Shaky Ground: Why Cyberattacks Hit Arkansas Construction Firms/Clients

Let me tell you the hardest part of our job at TekTrendz...

Fielding an unexpected phone call from a frantic Arkansas business owner who just paid an invoice for, say, $200K or $1 million — and is only now realizing the money was sent to scammers and, in all likelihood, is gone forever.

That's the hardest part of the job. It's a gut-wrenching conversation to have. Believe us. 

Especially considering the mistake was usually preventable. 

As an MSP on the frontline in the battle against cybercriminals, our vantage point allows us to see what many other Arkansas businesses won't or can't:

• That costly multi-thousand, even million dollar cyberattacks happen every day (600 million a day, according to Microsoft)...
• That they happen right here in our state (much more frequently than meets the eye)...
• That they happen to organizations of all sizes (especially small and/or under-resourced organizations)

And, unfortunately, it just happened again.

This time to the devastating tune of $3.2 million.

This time to Pine Bluff Schools.

While we could draw many lessons from this attack, this is a good opportunity to discuss what is clearly a growing trend: 

Hackers are increasingly targeting constructions firms and their clients for scams.

First, let's briefly look at the attack on Pine Bluff Schools, and then I'll explain why construction companies and their supply chains so frequently find themselves in hackers' crosshairs.

Tragic: Pine Bluff Schools Scammed Out of $3.2 Million

As we've written elsewhere, schools are frequent, high-profile targets for cyberattacks.

The Pine Bluff School District is just the latest domino to fall. As you'll see, to get to the money, cybercriminals ingeniously manipulated the school's dealings with an Arkansas-based construction company.

The facts of the case:

• At a school board meeting on April 27, 2026, the superintendent of Pine Bluff Schools disclosed a cyberattack and subsequent payout dating back to December 17 of last year
• The district had received an invoice for $3.2 million from the construction firm working on its new $74 million high school
• A legitimate invoice had, indeed, been sent by the construction firm and received by Pine Bluff Schools
• However, cybercriminals had added fraudulent wire transfer instructions to an otherwise authentic invoice
• The bad actors had previously gained access to the district's system through an employee's compromised email account
• The district then wired the full amount of the invoice — presumably, to the hackers
• The director of finance for Pine Bluff Schools followed-up with the construction firm following payment and learned that, while an invoice had been sent, payment was never requested via wire transfer
• District leadership contacted the FBI and its banking institution — kicking off a multi-month investigation
• Pine Bluff Schools was advised to keep the attack and payout confidential during the investigation

The school district is now hopeful a "substantial portion" of the money can be reclaimed.

Of course, damage has been done — financial, political, reputational.

“This incident was not the result of an error, but rather a deliberate and highly coordinated cybercrime,” said the superintendent of PBSD . “Organizations across the country, including school districts, are increasingly being targeted by these types of attacks.”

Nevertheless, "error" or not, the school district has done what many organizations do after an attack: tighten up security. 

• Setting up stricter wire transfer procedures

   

• Requiring verbal confirmation for emailed wire transfer instructions

• Strengthening fraud prevention protocols

• Training staff on cyber awareness

It's a painful process to recount, especially for an IT provider like us. We wish we could turn back the clock and yell out something like, "Don't click that email!" and "Don't send that money!"

But, it's also process playing out repeatedly these days — with construction companies and their clients increasingly among the victims.

To put it simply, where there are construction projects, there are clear and present cyber threats. 

Let's explore why...  

Why Are Construction Firms & Their Clients Targets for Cyberattack?

There's both strong anecdotal and statistical evidence to suggest cybercriminals like picking on construction firms and their clientele. 

From news headlines to our direct conversations with constructions firms, anecdotal evidence certainly abounds. 

But what about the statistical picture? 

Nordlocker, an encrypted cloud storage company, analyzed ransomware cases transpiring between January 2022-January 2023. Of 20 industries ranked in the Nordlocker study, construction ranked #1 for most ransomware cases, followed by finance, manufacturing, and technology.

Likewise, ReliaQuest's 2023 Annual Cyber Threat Report concluded that cybercriminals target construction more frequently than any other industry. In positions 2-5, respectively, were transportation, wholesale trade, manufacturing, and retailers. Phishing attacks, the type of email-powered scam perpetrated on Pine Bluff Schools, are especially rampant in the construction industry. 

Conversations, headlines, statistical analyses...they all tell a similar story:

Construction firms — and those who work with them — are vulnerable. Vulnerable and, in many cases, unprepared.

As summarized by Construction Dive's Matthew Thibault:

"Contractors have a looming problem — most of the industry isn’t prepared for a cyberattack."

But, as you'll see below, it's not always just the contractors with the "looming problem."

It can be everyone who works with them.  

4 Reasons Arkansas Construction Firms & Clients Are Frequent Cyberattack Victims 

But why? Why is construction the current whipping post of choice by cybercriminals? 

Below are just four pressing reasons. Let's start with the most obvious. 

1. High-Value Financial Transactions

Some big invoices and payments pass between contractors and their stakeholders.

What did we say previously? The Pine Bluff School District is building a new $74 million high school campus. $74 million! Consequently, nothing mostly likely seemed out of the ordinary when the district received an invoice for $3.2 million.

High-value transactions are simply par for the course in the construction industry.  

And which would you rather target as a hacker: organizations sending out invoices in the tens or hundreds of dollars or invoices in the thousands and millions of dollars? You get the point. So does ReliaQuest's Threat Landscape Report on the construction industry:

"The construction sector is especially vulnerable to phishing because of the substantial funds involved in projects and the extensive communication networks required for billing and project management. Attackers can seamlessly blend in with the multitude of third parties and contractors commonly used by construction companies. Employees are also more likely to interact with external emails, assuming they’re from trusted partners, thereby increasing the chances of successful phishing attempts" (emphasis added).

Bottom line: When hackers see the construction industry, they see huge potential pay days. Pay days like $3.2 million.

And, yet, the excerpt above mentions another reason why contractors are preferred targets among cybercriminals...
 

2. Complex, Hectic Supply Chains

This one makes a lot of sense if you understand how cybercriminals work. You've heard the expression: a chain is only as strong as its weakest link? Well, cybercriminals have heard the saying, too, and they exploit the principle with precision and efficacy.

Construction companies often have long, winding, somewhat hectic supply chains of contractors, suppliers, and, yes, clients and client representatives. That means:

• Lots of emails and messages
• Lots of data (this could be a separate point by itself)
• Lots of — yep — invoices 

All this makes a cybercriminal's mouth water. These aren't just communications to bad actors; they're opportunities. 

Opportunities to learn, infiltrate, and scam. Not unlike what we saw in Pine Bluff. 

Here's the thing: When one member of a supply chain is vulnerable to attack, every member is vulnerable.

As Thibault of Construction Dive explained, contractors are often the "entry point through which hackers can strike at more lucrative targets — a builder’s clients" (emphasis added). 

This means a hacker can access a construction firm's system — and then opportunistically choose the victim: the firm itself, the firm's clients, even the firm's partners and suppliers. In the cybersecurity game, no company is an island. A compromise of one business should be treated a compromise of every other partner and stakeholder it the business's supply chain.

Of course, it works the other way, too.

Bad actors can get to a construction firm through the upstream or downstream of its supply chain. 

Suppliers > Firms > Clients. When one is vulnerable, everyone is vulnerable.

And the winding, complex, urgent, high-pressure supply chains of the construction industry look a lot like a hacker's playground.

3. Workforce Matters

Construction workforces are unique. They're uniquely...

• Mobile
• Fragmented
• Urgent and under pressure to deliver

Each of these is a lever bad actors can pull. A button cybercriminals can push. 

Mobile

Construction crews are often on the go and in the field, and they take their technology along for the ride. Too often, mobile technology doesn't enjoy the same level of cybersecurity protection as stationary office technology. This means lots of unsecured access points for hackers; often on public WiFi networks. A recipe for disaster cyber threats — to say the least. 

Fragmented

There's little in the way of centralized control or oversight over far-flung construction crews. It's hard, therefore, to implement cybersecurity protocols — and even harder to enforce them.

The construction project, not the cyber protection, is usually the priority.

Urgent & Under Pressure to Deliver

In the construction industry, deadlines just aren't very flexible. Now and today are the two timeframes clients understand. Regardless of the industry, cybercriminals make it their MO to exploit professionals who are running fast and "not thinking."

As the ReliaQuest TLR report put it:

"The time demands of construction projects can put pressure on users to quickly open and respond to emails—another
factor attackers leverage to increase engagement."

This, too, plays right into hackers' hands. Rush is often the enemy of cybersecurity.  

But, of course, everything is leading up to point #4, isn't it?

4. High-Speed Digitalization; Low-Speed Cybersecurity

Writing for the Construction Management Association of America's CMX newsletter, Hannah Hoeflinger and Dan Hanson described the rapid digitalization of the construction sector in recent years, as follows: 

"Over the past decade, the construction industry has become more and more reliant on technology, in particular to help manage a widely distributed workforce. Using laptops, tablets, and smartphones as a digital network, along with Wi-Fi use at field offices, home offices, and elsewhere have potentially opened the door to more cyber attacks" (emphasis added).

In other words, security has lagged behind the technological bonanza being witnessed across the construction industry.

Lots of technology; little security. 

And that's the real rub here. As sophisticated as construction firms are in the plying of their trade, this sophistication often doesn't extend to cybersecurity. They're driving technology at 100 MPH (that's good), but they're not wearing seatbelts (that's bad).

Even the implementation of cybersecurity basics like email filtering, multi-factor authentication, and strong passwords is uneven at best and nonexistent at worst. Not to say anything about the more advanced cybersecurity safeguards available today. 

It's time — well past time, really — for construction firms and their supply chain partners to "buckle up."

It's all too common for organizations to get really serious about cybersecurity after a costly attack. 

We're seeing this right now in the Pine Bluff School District. 

But with 600 million cyberattacks a day, at an average cost of $255K to small businesses, isn't it time to stop being reactive...?

...and to start being proactive about cybersecurity safeguards?

You've Got a Local, Helpful Cybersecurity Partner

As headlines and statistics attest...

As the $3.2 million phishing attack on PBPS attests...

It's time for construction companies and anyone who works with them to commit or recommit to cybersecurity. Remember, it takes only one weak link. 

But we understand cybersecurity, as technical as it is, may not be a language your business speaks.

Which is why we're here. Whether you just have questions, or you're looking for trusted, local cybersecurity services, TekTrendz has been serving businesses across a wide range of industries — including construction — since 2007.

Just reach out. We're standing by to help however we can.