Every job brings dozens of new contacts. Won't Rythm slow us down?

No. Known contacts from past jobs are already on your guest list. For new subs, architects, inspectors, and suppliers on a fresh project, they either pay a small cover charge you set (about four cents by default) or wait in a separate folder for your review. Real contractors with a real bid do not hesitate at a nickel.

Is this going to interfere with emails from clients and general contractors we work with?

Anyone you have already emailed with is on your guest list automatically. Rythm builds the list from your Gmail or Outlook contacts, sent folder, and inbox activity. Your existing GCs, clients, vendors, and suppliers are already there.

What if a vendor sends an invoice from a new billing email address?

The first time, it is an unknown sender. Either they pay the cover charge and the invoice lands in your inbox marked PAID, or it waits in the review folder. Because the new address is already flagged as unknown-sender, an 'updated wire instructions' request gets the scrutiny it deserves instead of being mixed in with routine mail.

Does Rythm work for a small office with one person doing the books?

Yes. It is designed for exactly that situation. No IT team required. Twelve-minute setup. Works with Gmail or Outlook. $1.65 per month per mailbox. Cancel anytime.

What does the cover charge do to our margin if we have a lot of legitimate unknown senders?

The cover charge goes to you, not to Rythm. Every real new supplier, inspector, or client who pays four cents settles straight to your own Lightning wallet, not to your business as a cost.

Email Security for Construction & Trades Companies (2026)

Invoice fraud is rampant in construction. Every job brings new contacts, which is what attackers count on. A structural filter for a fast operation.

Construction runs on a handful of hard truths. The margins are tight. The cash flow is lumpy. Every job has dozens of new contacts. And the email that says “hey, small change to our wire instructions for this week’s draw” looks exactly the same whether it came from your real plumbing sub or from an attacker who has been reading the thread for three weeks.

This is why invoice fraud has become a structural problem in the trades. Not because contractors are careless. Because the business model of construction, many parties, fast pace, high-trust email, new contacts every week, is the exact business model that attackers optimize for.

Why Construction Is a High-Value Target

Every active project is a pipe full of payments. Draws from the owner. Payments to the GC. Payments from the GC to the subs. Invoices for materials. Change orders. Deposits. Final balloons. Every one of those is a wire or an ACH that moves based on an email.

Every job also multiplies the contact list. You have worked with 200 subs and suppliers over the last five years. This quarter, you are also working with 30 new ones, plus the owner’s architects, the inspector, the lender’s rep, the title company, and the general contractor’s assistant who just replaced the one who left. Every new address is a potential target and a potential attacker surface.

And the industry runs on email. Not a procurement portal. Not a secure document exchange. Email. Which means the single tool your operations rely on is the single tool attackers use.

The Attack, in Detail

A contractor’s inbox gets compromised at any point in the supply chain, yours, a sub’s, a supplier’s, an owner’s, a lender’s. The attacker does not act immediately. They sit. They read thread after thread. They learn the cadence. They figure out who emails whom about what.

When a wire or ACH is coming up (draw day, closing, final payment), the attacker sends a carefully written email from a lookalike domain. “Quick heads up, we are switching banks for this draw, updated wire info attached.” The letterhead is right. The language is right. The timing is right. The only thing wrong is the routing number.

Six figures transfer. The money is in an overseas account within an hour. The real sub calls three days later asking where the payment is, and nobody can find it.

This is not hypothetical. This is a routine Friday in some corner of the construction industry, every week. And the victim is almost always a small to mid-size GC or trades business with no IT department, running on a Gmail account and a spreadsheet.

Why Standard Filters Do Not Catch This

Nothing in the fake invoice email is technically spam. No malware. No suspicious links. No grammar red flags. Just a polite, professional note from what looks like the right person, at roughly the right time, about the right deal. Gmail and Outlook spam filters let it through because their job is to catch mass fraud, not one-off impersonation. This is the signature feature of business email compromise: it looks like normal email, on purpose.

Training does not solve it either. The office manager who has been trained to call and verify wire changes will skip the call on the day the site is behind schedule and the sub is pushing for payment to keep framing moving.

What fixes it is structural. Not a reminder to pay attention. A system that does not let an unknown sender into the thread on the same terms as a known one.

What Rythm Does for a Trades Business

Rythm puts a bouncer on your Gmail or Outlook inbox. All of your past subs, suppliers, inspectors, and clients are on your guest list automatically. Anyone you have emailed before is a known sender. Their mail reaches you untouched.

Unknown senders have two options. Pay a small cover charge you set (about four cents by default) and the email lands in your inbox marked PAID, with the sender added to your guest list going forward. Or skip the payment, in which case the email waits in a separate folder for your review. You drag it to inbox and they are on the list. You ignore it and they stay in the folder. Nothing is ever deleted.

For a legitimate new sub bidding on a job, four cents is invisible. For a real supplier opening an account, four cents is invisible. For a potential new client asking for a bid, four cents is invisible.

For an attacker trying to slip a fake-invoice email from a lookalike domain into the thread? The domain is unknown. It is not on your guest list, because it was never there. To reach you, they either pay (leaving a payment trail and still landing in a flagged context) or they go into the review folder with “unknown sender” context flashing, where a fraudulent wire request reads very differently than it would in the main inbox.

The filter is binary. Known or unknown. Deterministic, rule-based, not an AI guessing.

The Math

The FBI IC3 regularly reports hundreds of millions in annual BEC losses across industries, with construction and real estate among the most targeted. A single fake-invoice incident at a small GC can be $50,000 to $200,000 gone.

Rythm is $1.65 per user per month, or about $20 per year.

For a construction business where one avoided fraud incident can be the difference between a good year and insolvency, the math is not complicated.

What It Does Not Change About Your Operation

Your email address stays the same. No migration. No new inbox. No provider switch. Your office manager does not need to learn a new tool. Your subs and suppliers do not see anything different, because they are already on your guest list.

If anything ever breaks on Rythm’s end, email delivers normally. Fail-open architecture. You do not miss a draw notice because of a Rythm issue.

Setup is twelve minutes. Sign in with Gmail or Outlook, link a Lightning wallet (Cash App, Strike, Blink, or Primal all work, guided setup), set your cover charge, and the bouncer is active.

The Takeaway for Trades Owners

Your trucks have GPS. Your yard has a fence. Your safe has a combination. Your email, by default, has nothing. Any stranger can reach your office manager at draw speed for free. Attackers know this. They have been running the same playbook on small trades businesses for a decade.

A bouncer on the inbox is the cheapest, fastest, most structural upgrade a trades business can make to its fraud exposure. Less than one tank of gas a month. Twelve minutes to set up. No IT department required. And every real new vendor or client who pays a nickel to reach you makes the cost of the subscription go down.

One fake invoice ends some construction businesses. One subscription at $1.65 a month changes the math on whether that invoice ever lands.

One Fake Subcontractor Invoice. The Right Letterhead. The Wrong Bank Account.