Wire fraud targeting construction companies averaged $447,000 per incident in 2023. Subcontractor change-of-banking emails, spoofed Procore notifications, and jobsite Wi-Fi credential theft are hitting GCs and specialty subs daily — and most of your team has never been trained to recognize them.
Attackers impersonate architects, owners, or GC project managers with spoofed email addresses and fake draw/change order requests. The email looks exactly like the usual process. The wire goes to the wrong account — and recovery is nearly impossible. Average loss for mid-size construction firms: $380,000.
A specialty sub sends an email updating their ACH routing details before a large pay app. The email is perfectly formatted, the contact name is right, the project name matches. Payment hits the attacker account. By the time the sub calls asking where the wire went, days have passed. The GC eats the loss.
Project management and design collaboration platforms (Procore, Bluebeam, PlanGrid, Buildertrend) store sub contact info, bids, RFIs, and cost data. A phishing email to an admin account can deploy ransomware that encrypts every active project folder. Recovery from an encrypted Procore environment takes 2–6 weeks — during which you miss submittal deadlines, RFIs, and potentially bonding milestones.
Field supervisors and PMs check project portals from jobsite Wi-Fi networks with no access controls. Unpatched phones, open networks, and session-cookie theft mean a lost or compromised phone can hand an attacker access to every active project, sub list, and change-order log. No VPN, no MDM, no alert.
Cyber insurance underwriters are now requiring documented security awareness training before binding construction firm policies — and most bonding companies include cybersecurity hygiene questions in prequalification questionnaires. For federally funded projects (DOD, GSA, DOT), NIST SP 800-171 and DFARS clause 7012 require controlled unclassified information (CUI) safeguards including workforce training. CIS Controls v8 for the construction industry maps directly to the technical and administrative controls your clients and insurers are already asking about.
"A PM received an email from what looked like our largest subcontractor updating their bank routing info. He was about to approve the pay app — then he stopped. "This is exactly what SecurEveryone told us to watch for." He called the sub directly, caught the scam, and saved the entire pay app amount."
— Controller, Mid-size General Contractor
"Our project executive and I went through the executive session. Three weeks later, we caught a spoofed architect email asking for a $290,000 draw acceleration. The formatting was perfect. The sender address had one character off. We had the checklist memorized from the session."
— Project Executive, Regional Construction Management Firm
"We onboarding 20+ subs per project. Credential hygiene was a mess — nobody had a real offboarding process when a sub wrapped. SecurEveryone helped us build a credential checklist that now goes into every sub agreement. No more orphaned Procore accounts."
— IT Manager, Specialty Subcontractor Firm
Procore itself is well-secured — the risk is your team credentials. Phishing emails impersonating Procore notifications are one of the most common vectors we see in construction. Session tokens, API keys, and admin-level accounts are the targets. Our session includes a credential audit for your Procore account and a written protocol for credential hygiene across your project management stack.
Increasingly yes. Cyber incidents involving subs create liability exposure for GCs, and bonding companies and project owners are adding cybersecurity questionnaire requirements to prequalification. A GC with documented cybersecurity training for all project participants — including sub trades — is better positioned in prequal and has stronger defenses when a sub compromise ripples upstream.
Most commercial cyber insurers now require: documented security awareness training for all employees, MFA on email and project management platforms, regular backups with offline copies, an incident response plan, and proof of vendor/supplier credential hygiene. The training certificate from our session serves as documented evidence for underwriting questionnaires and renewal applications.
The Business-tier session is designed for exactly this. It runs as a live 2-hour webinar with unlimited participants — office staff and field personnel join from wherever they are. We cover mobile device security, jobsite Wi-Fi risks, and credential management specifically for field conditions. The role-specific guidance lands better with supers and foremen than generic cybersecurity content.
Yes — if you handle CUI (controlled unclassified information) on federal projects, DFARS clause 7012 and NIST SP 800-171 apply. Even if you don’t handle CUI directly, project owners and primes are increasingly flowing cybersecurity requirements down to all tiers. Our Executive session includes a walkthrough of the NIST framework as it applies to construction firm workflows — including document management, sub-tier communication, and field collaboration.
Take our free Phishing IQ Quiz to benchmark your team's awareness in 5 minutes — or book a 15-minute consult with one of our instructors.