The contractor's project manager asked for money due, $735,000 under Payment Application 13, to be sent by the owner electronically. "Hi Rick," the project manager, whose first name is Jalen, wrote in an email dated Aug. 15. "Can we have payments remitted electronically as we currently have numerous uncleared checks on hold?"
"Let me know what is required to effect this change," Jalen added.
The contractor's client, Beck Properties of Minnesota, was building a $5.3-million warehouse and office in South St. Paul, Minn., last year. It referred Jalen's request to its bank lender for the project, which turned to the bank's escrowed funds disbursement agent. The agent, FSA Title Services, required Jalen to fill out a form and notarize it as a condition to switch from paper payments on the project for the first time.
When that was done, Beck Properties transmitted the funds—and that was the last time anyone on the project saw or could locate the money.
As it turned out, Jalen likely wasn't Jalen—and the bank account to which fake Jalen had the funds sent belonged to cyber thieves, according to a lawsuit filed in state court by the developer.
They appear to have impersonated Jalen with highly convincing emails bearing the logo and signature block used by the real Jalen's employer, R.J. Ryan Construction Co., a general contractor and construction manager based in Mendota Heights, Minn.
Before striking, cyber crooks are even able to study the business email writing style of contractors or the people involved in a project to "spoof" or imitate them, according to a recent report.
Construction projects pose especially tempting targets for cyber crime. Three years ago, the Federal Bureau of Investigation warned the industry about hijacked payment scams in which the emails contain the legitimate company's logo and signature line. After the theft of funds, "days and weeks may pass before the victim" knows what has happened, the FBI wrote in its warning notice.
Now, generative artificial intelligence has made these crimes easier and deepened the risk, according to consultant Perception Point's report, 2024: The State of Phishing.
"GenAI," the report states, "can produce content that is almost indistinguishable from human-written texts, mimicking the sentiment and writing style of organizations and specific people."
In addition to the hundreds of thousands of dollars intended to pay six warehouse project subcontractors and suppliers—all have filed liens against Beck Properties' new warehouse—the theft has led to a costly legal tangle that was first reported in the Minneapolis Star-Tribune.
Text of allegedly fraudulent email involved in the Minnesota payment scam. Source: Minnesota courts
In a negligence, fraud and breach-of-contract lawsuit in state court against R.J. Ryan Construction and FSA Title Services, Beck Properties alleges that the contractor failed to "exercise due care" in maintaining and securing its email system to prevent its use in harming third parties and that the company "could have and should have" immediately recognized that its system had been compromised. The owner's complaint also accuses FSA Title Services of failing to adequately scrutinize the funds request, as required under its contract, or to comply with the company's own policy of relying only on original copies of requested documents.
The stolen payment was not detected for about one month, court records show.
Neither R.J. Ryan Construction, FSA Title Services nor their attorneys could be reached for comment, and the contractor has not yet filed a formal reply to Beck Properties' complaint. The owner claims Ryan has stated that it had solid two-step authentication for email security and had trained its staff in safe email handling practices.
Beck Properties also claims the deception could have been carried out by people inside the contractor or with knowledge or access to its email system.
FSA Title Services has also given its view of the events.
Company President Kristina Braun said in a March 20 affidavit that the firm had performed all required diligence to attempt to verify Payment Application 13 and that it had even contacted R.J. Ryan's project manager, Jalen, by email and phone, about the changed payment method. In the phone conversation, Braun claims Jalen expressed no surprise or concern that the payment was to be submitted electronically.
An image of an allegedly fraudulently created notarized fund request. Source: Minnesota courts
Under a liability insurance policy provided by Hanover Atlantic Insurance, FSA Title Services expects to collect a $200,000 claim, the company's attorney stated in a letter in the court record. But the attorney wrote that the client intends to use those funds for its legal defense.
Beck Properties has also included the six subcontractors and suppliers that filed liens against the warehouse property as defendants, asking the court to consider the owner's claim for damages as well as that of the subcontractors seeking payments from Beck via their liens.