Cyberattacks involving email compromise doubled in the construction industry in Q1 of 2024 compared with the same time last year, according to new research
Risk advisory and intelligence specialist Kroll said attacks on the construction sector are most likely to come in the form of business email compromise.
The rise, from 3% of all reported cases in Q1 2023 to 6% in Q1 2024, may be driven by the number of construction employees working via mobile devices or on-site.
Carefully crafted phishing lures designed to mirror document signing programs are a common way to engineer victims into giving up their credentials, or even multi-factor authentication prompts.
Phishing remains the dominate initial access method for all attacks. Where phishing is used, the most common threat type was business email compromise.
Spotlight on digital sign-ins
Business email compromises often target construction firms for financial gain. For example, to redirect vendor payments to a fraudulent bank account.
In other cases, the company is used as a “pivot point” for downstream attacks. Attackers use unauthorized access to a user’s email inbox to then phish other clients. This could include sending out fake requests for document signature to multiple vendors.
Kroll said the number of digital sign-ins via mobile devices on site may be the reason behind the rising attacks.
Employees may be more likely to fall victim to business email compromise if they are receiving messages on the road, making them potentially less vigilant about the signs of possible fraud.
Deep fakes and AI raising phishing risk
Q1 2024 saw an evolution in the techniques used by attackers, Kroll said.
Phishing attempts in particular are becoming more sophisticated, with SMS and voice-based tactics being used. This raises concerns about the potential for deep fakes and AI to further enhance phishing attacks.
Last week, international engineering company Arup confirmed it had been the victim of deep fake fraud.
Police in Hong Kong said in February that a worker had paid out HK$200m ($25.6m) after an AI-generated video call purportedly from senior company officers.
Arup said in a statement that it was the company involved, saying that the call had used fake voices and images.
“Our financial stability and business operations were not affected and none of our internal systems were compromised,” it added.
Overall, Kroll said professional services remains the main focus for attacks, accounting for 24% of cases in Q1.
It was followed by manufacturing (13%), financial services (9%) and healthcare (8%).