Brian Sims
Editor

Construction industry “heavily targeted” by fraudsters in Q1

BETWEEN JANUARY and March this year, reports the Construction Industry Council, the construction sector was “heavily targeted” by fraudsters, with the sum of £209,733 having been stolen from construction businesses through payment diversion fraud.

Payment diversion fraud generally involves criminals contacting an organisation’s finance department pretending to be a regular supplier and then asking to redirect future direct debits or invoice payments.

Some of the tactics used by criminals involve impersonation, urgency and secrecy and changed payment details. In terms of impersonation, criminals will make contact over e-mail or phone call, while impersonating existing suppliers or sometimes staff within an organisation.

In terms of urgency and secrecy, criminals will exert pressure on individuals to act quickly and not to share the request with others. When it comes to its bank and future payments need to be paid into the new account.

Advice for businesses 

If a company receives a request to move money into a new bank account, a nominated representative should contact the supplier directly using established contact details in order to verify and corroborate the payment request.

It’s Best Practice to establish robust internal processes for handling changes to payment details. For example, only designated employees should be able to make changes to payment arrangements.

Businesses should avoid paying by bank transfer as this method offers little protection if the company becomes a victim of fraud. Instead, it’s best to use a credit card or payment services such as PayPal.

Invoices, payment mandates and other documents containing sensitive financial information should be stored securely and only be accessible to those members of staff that need them to perform their duties. Sensitive documents should be shredded ahead of their disposal.

Suspected fraud 

Any business in the construction sector that suspects it has been the victim of fraud should report the episode to the police online at www.reportfraud.police.uk or telephone 0300 123 2040.

While the Police Cyber Alarm service will not help in relation to payment diversion fraud, the tool will assist with internal cyber security. Police Cyber Alarm is a free tool that helps with the understanding and monitoring of malicious cyber activity against an operational network. This service is made up of two parts: monitoring and vulnerability scanning. Visit www.cyberalarm.police.uk/ for details.

It’s a good idea to engage with the local Cyber Resilience Centre (CRC). The CRC Network works with some of the country’s top student talent to deliver 100% funded cyber security services for SMEs (including bespoke staff training, advice on security policies and testing services to identify the organisation’s specific vulnerabilities), thereby improving risk awareness and cyber resilience.

The CRC Network provides long-term support through a customer journey model involving regular and engaging bite-size cyber security guidance for members tailored to specific regions or sectors. This is in alignment with the National Cyber Security Service’s products and guidance. Local CRC’s can be accessed online at https://nationalcrcgroup.co.uk/regional-centres/

Additional support

Further support, information and guidance is available by contacting [email protected] The team offers intelligence-led staff training and awareness. Team members are also the national co-ordinators for the UK Protect Network, meaning that they have cyber and fraud protect officers across the country who would be able to supply on-site awareness training and incident response training for businesses and individuals alike.

*Further information is available online at www.cic.org.uk

Company Info

Western Business Media Limited

Dorset House
64 High Street
East Grinstead
RH19 3DE
UNITED KINGDOM

Login / Sign up