“`html

Cybercriminals Target Construction Companies with Refined Email Scams

International cybercriminals are increasingly targeting construction companies with highly deceptive email scams, posing as government officials to fraudulently redirect payments. This evolving threat is causing significant financial damage, reaching millions of euros, and is disproportionately affecting German businesses.

How the Scams Work

The attacks typically involve a multi-stage process designed to appear legitimate. Criminals gain access to email accounts – frequently enough through phishing or malware – and then monitor communications between construction companies and their legitimate partners, such as suppliers or subcontractors. thay identify upcoming payments and then intervene by sending fraudulent emails that appear to come from a trusted source, such as a government agency or a bank.

These fraudulent emails frequently enough claim that the company’s banking details have changed due to a system upgrade, a security breach, or a new government regulation. The email will then provide new, incorrect bank account details controlled by the criminals. Construction companies, believing they are following legitimate instructions, then redirect payments to these fraudulent accounts.

The Rise in Attacks Targeting German Companies

German companies are experiencing a significant increase in these types of attacks.According to the German Federal Criminal Police Office (BKA), business email compromise (BEC) scams, which include these types of fraudulent payment redirection schemes, are a growing concern. The BKA reports a substantial rise in reported cases and associated financial losses in recent years. The construction sector is notably vulnerable due to the large sums of money involved in projects and the complex network of subcontractors and suppliers.

Why Construction Companies are vulnerable

Several factors contribute to the construction industry’s vulnerability:

• Large Transaction Amounts: Construction projects involve substantial financial transactions, making them attractive targets for cybercriminals.
• Complex Supply Chains: The industry relies on a complex network of subcontractors and suppliers, increasing the potential for compromised email accounts.
• Time Pressure: Project deadlines and payment schedules can create pressure to process payments quickly, reducing the likelihood of thorough verification.
• Lack of Cybersecurity Awareness: Some smaller construction companies may lack robust cybersecurity protocols and employee training.

Protecting your Company

Construction companies can take several steps to mitigate the risk of falling victim to these scams:

• Verify Payment Details: Always independently verify any changes to banking details, especially those received via email.Contact the supplier or partner directly using a known phone number or through a previously established secure interaction channel.
• Implement Multi-Factor Authentication (MFA): Enable MFA on all email accounts and financial systems to add an extra layer of security.
• Employee training: Provide regular cybersecurity training to employees, focusing on identifying phishing emails and recognizing fraudulent payment requests.
• Cybersecurity Software: Utilize robust cybersecurity software, including anti-malware and email filtering solutions.
• Incident Response Plan: Develop and regularly test an incident response plan to address potential cyberattacks.
• Report Suspicious Activity: Immediately report any suspicious emails or attempted fraud to the relevant authorities, such as the German Police Cybercrime Unit.

Key Takeaways

• Cybercriminals are actively targeting construction companies with sophisticated email scams.
• These scams involve fraudulent redirection of payments through compromised email accounts.
• German companies are experiencing a significant increase in these attacks.
• Proactive cybersecurity measures, including employee training and verification of payment details, are crucial for protection.

As cyber threats continue to evolve, construction companies must prioritize cybersecurity and remain vigilant against these increasingly sophisticated attacks. Staying informed about the latest threats and implementing robust security measures are essential for protecting financial assets and maintaining business continuity.

Publication Date: 2