Security Market Segment LS
Thursday, 08 July 2021 09:43

BEC scams hit construction companies; ACSC issues medium alert


The Australian Cyber Security Centre (ACSC) has notified construction companies to be more alert after it observed that there was a rise in BEC scams in the industry.

The ACSC has issued a medium alert for construction companies and their customers after it observed that in the past six months, there has been a rise in cybercriminals conducting business email compromise (BEC) scams, targeting builders and construction companies within the country.

The ACSC explains that a BEC scam involves cybercriminals sending fraudulent emails posing as a legitimate business.

The emails target customers and will ask them to change bank account details for future invoice payments. Victims tend to assume that the request is authentic, and will then send invoice payments to a bank account owned by the scammer.

The ACSC says these fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters).

At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal. It may even go unnoticed for weeks or months until the construction company follows up on missing payments.

Tesserent chief information officer Michael McKinnon notes that construction and manufacturing are one of the most vulnerable and targeted industries.

“Australia’s construction industry is highly vulnerable to not only BEC scams, but also for phishing and ransomware attacks,” he says. “This is a result of years of neglect in IT spending in the sector.”

“Construction companies have frequently underestimated the importance of investing in technology and now many are exposed through outdated technologies running in their business and their reliance on less sophisticated managed service providers,” he notes.

McKinnon reports that cybercriminals know which construction companies are ripe for the picking and are attracted by the high volumes of money that change hands in the sector.

“Attackers know that large invoices worth thousands to millions of dollars regularly change hands and they want a piece of that pie. Whether it's through fraud, scams, changing invoice details, fake supplier information—they’re targeting attacks to try and intercept payments.”

McKinnon concludes: “Construction companies need to urgently review their technology systems and cybersecurity defences and train staff on how to detect and report fraudulent emails.”

The ACSC has laid out mitigation strategies to reduce, and at the very best, prevent these BEC scams. These include:

Verify payment-related requests: If you receive a request to make a large transfer or to change bank account details, you should verify that the request is legitimate before transacting. Call the sender's established phone number or visit them face-to-face before transferring any funds.

Secure your email account: It is recommended that construction companies and related businesses use strong passphrases and enable multi-factor authentication on their email accounts.

Training and awareness: Ensure that your staff are trained to recognise suspicious emails, including fraudulent bank account changes or requests to check or confirm login details. The latter may be a phishing attack which could compromise account security.

Read 1432 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Kenn Anthony Mendoza

Kenn Anthony Mendoza is the newest member of the iTWire team. Kenn is also a contributing writer for South China Morning Post Style, and has written stories on Korean entertainment, Asian and European royalty, Millionaires and Billionaires, and LGBTQIA+ issues. He has been published in Philippine newspapers, magazines, and online sites: Tatler PhilippinesManila BulletinCNN Philippines LifePhilippine StarManila Times, and The Daily Tribune. Kenn now covers all aspects of technology news for

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News