Heading out for a site visit in St. George? Booking flights for a conference in Vegas? Whether you’re the Ops Director handling reservations or the project manager finally taking that long-overdue family trip, there’s a scam out there with your name on it.
Cybercriminals are exploiting travel season, and construction firms in Salt Lake City are more at risk than they think.
The New Phishing Scam Hitting Utah Job Sites
Here’s how it works:
- You Get A "Confirmation" Email You Never Expected
It looks official. The sender appears to be Expedia, Delta, or Marriott. The email is crisp, branded, and urgent:
- "Your Trip To San Diego Has Been Confirmed! Click Here For Details"
- "Your Flight Has Been Canceled. Rebook Now."
- "Urgent: Confirm Your Hotel Reservation Before It Expires"
For anyone handling travel bookings for superintendents, estimators, or execs, this lands right in your workflow.
- You Click The Link – And Walk Right Into A Trap
The link sends you to a page that looks like the real deal. Only it’s not. When you type in your username and password? It goes straight to the hacker.
If you update payment info? Your company card could be drained.
If there’s a malware attachment? You’ve just infected your machine – and possibly the whole network back at HQ.
Why This Scam Works So Well In Construction Offices
Because it blends right into the chaos.
In Salt Lake construction companies, one person often manages all travel: bidding trips, out-of-state inspections, supplier site visits, even continuing ed. That person is buried in a mountain of confirmation emails. One more "urgent travel update"? Easy to click.
These phishing emails:
- Use real logos and email formatting
- Appear to come from trusted brands
- Trigger panic with last-minute changes
- Are sent during peak business hours when focus is low
One wrong click from your travel coordinator or project admin, and you’re dealing with compromised login credentials, stolen financial data, or worse—malware on your network.
Real Talk: This Isn’t Just About Personal Security
It’s about business continuity.
Salt Lake construction firms run tight schedules. Any delay in travel can mess with project timelines. But worse? A cybersecurity breach triggered by a fake Delta email can halt operations entirely. One local GC had to pause all bid submissions for a week after a ransomware infection. All because their office assistant clicked a fake travel update.
What Salt Lake Contractors Need To Do NOW
- Train Your Team
If your admin or ops lead handles bookings, make sure they know these scams exist. - Always Verify Outside The Email
Don’t click the link. Go to the travel provider’s website directly and log in from there. - Double-Check The Sender’s Address
Scammers use domains like "@deltaair-us.com" or "@marriottco.info" to trick the eye. - Use MFA Everywhere
Even if credentials are stolen, multifactor authentication stops the hacker cold. - Tighten Email Security
Filter out phishing emails before they hit your inbox. The right IT partner can make this happen.
Don’t Let A Fake Vacation Email Derail Your Jobsite
Cybercriminals are counting on your team being busy, distracted, and under pressure. That’s why they strike when you’re finalizing travel, prepping for conferences, or pushing toward project deadlines.
Let’s make sure they don’t win.
Start with a FREE Cybersecurity Assessment tailored for Salt Lake construction firms. We’ll check for vulnerabilities, lock down your email systems, and help protect your team from travel-related phishing attacks.
Click here to schedule your FREE assessment today.
