Construction and Cybercrime

Historically, cybercrime hasn’t been a priority for the construction industry, but cybersecurity is becoming critical as more businesses embrace digital technologies. The construction industry is an attractive target for cybercriminals because of the number of people and dollar amounts involved. 

 

 

In October 2019, the West Allis-West Milwaukee School District attempted to pay a contractor for a new recreation center. The contractor did not receive the payment. The wired funds were intercepted by cybercriminals, sent to various US accounts, and moved overseas.

 

In April 2017, the university wired $1.9 million to a fraudster posing as the contractor for a new recreation center on campus.  The university was contacted via email to send funds for the construction project to a bank account not controlled by the contractor.  Three days later, the contractor told the university they had not received the funds.  The FBI was made aware of the situation, and some funds remained in the fraudulent bank account.  The university recovered $609,000 of the $1.9 million payment.

 

In February 2019, after receiving a spoofed email impersonating a contractor, a Port Washington Church wired $500K to cybercriminals rather than the true contractor. With the assistance of law enforcement, some of the lost funds were recovered.

 

After fundraising for over a decade, Elkin Valley Baptist Church began constructing a new worship center.  In November 2022, they received an email from the general contractor with an invoice attached.  Shortly after the invoice was emailed, they received another email they believed was from the general contractor with wire instructions and a copy of the invoice.  A payment of nearly $800,000 was wired to the instructions in the email.  Nine days later, the general contractor reached out as a follow-up to the outstanding invoice.  The wire instructions received were from a cloned email.  The GC had yet to receive payment.

 

The lender on a construction file with KBT received an email from the “general contractor” asking for a draw to be wired to them. The lender forwarded the request to the KBT office working on the project. That is not customary for draw requests, so the KBT office contacted the general contractor using previous contact information.  The general contractor replied they had not asked for a draw at this time.

 

Scammers hacked an email account of a general contractor and created a spoof email of a subcontractor to email the builder invoices. The hacker emailed KBT posing as the subcontractor requesting the funds be wired because their bank would no longer accept checks due to someone previously paying with a counterfeit check.  KBT phoned the subcontractor using a known number and informed them about the fraud. KBT also contacted the builder to encourage using multi-factor authentication on his email.

 

Our employees are trained in fraud prevention and are on high alert for attempted scams. The numbers speak for themselves.

 

 

For more information on how to protect yourself from wire fraud, contact your local Knight Barry Office.