Blue Collar Labs

Defend

The wire that goes out at 4:55 PM
isn't the AP person's fault.

Small trades shops are now the most-targeted bracket for business-email-compromise and voice-clone wire fraud. The average loss is high enough to be worth an attacker's time, and the average shop's defenses are still mostly "the AP person is careful." That's not enough anymore. Here are the two things every shop needs first — free.

Part 1

Phishing teardown — 3 real attacks.

Three real-pattern emails sent to plumbing, electrical, HVAC, and GC shops in the past six months. Identifying details changed — the patterns unchanged. Each case: the email itself, why it almost works, the three tells, the one-line BCL rule, and a drill you run in your shop next week.

  • Case 1 — fake-vendor invoice ($48k Tuesday)
  • Case 2 — CEO voice-clone wire request
  • Case 3 — fake permit / municipal-fee scam
  • Wall poster — three callback rules, print-ready

Part 2

60-minute incident containment.

The version a panicked owner uses at 11 PM. Read it cold tonight, fill in the phone numbers tomorrow, hope you never need it. Four scenarios, minute-by-minute steps, and clear hand-off points to your bank, your insurer, your IT, and the FBI.

  • Wire fraud — sent or about to send
  • Credentials phished into a fake site
  • Suspicious computer / possible ransomware
  • Suspicious voicemail asking for a wire

Send it to me

Drop your email, get the pack.

Email-gated because we want to send the next defense piece (incident postmortem template, voice-clone drill kit) when it ships. One email per drop, unsubscribe in one click, no third-party trackers. Trust scorecard.

If something is on fire right now, skip the form: the pack is also at bluecollarlabs.org/defense-pack. Stop the bleed first, give us the email later.

By submitting you agree we can email you free BCL resources. We use Notion to store the list and Netlify to receive submissions.

Why this exists

Because the shop that loses $48k can't replace it.

Trades are the new target.

Small trades shops are now the highest-yield bracket for BEC fraud. Big enough wire flows to be worth attacking, small enough that nobody's installed enterprise-grade defenses.

The first hour decides.

Banks can sometimes claw back wires within hours. After 24, often not. The incident plan is a 60-minute script because that's the window that determines whether you recover.

Free is the point.

If we charged for this, the shops that need it most wouldn't have it. We're a 501(c)(3). The cost of not handing this out is borne by the people who can least afford it.

Made for your trade

Same pack — but the opener is from your trade.

Different trades get different attacks. Pick the page that matches your shop and you'll see a real-pattern incident from your industry, not a generic "small business" example.

Electrical

Spoofed-distributor invoice fraud

Open the electrical page →

Plumbing

Fake "amended permit fee" scam

Open the plumbing page →

HVAC

Voice-clone wire verification

Open the HVAC page →

General contractor

Compromised-sub banking change

Open the GC page →

Roofing

Spoofed claim-disbursement email

Open the roofing page →

Landscaping

Customer-pivot deposit malware

Open the landscaping page →

Carpentry

Spoofed-lumberyard credit-hold

Open the carpentry page →

Mechanical / auto

Spoofed-NAPA core-charge refund

Open the mechanical page →

Want the live audit?

We'll send a fake "Joe Mendez" to your real AP person.

For shops that want to pressure-test their defenses with consent: we run a real phishing audit, debrief with your team, and hand you a remediation roadmap. Request a free audit — first ten are free, no charge ever for working trades shops.

Request a free phishing audit →