands in the sector, these emails typically target the customers of the business and will ask them to change bank account details for future invoice payments.
Victims assume this request is legitimate and send invoice payments to a bank account operated by the scammer.
According to Michael McKinnon, chief information officer, at Australia’s largest ASX-listed cybersecurity company, Tesserent, the Australian construction and manufacturing industry are one of the most vulnerable and targeted sectors for cyber criminals.
“Australia’s construction industry is highly vulnerable to not only BEC scams, but also for phishing and ransomware attacks.
"This is a result of years of neglect in IT spending in the sector.
“Construction companies have frequently underestimated the importance of investing in technology and now many are exposed through outdated technologies running in their business and their reliance on less sophisticated managed service providers,” he says.
“Construction companies need to urgently review their technology systems and cybersecurity defences and train staff on how to detect and report fraudulent emails,” he stresses.