article featured image


The Federal Bureau of Investigation has recently warned that scammers are now posing as construction companies in business email compromise (BEC) attacks. The threat actors are targeting organizations from multiple U.S. critical infrastructure sectors.

BEC fraud is a scheme used by cybercriminals to gain access to a legitimate business email through social engineering or computer intrusion to impersonate an employee – often someone who can authorize payments – and instructs others in the company to transfer funds on their behalf.

According to FBI data, small and medium-size organizations, or those with limited IT resources, are most vulnerable to BEC scams because of the costs of robust cyber defense.

Hackers trick the victims into conducting wire transfers that appear legitimate but are, in fact, unauthorized. The instructions direct the wire transfers to the cybercriminals’ domestic or foreign bank accounts. BEC victims reported losses of over $1.8 billion in 2020, which is a huge chunk of the $4.2 billion total.

The agency issued the warning through a TLP:GREEN Private Industry Notification that was sent to organizations to help cybersecurity professionals defend against these attacks.

How Do BEC Attacks Work?

In 2020, one of the most common schemes criminals used to trick people was impersonating government officials and reaching out to victims via emails, phone calls, and social media to gather personal information about them or to ask them for money.

In the recent BEC attacks, BleepingComputer reports that the scammers use information collected through online services on construction companies they impersonate and the customers they’re targeting.

Platforms used for harvesting valuable data (e.g., contact info, bid data, and project costs) include local and state government budget data portals, as well as subscription-based construction industry data aggregators. The information harvested by the attackers allows them to custom-tailor emails designed to exploit the business relationship between the victim and the construction contractors.


The scammers send emails asking victims to change direct deposit account and automated clearing house (ACH) information. The new account information leads to apparently legitimate bank accounts which are, in fact, under the threat actors’ control.

To make sure the victims won’t be able to tell that the messages are fraudulent, the emails are sent using domains spoofing the contractors’ legitimate sites and legitimate company logos and graphics.

In order to address these threats, from a cybersecurity standpoint, you should implement multi-factor authentication as a default IT security policy. This will help prevent unauthorized access to e-mails, especially if an attacker attempts to log in from a new location.

Our Heimdal™ Email Security is a specialized add-on to any spam filter already in place. It will pair over 125 vectors to detect BEC fraud attempts and properly flag them. Combining email signature scans to word scans in order to detect changed IBAN codes and so on, no suspicious detail will pass unnoticed.

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo