Defend · For carpentry & framing shops
The "lumberyard credit hold"
isn't from your yard.
Framing crews run on lumberyard credit lines — net-30 with 84 Lumber, US LBM, the local yard. Crews pull material daily, the office reconciles weekly, and the owner trusts the yard rep he has known for ten years. Attackers know exactly when statements close, exactly which yards a shop runs through (it's on the truck and in every job photo on Facebook), and the "your credit line is on hold, pay this week or no pickup Monday" lure works every time at month-end.
Public job photos + statement timing = a perfectly targeted credit-hold lure.
Real-pattern incident · Carpentry
Real-pattern: spoofed lumberyard credit-hold notice ($18k)
The setup
Framing contractor in NJ, 12-person crew, three open builds. Standing weekly tickets at the local 84 Lumber. Owner posts truck-load photos to the company Facebook every Friday — yard branding clearly visible.
The bait
Email arrives last Thursday of the month from "credit@84lumber-billing.net" (real domain is 84lumber.com). "Your account is past due $18,400. Credit line frozen Monday 7 AM. Pay via this portal to keep Monday's pull." The portal is a credential-harvesting page that also runs an ACH form.
Why it works
The attacker named the right yard (Facebook), the right cadence (statement close), and the right consequence (no Monday pull = crew sits idle = $4k/day burn). The owner pays personally to keep the framing schedule. Statement was never past due.
The one-line BCL rule
Any banking change — new wire, new ACH, new account — gets a phone callback to a known number, every time, no exceptions, even if it slows a draw by a day.
Part 1
Phishing teardown — 3 real attacks.
Three real-pattern emails sent to plumbing, electrical, HVAC, and GC shops in the past six months. Identifying details changed — the patterns unchanged. Each case: the email itself, why it almost works, the three tells, the one-line BCL rule, and a drill you run in your shop next week.
Part 2
60-minute incident containment.
The version a panicked owner uses at 11 PM. Read it cold tonight, fill in the phone numbers tomorrow, hope you never need it. Four scenarios, minute-by-minute steps, and clear hand-off points to your bank, your insurer, your IT, and the FBI.
Send it to me
Drop your email, get the pack.
Email-gated because we want to send the next defense piece (incident postmortem template, voice-clone drill kit) when it ships. One email per drop, unsubscribe in one click, no third-party trackers. Trust scorecard.
If something is on fire right now, skip the form: the pack is also at bluecollarlabs.org/defense-pack. Stop the bleed first, give us the email later.
Want the live audit?
We'll send a fake "Joe Mendez" to your real AP person.
For carpentry & framing shops that want to pressure-test their defenses with consent: we run a real phishing audit, debrief with your team, and hand you a remediation roadmap. First ten audits are free, no charge ever for working trades shops.