Last month, a roofing company in Manchester, England, became the target of a sophisticated online scam that highlights the growing cybersecurity risks for contractors.

Evo Roofing, a specialist roofing contractor, fell victim to what security experts call a cloning scam. Fraudsters copied its website and business profile to pose as a reputable company. 

The scheme only came to light when customers began posting negative reviews about substandard work they mistakenly believed was done by Evo Roofing.

“I couldn’t believe it – we would never do a bad job,” Evo Roofing’s managing director, Christian Pereira, told the Lancashire Post, which first reported the story..

Understanding Website Cloning

Website cloning occurs when cybercriminals create counterfeit websites that mimic legitimate businesses. These fraudulent sites exploit a company’s good reputation to deceive customers.

While precise statistics on website cloning are limited, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency classify it under the broader category of phishing, a widespread cyberthreat.

Many roofing contractors operate small- to medium-sized businesses that lack the extensive cybersecurity measures of larger corporations, making them attractive targets for scammers. Without dedicated cybersecurity resources, vigilance is essential.

Darren Guccione, CEO of Keeper Security, a Chicago-based cybersecurity software provider, warns businesses to look for slight discrepancies in domain names.

“A key red flag is the domain name — fake sites often use slight misspellings or extra characters, like ‘evorooflng.com’ instead of ‘evoroofing.com,’” Guccione said. “Businesses should register similar domain variations when possible and educate customers to verify URLs before interacting.”

On social media, scammers may create lookalike pages with stolen logos but few followers, generic posts, or recent creation dates. Transparency is crucial: businesses should list their official website, contact details, and social media accounts to help customers distinguish real from fake.

“If impersonation happens, acting fast is critical — report fraudulent pages, warn customers directly and reinforce trusted channels to minimize confusion and reputational harm,” Guccione said.  

It Happened to Him

Forrest Webber, owner of The Trade Table, an online home improvement site, said his operation fell victim to a website clone. Unlike Evo Roofing, he didn’t have dissatisfied customers to alert him to the problem. 

“I was just doing some looking through my backlinks on my e-commerce store and saw this website, the tradetableshop.com, and was like, ‘Oh, that's weird, I wonder what that is,’” he said, thinking at first it was perhaps a subdomain of Shopify, an online commerce platform.

After further digging, he discovered a nearly identical website called “thetradetable.com” and contacted the impostor’s web hosting company, leaving a negative review to prompt them to take action. 

“I had to leave a negative review to get them to respond to me,” he said. “I was like, ‘hey, I'll take this [review] down if you respond to me.”

Contractors in the Crosshairs

According to Jay Houghton, senior counsel at law firm Seyfarth Shaw, digital tools can enhance collaboration and productivity and expose contractors to cyber risks.

Cybersecurity firm Kroll reported that cyberattacks on construction companies doubled from 2023 to 2024. Analyst John Dilgen of ReliaQuest noted that phishing and ransomware attacks in the industry rose by 83% and 41%, respectively, in that period.

Mohammad Yaqubto, a business consultant in New York who maintains a blog called BusinessDasher, noted that ransomware has become pervasive. The malicious software encrypts a victim's data, holding it hostage until a ransom is paid. It effectively locks users out of their systems or files and demands payment for the decryption key.

When ransomware stories make the headlines, it’s often because large institutions like hospitals have fallen victim. However, Yaqubto compiled statistics showing how widespread the problem has become for small businesses. He said small businesses receive 85% of all ransomware attacks, and one-third of companies hit by ransomware last year had under 100 employees. The average cost of a ransomware attack is $26,000.

How Roofers Protect Themselves

As cyberthreats grow, contractors must proactively protect their businesses. Houghton, the San Francisco-based construction attorney, suggests several key measures:

• Cybersecurity Training: Educate employees on recognizing cyberthreats through programs like KnowBe4 and SANS Institute.
• Domain Monitoring: Regularly check for fraudulent websites impersonating your business.
• Cybersecurity Technologies: Use antivirus software, intrusion detection systems, and encryption tools to secure sensitive data.
• Data Backup and Recovery: Maintain secure backups to enable quick recovery from cyberattacks.
• Multi-Factor Authentication: Additional verification steps beyond usernames and passwords are required.
• Software Updates: Regularly update software to fix security vulnerabilities.
• Incident Response Plan: Establish a clear protocol for responding to cyberthreats.
• Cyber Insurance: Protect against financial losses resulting from cyberattacks.
• Legal Protections: Ensure contracts include cybersecurity responsibilities and indemnity clauses.

Staying Vigilant in a Digital World

Casey Ellis, founder of Bugcrowd, emphasizes the importance of brand monitoring services in detecting and shutting down impersonation attempts.

“In terms of prevention, digital identity/brand monitoring and takedown services are useful tools for companies wanting to prevent this type of thing,” she said.

Ultimately, cyber risks for contractors are significant but can be managed. The key is to implement proactive cyber risk-mitigation tactics. With proper planning, training, technology, and risk management, construction can defend against digital threats. 

Anna Anderson, CEO of Art Unlimited, urges roofing contractors to take ownership of their digital presence.

“We strongly recommend trademarking your brand and setting up daily Google Alerts to monitor online mentions,” Anderson said. “Scammers are taking advantage of technology to spoof trusted brands and resell leads. Being proactive is key.”

5 Takeaways

• Website Cloning Scams Are Rising: Fraudsters are copying business websites to deceive customers, as seen with Evo Roofing, leading to reputational damage.  
• Construction Industry Is a Prime Target: Cyberattacks on contractors are increasing, with phishing and ransomware incidents soaring in recent years.  
• Domain Name Red Flags: Scammers often use slight misspellings or extra characters in URLs to trick customers; businesses should monitor and secure domain variations.  
• Proactive Cybersecurity Measures Are Crucial: To stay secure, contractors should implement training, domain monitoring, multi-factor authentication, and regular software updates.  
• Rapid Response Is Key: If impersonation occurs, businesses must act fast by reporting fraudulent sites, warning customers, and reinforcing official communication channels.