Our brand is being used to commit fraud, targeted at our customers and suppliers, potentially causing damage through business disruption and considerable financial loss to those targeted. As standard practice Balfour Beatty are using key technologies to prevent attacks and, where possible, take proactive steps to detect fraudulent domains, but your help is needed to flag security concerns where you believe our brand is being abused to target you.
To commit this type of fraud, criminal organisations register domain names that will show similarities to our own. Balfour Beatty use the domain name www.balfourbeatty.com, this domain underpins our main website and any emails sent by us. We’re asking you, therefore, to take steps to think before you click; check to see if the domain of the email you have received is misspelt such as, ‘ballfourbeatty.com’ (note the two l’s) or additional words such as, ‘balfourbeatty-supplychain.com’. These are just two examples you should look for.
We do not use free/public email services such as outlook.com and gmail.com to conduct legitimate business.
Think before you click
Do
- Keep an eye on the red flags caused by fraudulent domains targeting you for purposes of fraud
- Take caution with any request to change our bank details, always check with known contacts or via details on the contact us page on our official website
- We have a strict process for advising on bank account changes and these will always be requested by an account manager and verified by telephone. If you receive a request by someone you do not recognise, ignore the request and follow your phishing reporting methods
- Keep an eye out for poor grammar and spelling in any correspondence
- Be vigilant for domains being used which are a misspelling of our brand name
- Note that any emails we send will be Domain-based Message Authentication, Reporting & Conformance, DMARC, signed – you can check with your IT department to verify this
- If you are suspicious, verify if the email being requested falls in line with our processes
- We would request your support in flagging any suspicious activity to law enforcement via Action Fraud
- If you have received any suspicious emails, we would also be very grateful if you forward them to your account manager to verify.
Don’t
- Assume any domain containing our brand name Balfour Beatty is legitimate
- Engage in communication, in any way, if you are suspicious
- Assume any other detail on suspicious correspondence are real (e.g. telephone numbers, delivery addresses)
- Rely on the banking system to protect you from fraud.