Defend · For electrical shops
The "supplier" who emails on a Friday
isn't your supplier.
Electrical shops sit on a perfect target profile: weekly five-figure invoices to a known set of distributors (Graybar, Rexel, City Electric), a back-office that almost never picks up the phone after 4 PM, and a journeyman owner who trusts his AP person. That is exactly the shop attackers watch for.
Distributors send a lot of invoices. Attackers know which weeks.
Real-pattern incident · Electrical
Real-pattern: spoofed Graybar invoice ($31k)
The setup
Mid-size electrical contractor in NJ. Standing weekly invoice from a national distributor for material on three active commercial jobs.
The bait
Email arrives Thursday at 3:42 PM from "ar@graybar-billing.com" (real domain is graybar.com). Same logo, same line-item layout, same project codes pulled from publicly listed permits. New banking instructions for the wire — "we changed banks, please update."
Why it works
The shop's AP person had three live invoices from the real Graybar that week. Pattern-matching beats vigilance every time. Without a callback rule, the wire goes out before anyone notices the dash in the domain.
The one-line BCL rule
Any banking change — new wire, new ACH, new account — gets a phone callback to a known number, every time, no exceptions, even if it slows a draw by a day.
Part 1
Phishing teardown — 3 real attacks.
Three real-pattern emails sent to plumbing, electrical, HVAC, and GC shops in the past six months. Identifying details changed — the patterns unchanged. Each case: the email itself, why it almost works, the three tells, the one-line BCL rule, and a drill you run in your shop next week.
Part 2
60-minute incident containment.
The version a panicked owner uses at 11 PM. Read it cold tonight, fill in the phone numbers tomorrow, hope you never need it. Four scenarios, minute-by-minute steps, and clear hand-off points to your bank, your insurer, your IT, and the FBI.
Send it to me
Drop your email, get the pack.
Email-gated because we want to send the next defense piece (incident postmortem template, voice-clone drill kit) when it ships. One email per drop, unsubscribe in one click, no third-party trackers. Trust scorecard.
If something is on fire right now, skip the form: the pack is also at bluecollarlabs.org/defense-pack. Stop the bleed first, give us the email later.
Want the live audit?
We'll send a fake "Joe Mendez" to your real AP person.
For electrical shops that want to pressure-test their defenses with consent: we run a real phishing audit, debrief with your team, and hand you a remediation roadmap. First ten audits are free, no charge ever for working trades shops.