April 1 comes and goes. The pranks disappear. Unfortunately, the cybersecurity threats targeting Salt Lake City construction companies don't disappear with them.
Spring is one of the most active seasons for hackers — and Utah contractors are not immune. Not because your team is careless, but because project managers, estimators, and site supervisors are busy, distracted, and moving fast between job sites and the office. That's when the almost-believable scams slip through.
Here are three active cybersecurity threats hitting construction companies right now. Not targeting gullible people, but sharp, well-meaning project staff who are just trying to keep jobs moving. As you read through these, ask yourself: Would everyone on your team pause long enough to catch each one?
Scam #1: The Toll Road (or Parking Fee) Text
A project manager gets a text between site visits: "You have an unpaid toll balance of $6.99. Pay within 12 hours to avoid late fees." The amount is small. They're between jobs, so they click, pay and move on. Except the link wasn't real.
The FBI received more than 60,000 complaints about fake toll texts in 2024 alone, and volume jumped 900% in 2025. For a construction team that's constantly driving between job sites across Salt Lake City and Utah, a text about a toll charge feels completely plausible.
The guardrail: No payments through text-message links. Go directly to the official website. Never reply. Convenience is the bait. Process is the defense.
Scam #2: 'Your File Is Ready'
A project administrator receives an email that a document was shared — a project file in Procore, a blueprint attachment, or a subcontractor contract in DocuSign. The formatting looks exactly like every other notification they see. They click, enter their credentials, and now an attacker has access to your Procore environment — your entire project portfolio, subcontractor contacts, bid documents, and client information.
Phishing campaigns abusing platforms like Procore, Bluebeam, and DocuSign increased 67% in 2025. A compromised Procore account isn't just an IT problem — it's a bid security problem and a client relationship problem.
The guardrail: If a shared file wasn't expected, don't click the link. Log directly into the platform. Enable multi-factor authentication on all project management accounts.
Scam #3: The Subcontractor Invoice That Looks Too Real
For construction companies, this scam has a specific and very costly form: fake subcontractor invoices and vendor payment redirect requests. An email arrives that looks like it's from a subcontractor your team works with regularly, providing updated bank information for an upcoming payment. The email references the right project. The amount is plausible.
A 2025 study found that AI-generated phishing emails achieved a 54% click rate. For construction companies processing large vendor and subcontractor payments regularly, a single successful impersonation can redirect tens of thousands of dollars. In one recent test, 72% of employees engaged with a vendor impersonation email — 90% higher than other phishing types.
The guardrail: Any request to update bank or payment information gets verified by phone — a direct call to a number already on file, not a number in the email. Urgency is the warning sign, not the reason to act.
What This Means for Your Salt Lake City Construction Company
All of these scams exploit the pace and pressure of a busy construction operation. The real risk isn't a careless employee. It's a system that assumes everyone will always slow down and double-check when they're juggling job sites, deadlines, and subcontractors simultaneously.
If one rushed click could expose your Procore environment or redirect a subcontractor payment, that's a process problem. And process problems are fixable.
Frequently Asked Questions
What cybersecurity threats are most common for Salt Lake City construction companies?
Subcontractor invoice fraud and vendor impersonation (business email compromise) are the highest-risk threats — large payment amounts make construction companies prime targets. Platform phishing through Procore, DocuSign, and Bluebeam, and smishing targeting mobile field staff round out the top active threats.
How can construction companies protect against vendor payment fraud?
The most reliable defense is a standing verbal verification policy: any change to payment instructions or banking details must be confirmed by phone using a number already on file — never a number from the email requesting the change. Multi-factor authentication on all project management platforms significantly reduces exposure.
Does Qualit offer IT support and cybersecurity for construction companies in Salt Lake City?
Yes. Qualit provides cybersecurity and managed IT services for construction companies and contractors across Salt Lake City and the greater Utah area. A quick discovery call is a good place to start.
That's Where We Can Help
Most Salt Lake City construction owners want to keep jobs moving and know their project data, bids, and payments are protected. We'll cover:
- The cybersecurity risks Salt Lake City construction companies are seeing right now
- Where project data and payment fraud risks tend to sneak in through normal operations
- Practical ways to protect your business without slowing your office or field teams down
No pressure. No scare tactics. Just a practical conversation about protecting your projects.
