Cyber attacks pretending to be payment schedules
Aitchison Reid Consulting provides cyber security services to Aitchison Reid Building and Construction Lawyers, and we have a number of protection measures in place for the law practice.
One of the measures includes the email system to automatically sweeping for cyber-attack emails and blocking them.
A phishing attack email came into the law practice yesterday morning, pretending to be a forwarded payment schedule. The law practice's email system automatically detected and blocked the email.
The issues for building and construction subcontractors and trade contractors for this sort of attack are:
The attacks if successfully launched against subbies’ and tradies’ businesses can disrupt or stop their trading by:
locking up and ransoming their business and client data, releasing it only after being paid; and/or
installing keylogging and monitoring software on computers inside the subbies’ and tradies’ businesses to capture sensitive user id and password details (for example, to access online banking, and for identity theft).
Subbies and tradies need to make sure they have systems in place to:
detect and prevent as many of these emails from coming through to staff mailboxes; and
constantly backup their information systems (accounts, client data, supplier data, the lifeblood data which they must have for their businesses) as close to real time as possible, so that they can quickly recover access to their systems if they’re ever locked and ransomed out of their systems by attackers.
Undetected phishing attack emails can spread their malware rapidly like wildfire across businesses which don’t have detection and prevention systems in place, potentially costing you and your supply chain valuable money, business data and time.
For phishing attack emails designed to psychologically and emotionally trick subbies and tradies into clicking them (such as using subject lines describing the email as a payment schedule, section 20A notice, payment claim, invoice or anything else that may seem to relate to subbies’ and tradies’ businesses), it’s an extremely easy and effective method of attack to carry out against any subbies and tradies who don’t have effective detection and prevention measures in place.
Wanting help to setup cyber protections for your business without busting your budget to pieces? Email Aitchison Reid Consulting here to arrange a confidential conversation: firstname.lastname@example.org.