ServiceM8, Tradify and simPRO Ransomware — The Tradie Cyber Threat No One Talks About

Melbourne trade businesses — electricians, plumbers, mechanics, builders and other tradies — are increasingly targeted by ransomware that specifically focuses on job management software. ServiceM8, Tradify, simPRO, GeoOP and similar platforms contain your entire business history — customer details, job records, invoicing data, and scheduling information. Losing access to this data, even temporarily, can be devastating.

What a Ransomware Attack Means for Your Trade Business

If ransomware encrypts your ServiceM8 or Tradify data — either locally or by compromising your account credentials — you immediately lose access to your entire job schedule, customer contacts, invoicing history, and quote templates. You cannot invoice existing customers, follow up on outstanding jobs, or access the contact details of customers you have built relationships with over years. For sole traders or small teams, this can mean weeks of lost income and potentially unrecoverable customer relationships.

The ATO Impersonation Attack on Tradies

Melbourne tradies are specifically targeted by ATO impersonation phone scams — callers claiming your ABN will be cancelled or that you owe tax debts that must be paid immediately. These calls use publicly available ABN registry data to personalise the scam. Scammers may also target your accounting software — MYOB, Xero, or QuickBooks — through phishing emails that appear to come from the software provider. With access to your accounting software, criminals can modify invoice payment details, redirect payments from your debtors to their accounts, or access sensitive financial information.

Invoice Fraud Hitting Trade Businesses

Trade businesses that issue invoices by email are increasingly targeted by payment diversion fraud. Criminals intercept invoices — either by compromising the tradie's email or by monitoring the email of the recipient — and send modified versions with changed bank details. When your customer pays what they believe is your invoice, the money goes to a criminal account. Verbal confirmation of bank details for any new or changed account is the most effective protection.

The Simple Protections That Work

Most cloud-based platforms like ServiceM8 and Tradify store your data in the cloud with their own backups. However, the devices you use to access these platforms can still be compromised. MFA on all your job management and accounting accounts is the single most important protection — it means a stolen password alone cannot give an attacker access. Endpoint security on your work phone and any office computers blocks malware before it can steal credentials. And a separate, strong password for every account means a breach of one does not compromise everything else.

What to Do If You Have Been Attacked

Contact your bank immediately if payments have been diverted — some can be reversed if reported quickly. Change passwords on all accounts from a clean device. Contact the ACCC's Scamwatch to report the incident. If data has been encrypted and you have no backup, contact a cybersecurity specialist before paying any ransom — sometimes data can be recovered without payment, and paying does not guarantee recovery. IntrusionX provides fast-response incident support for Melbourne trade businesses and can help you get back up and running.

Choosing Secure Software for Your Trade Business

When selecting job management and accounting software, security features should be part of your evaluation criteria. Does the platform offer MFA? Is data encrypted in transit and at rest? Does the vendor have a clear security policy and incident response process? Has the vendor experienced any breaches, and how did they respond? Cloud-based platforms from established vendors generally provide better security than locally installed software, because the vendor takes responsibility for server security and updates. ServiceM8, Tradify, Xero, and similar established platforms all invest significantly in security — using them with MFA enabled gives you the benefit of their security investment. IntrusionX can assess your trade business's specific software environment and implement the right protection — contact us for a free consultation.