Many companies have experienced phishing scams in which a hacker (claiming to be a contractor) requests a change in bank accounts. They end up stealing funds and even make phony calls demonstrating knowledge about the project. Coupled with fake emails and bank account records, they are able to convince those managing the project to redirect all future payments to this false bank account. In the first half of 2019 alone, a Datto survey found that 56% of MSPs reported ransomware attacks against their clients. 15% of MSPs reported multiple ransomware attacks in a single day. Now that's a lot of attacks... And as a tech company, we have been seeing a huge growth in ransomware efforts in Northwest Ohio. In fact, the Ohio Facilities Construction Commission (The OFCC is responsible for guiding capital projects for the state.) has reported that numerous school districts, contractors, business owners and more are often contacted by these hackers who try to learn information about the project, effectively creating a more believable scam. "Some of these suspicious attempts to obtain the list of project contacts was portrayed as a small research project that would favorably highlight the benefits from the completed project." - OFCC
Remember, if you get contacted to change the routing of payments on a project, independently verify with multiple communication methods through trusted partners. This may even include meeting in person. Additionally, if you get contacted by a suspicious party looking for info about a project or the participants, ask further questions to determine their identity and alert the project team of the request of information.
In this webinar, our friends at Defendify talk about an example just like this scenario. MacEwan University was contacted by someone claiming to be apart of the construction company they were currently using for a project. This individual made a pretty compelling case on why they needed to change where they sent their payments. The university ended up loosing $11.8 million after being fooled by the initial phishing email scam... But, 69% of firms state that employee training has reduced the number of cyber incidents. - Hiscox