The Federal Bureau of Investigation has recently warned that scammers are now posing as construction companies in business email compromise (BEC) attacks. BEC scammers use various tactics (including social engineering and phishing) to compromise or impersonate business email accounts with the end goal of redirecting pending or future payments to bank accounts under their control.
To successfully carry out these BEC attacks, scammers use information collected through online services about the construction companies they impersonate and the customers they target. The information collected by the attackers allows them to personalize emails designed to exploit the business relationship between the victim and the construction contractors.
What Should You Do?
Construction companies, make sure clients are aware of this recent scam and to be on the look out for impersonating emails. These emails are sent using domains that spoof legitimate contractor sites and legitimate company logos and graphics to increase the possibility that victims may not know that the messages are fraudulent. To make messages more compelling, scammers send emails asking recipients to change direct deposit account and automatic clearinghouse (ACH) information. The new account information points to bank accounts under the control of the scammers.