In today's digital age, the construction market faces an increasing threat from cyber criminals targeting small and mid-sized construction companies. The average cost of data breaches globally in 2023 was $4.45 million. In the United States it was $9.44 million. The average for construction companies was $4.4 million. The cyber criminals continue to develop new and stealthy methods to defraud unsuspecting companies and construction companies must continue to be vigilant.

Top 3 biggest cyber threats:

  1. Phishing /social engineering
  2. Ransomware and malware
  3. Identity based attacks

Another example of fraudulent activity involves impostors posing as legitimate subcontractors and vendors to deceive contractors into making payments. In these cases, fraudsters may use sophisticated phishing and social engineering techniques to gain the trust of contractors and manipulate them into transferring funds.  For instance criminals are perpetuating the fraud with the support of amicable text messages, fake company websites and other social media sites suggesting an air of legitimacy based completely on an intent to defraud.

Contractors should adopt verification processes

To counter these threats and attempt to prevent such incidents, contractors should exercise caution when processing payments to subcontractors, suppliers, and vendors. Contractors should adopt a rigorous verification process when onboarding new subcontractors and vendors and when making a payment to a new address or bank account. In addition:

  • Conduct thorough background checks, verifying credentials and references, and cross-referencing contact information with trusted sources.
  • If the invoice address is not identical to the subcontract address, the project creditor should be contacted, and the address confirmed.
  • All wire instructions must be confirmed prior to making payment via a phone call to a verified contact.  When wiring funds, contact the relevant financial institutions directly to confirm account details and ensure the payment instructions match the information. By taking this extra step, contractors can detect discrepancies or inconsistencies that may indicate fraudulent activity.
  • Remember the contact information and phone number in the email may be fraudulent, so an attempt to verify the payment information by calling the phone number in the email may lead you back to the very fraudster you were attempting to avoid.  
  • Strongly consider implementing a double verification system, sending a physical check or contacting the original sales person may assist in determining whether a fraud is occurring.
  • Establish a secure communication channel with subcontractors and verify any changes to billing information directly through this channel.

By authenticating the source of the information, contractors can reduce the risk of falling victim to fraudulent schemes. By performing due diligence upfront, contractors can weed out potential impostors and safeguard against fraudulent transactions.

While the above examples focus on safeguarding an improper payment to a vendor, contractors should also safeguard themselves from being the victim of a cyber attack. Contractors should implement stringent cybersecurity measures to protect sensitive financial information. This includes regularly updating antivirus software, conducting employee training on cybersecurity best practices, and using encryption tools to secure communications and transactions. By fortifying their digital defenses, contractors can deter hackers and minimize the likelihood of successful cyber attacks.

In conclusion, fraudulent subcontractor and vendor billing poses a significant threat to the construction market which requires all tiers in the construction industry to remain vigilant and proactive in their approach to fraud prevention. By implementing robust safeguards, verification procedures, and cybersecurity measures, contractors can take proactive steps to protect themselves against fraudulent schemes.
Interesting in learning more about our surety products?
Check out our scope of coverage and target industries available to you.
Surety resources

The information included here is designed for informational purposes only. It is not legal, tax, financial or any other sort of advice, nor is it a substitute for such advice. The information may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate in parts. It is the reader’s responsibility to comply with any applicable local, state or federal regulations. Nationwide Mutual Insurance Company, its affiliates and their employees make no warranties about the information nor guarantee of results, and they assume no liability in connection with the information provided. Nationwide and the Nationwide N and Eagle are service marks of Nationwide Mutual Insurance Company.