Construction invoice scam warning from NCA

This post has already been read 2362 times!

The National Crime Agency is warning construction contractors against the growing threat of mandate fraud after companies have lost  millions during a series of payment swindles involving construction firms.


The NCA has had 34 reports of mandate fraud so far this year in which contractors were conned out of amounts of up to £1m  .

Mandate fraud (invoice fraud) involves criminals contacting contractors posing as a supplier or subcontractor in this case construction compaines.

The fraudulent offender  then advises the company that their bank account details have changed to divert payments into a bogus account leaving the legitimate supplier and conned contractor out of pocket.

The NCA and the National Fraud Intelligence Bureau said that reports of mandate fraud in the construction industry have increased steadily over the last year and are urging firmsto be aware.

The majority of victims of the alleged fraud were large civil engineering contractors and Most of the approaches to companies were by email (56%) using either the construction company’s email address or a similar one.

Other victims have been contacted by telephone (21%) or by letter (18%).

The agency warned:

  • The letters sent may appear as genuine letters on company headed paper and signed off by the company directors or accountants.
  • The letters will provide details of the new account with the wording that “these amendments should take place immediately”.
  • There does not appear to be a preferred bank for the change of account details.

It also issued the following checklist to prevent mandate fraud:

  • Ensure that all financial paperwork is shredded to avoid theft of the company identity/logo and prevent the bank details being obtained by others.

  • Employ due diligence checks, i.e. any notification of a change of bank account should require further verification by contacting the supplier/customer directly before implementing any changes. A single point of contact should be set up within each business on a pre-agreed number who can verify any legitimate changes.

  • Internet and email users should be encouraged to change their password regularly to avoid criminals accessing their accounts. Companies should regularly check their emails, websites and bank accounts to ensure these details are not being hacked.

  • Ideally every employee of the company should have their own computer and log-in details to avoid criminals hacking into multi-user computers easily.


If you suspect or think you have had an email from someone reqesting a payment please contact the NCA