Email Scams in the Construction Industry
Hackers have started to target construction companies in a bid to obtain data, money and intellectual property. Many attackers in this space have used a method called Business Email Compromise (BEC). A BEC involves a hacker pretending to be a genuine business. This works well in the construction industry as many third parties are used for supply of important equipment, resources and/or contractual work. Hackers typically forge a request for money through fraudulent invoices, asking that their bank details be updated and fees paid into them or encouraging customers to click on malicious links within emails.
A BEC has devastating effects for construction companies as businesses can lose a lot of money by paying these fraudulent companies. Additionally, legitimate companies may notice that they are not being paid and have to chase up construction businesses for arrears. This can place construction companies in debt and place their work on hold, demonstrating the dangers of BEC.
BECs are not just limited to the construction industry. It is important for all sectors to be vigilant for these types of phishing hacks to uphold the security of businesses. Phriendly Phishing recommends that staff be educated and trained about the consequences of BEC and other phishing emails, offering a comprehensive BEC course to raise awareness on how to detect and thwart these types of emails.
Phriendly Phishing also provides businesses with education on how to recognise different types of phishing emails such as spear phishing (more targeted and sophisticated phishing emails), which allow people across a range of different industries to be aware of what constitutes a phishing email and what its consequences are.
The LinkedIn Hack
Recently LinkedIn was the target of a sophisticated hack which leaked the data of over 700 million users. Some of this data has been made available on the dark web, meaning that it can be misused by a greater number of cyber criminals.
Some examples of the types of data that were sourced by attackers from the LinkedIn hack include names, telephone numbers, email addresses and professional experiences. The misuse of this data can come in the form of targeted spear phishing attacks and identity theft, meaning that LinkedIn users must take extra care to ensure that they protect themselves from these potential attacks.
Some methods of practicing cyber safety, especially in the wake of a data breach such as LinkedIn’s include: changing passwords regularly, using a password management application, installing anti-virus software and using VPNs (virtual private network). By following these tips everyone can increase their cyber safety both in personal and professional life.