A Master Builders Queensland member has revealed the extent of his loss after two clients were tricked by fraudulent emails.
Key Takeaways:
- The construction industry is increasingly in the sights of cyber criminals
- Money was transferred - into cryptocurrency, making it impossible to retrieve
- Always double-check by phone or in person before making or accepting large payments
The construction company was only able to claw back the funds from one of the incidents, left out of pocket by a staggering $70,000 from the second.
And sadly, he’s not alone. The construction industry is increasingly in the sights of cyber criminals, ranking in the top 10 reporting sectors for cyber incidents in 2023, according to the Australian Cyber Security Centre (ACSC).
The Master Builders member said that one client, David*, called the construction company to check whether his recent payment had come through.
When the company’s bookkeeper checked the business bank account, the money was nowhere to be found.
David forwarded his payment receipt, and the bookkeeper immediately noticed the bank details didn’t match their usual account.
Further digging revealed that David had received an email claiming the business had changed its bank account.
Trusting the email, he had followed the instructions and sent $15,000 to the “new” account.
Another long-term client, Lisa*, received a similar email and made a payment of $70,000.
The emails were basic (no logos or contact details), yet appeared convincing enough during busy project deadlines. When the company’s bookkeeper checked the accounts, both payments were missing as they were paid into fraudulent accounts.
Police traced David’s $15,000 to an inactive account in Central Queensland and recovered the funds.
However, Lisa’s $70,000 was transferred via Sydney into cryptocurrency, making it impossible to retrieve.
The builder was left out of pocket, while Lisa insisted her payment obligation had been met.
Cyber Wardens is urging business owners and their clients to never rely on email alone to confirm changes to bank details.
Always double-check by phone or in person before making or accepting large payments.
For more advice on shoring up your cyber security, enrol in one of our free courses at cyberwardens.com.au/courses/.
Cyber Wardens has also developed a guide, Safety on the Tools and Beyond, covering the threats the construction industry is facing, and how to mitigate them.
