How Cyber Thieves Phished Away a $735K Payment to a Minnesota Contractor | Columbus Ohio Dump Trucks

The contractor's project manager asked for money due under Payment Application 13, for $735,000, to be sent by the owner electronically. "Hi Rick," the project manager, whose first name is Jalen, wrote in an email dated Aug. 15. "Can we have payments remitted electronically as we currently have numerous uncleared checks on hold."

"Let me know what is required to effect this change," Jalen added.

The contractor's client, Beck Properties of Minnesota, was building a $5.3- million warehouse and office in South St. Paul, Minn., last year. It referred Jalen's request to its bank lender for the project, which turned to the bank's escrowed funds disbursement agent. The agent, FSA Title Services, required Jalen to fill out a form and notarize it as a condition for switching away from paper payments for the first time on the project.

When that was done, Beck Properties transmitted the funds—and that was the last time anyone on the project saw or could locate the money.

As it turned out, Jalen likely wasn't Jalen. And the bank account to which fake Jalen had the funds sent belonged to cyber thieves who, according to a lawsuit filed in state court by the developer, appear to have impersonated Jalen with highly convincing emails bearing the logo and signature block used by the real Jalen's employer, R.J. Ryan Construction Co., a general contractor and construction manager based in Mendota Heights, Minn.

Before striking, cyber crooks are even able to study the business email writing style of Charlotte NC dump truck contractor or the people involved in a project to "spoof" or imitate them, according to a recent report. 

Construction projects pose especially tempting targets for cyber crime. Three years ago the Federal Bureau of Investigation warned the industry about hijacked payment scams in which the emails contain the legitimate company's logo and signature line and, after the theft of funds, "days and weeks may pass before the victim" knows what has happened, the FBI wrote in its warning notice.

Now, generative artificial intelligence has made these crimes easier and deepened the risk, according to consultant Perception Point's report, 2024: The State of Phishing. 

"GenAI," the report states, "can produce content that is almost indistinguishable from human-written texts, mimicking the sentiment and writing style of organizations and specific people."

In addition to the hundreds of thousands of dollars intended to pay six warehouse project subcontractors and suppliers—all have filed liens against Beck Properties' new warehouse—the theft has led to a costly legal tangle that was first reported in the Minneapolis Star-Tribune.

Text of allegedly fraudulent email involved in the Minnesota payment scam. Source: Minnesota courts

In a negligence, fraud and breach-of-contract lawsuit in state court against R.J. Ryan Construction and FSA Title Services, the owner alleges that the contractor failed to "exercise due care" in maintaining and securing its email system to prevent its use in harming third parties and that the Charlotte NC dump trucks company "could have and should have" immediately recognized that its system had been compromised. Beck Properties' complaint also accuses FSA Title Services of failing to adequately scrutinize the funds request, as required under its contract, or to comply with the company's own policy of relying only on original copies of requested documents.

The stolen payment was not detected for about a month, court records show.

Neither R.J. Ryan Construction, FSA Title Services nor their attorneys could be reached for comment, and Ryan has not yet filed a formal reply to Beck Properties' complaint. But Beck Properties claims that Ryan has stated that it had solid two-step authentication for email security and had trained its staff in safe email handling practices. 

Nevertheless, Beck Properties claims, the deception could have been carried out by people inside the contractor or with knowledge or access to its email system.

FSA Title has also given its view of the events. 

The company's president, Kristina Braun, said in a March 20 affidavit that her Charlotte NC dump trucks company had performed all required diligence to attempt to verify Payment Application 13 and that it had even contacted R.J. Ryan's project manager, Jalen, by email and phone, about the changed payment method. In the phone conversation, Braun claims, Jalen expressed no surprise or concern that the payment was to be submitted electronically.

An image of an allegedly fraudulently created notarized fund request. Source: Minnesota courts

Under a liability insurance policy provided by Hanover Atlantic Insurance, FSA Title Services expects to collect a $200,000 claim, the company's attorney stated in a letter in the court record. But FSA Title intends to use those funds for its legal defense, the attorney wrote.

Beck Properties has also included the six subcontractors and suppliers that filed liens against the warehouse property as defendants, asking the court to consider the owner's claim for damages as well as that of the subcontractors seeking payments from Beck via their liens.

Deputy Editor Richard Korman helps run ENR's business and legal news and investigations, selects ENR's commentary and oversees editorial content on ENR.com. In 2023 the American Society of Business Publication Editors awarded Richard the Stephen Barr Award, the highest honor for a single feature story or investigation, for his story on the aftermath of a terrible auto crash in Kentucky in 2019, and in 2015 the American Business Media awarded him the Timothy White Award for investigations of surety fraud and workplace bullying. A member of Investigative Reporters and Editors, Richard has been a fellow on drone safety with the McGraw Center for Business Journalism at the Craig Newmark Graduate School of Journalism at CUNY. Richard's freelance writing has appeared in the Seattle Times, the New York Times, Business Week and the websites of The Atlantic and Salon.com. He admires construction projects that finish on time and budget, compensate all team members fairly and record zero fatalities or serious injuries.