Over recent months, cyber attacks in the commercial and residential construction industry have increased at an alarming rate.
The most common attack is known as ‘Business Email Compromise’ (BEC) which occurs when a hacker gains access to a business’ email accounts, so that the hacker’s emails appear to come from the business. These emails look legitimate.
The most common scenarios are:-
- a scammer adds false Bank details to an invoice which is sent to a customer;
- a scammer sends an email after an invoice has been sent … advising of new Bank details for payments to be made; or
- a scammer sends an internal email purportedly from the Director to accounts department … requesting payment to a nominated (fraudulent) Bank account.
Once you have been the subject of a cyber attack, there is a high risk of a further attack, as well as the misuse of personal data which may be sold by the hackers or used to commit further cyber attacks.
From a legal position, the onus is on the payer to ensure that payment is made to the correct Bank account or entity. However, there is also an obligation on the person receiving payment to ensure that the payer’s details are kept private and are protected. This means that care must be taken to ensure that you protect yourself from being hacked or being on the receiving end of a hack.
If you fall victim to a cyber-attack you need to:-
1. immediately notify your Bank;
2. lodge a complaint with the Police; and
3. notify the Australian Cybercrime Online Reporting Network (ACORN).
You may also need to contact other parties recently invoiced to determine whether they have also received a fraudulent email. Depending on the size of your business, you may need to engage a professional cyber security expert to secure your system as well as identify the extent of the cyberattack.
These are simple measures that you can implement to reduce your risk of falling victim:-
1. train employees in cyber security;
2. install, use and regularly update … antivirus and antispyware software on every computer used in your business;
3. use a firewall for your internet connection; and
4. install two (2) factor identification.
You may also wish to obtain cyber insurance, which covers ‘criminal cyber attacks’ such as the ‘BEC scam’. Whilst Master Builders Insurance offers this cover, not all insurance policies do. We suggest reviewing your current policy to check whether you would be covered for a BEC attack.
If you or someone you know wants more information or needs help or advice, please contact Brendan on (07) 5443 4866 or email firstname.lastname@example.org.
(07) 5443 4866