AFP ClickFit Campaign | October 2025

Construction Is
Under Attack

The Australian Federal Police launched ClickFit, a national cybercrime awareness campaign, after flagging construction as a prime target for organised cybercrime. High-value transactions, complex subcontractor chains and under-invested IT are costing the industry millions.

$152.6M
Lost to BEC scams in Australia in 2024
+66%
Increase in BEC losses from previous year
#1
Construction is the most targeted sector

Sources: AFP ClickFit Campaign & Media Release Oct 2025, National Anti-Scams Centre 2024 Targeting Scams Report, ASD Annual Cyber Threat Report

⚡ Know the Threats

How Construction Companies
Are Being Hit

These aren't hypothetical. These attacks are happening to Australian builders, contractors, and developers right now.

💸

Payment Redirect Fraud

Criminals intercept invoices between builders and subcontractors, changing bank details. One payment goes to the wrong account and the money vanishes offshore within hours.

Avg loss: $130,000+ per incident
🔒

Ransomware on Project Systems

Project management tools, estimating software, and shared drives get encrypted. Deadlines don't move, so victims pay. Construction firms have a 17% ransomware breach rate.

Avg downtime: 21 days
🔑

Credential Theft

Shared logins on site offices, reused passwords across suppliers, and no MFA. One stolen credential gives attackers access to email, financials, and project docs.

80% of breaches involve stolen credentials
📧

Business Email Compromise

Attackers monitor real project emails for weeks, then strike with perfectly timed fake invoices. The AFP says construction's complex subcontractor chains make it uniquely vulnerable.

13% of all reported AU cybercrimes
🚔 AFP ClickFit Campaign

The AFP Says:
Are You ClickFit?

In October 2025, the AFP launched ClickFit, a national awareness campaign through the Joint Policing Cybercrime Coordination Centre, specifically warning that construction businesses are prime targets for BEC scams and cybercrime.

The campaign compares cyber awareness to road safety: just like drivers learn to spot hazards, businesses need to check their digital blind spots like suspicious emails, fake invoices and urgent payment requests that catch you when you're rushing between sites.

🚔 Based on the AFP ClickFit Campaign
The AFP's 6 Steps to Stay Safe
1
Strong PassphrasesLong, unique passphrases for every account
2
Enable MFAAdd an extra lock, even if your password is stolen
3
Install UpdatesKeep devices and apps patched and secure
4
Stay Alert to ScamsBe aware of emerging threats and new tactics
5
Stop & Think Before You ClickDon't rush. Scammers rely on distraction
6
Verify Before You PayContact the source directly before clicking, paying, or calling
📋 Free Assessment

Cyber Security Health Check

Answer 12 questions to get your personalised risk score and recommendations. Takes about 3 minutes. All answers stay in your browser. Nothing is sent anywhere unless you choose to share your results.

🕐 ~3 minutes  |  12 questions  |  100% private


Question 1 of 120%
0

🎯 Your Priority Recommendations

Let's Fix This Before It Costs You

Interpret Technology specialises in securing construction businesses. Book a free 30-minute call and we'll walk through your results together.

Book a Free Call → Email Us