The Federal Bureau of Investigation (FBI) warned private sector companies of scammers impersonating construction companies in business email compromise (BEC) attacks targeting organizations from multiple US critical infrastructure sectors.
BEC scammers use various tactics (including social engineering and phishing) to compromise or impersonate business email accounts with the end goal of redirecting pending or future payments to bank accounts under their control.
The warning was issued via a TLP:GREEN Private Industry Notification (PIN) sent to organizations today to help cybersecurity professionals defend against these active attacks.
According to the FBI, threat actors exploit construction companies’ ongoing, completed, or awarded business relations to defraud their private and public sector clients.
