Invoice Fraud Costs UK Construction Sector Millions, NCA Warns

Invoice fraud, a subset of business email compromise, has surged across global markets, and the UK construction industry is now feeling the brunt. The National Crime Agency (NCA) reports that in September 2025 alone, fraudulent invoices siphoned nearly £4 million (about $5.3 million) from construction firms, representing 83 confirmed incidents. This figure is part of a broader pattern where BEC schemes generated roughly $2.8 billion in losses worldwide in 2024, making it the second‑most lucrative cybercrime. The rapid growth underscores the need for heightened vigilance among finance teams.

Construction’s susceptibility stems from its layered ecosystem of prime contractors, subcontractors, consultants and material suppliers, all of whom exchange high‑value invoices through relatively unsecured email channels. Fraudsters exploit this complexity by spoofing supplier domains, hijacking accounts, or subtly altering bank details on legitimate‑looking invoices. Because payments often require swift approval to keep projects on schedule, the pressure to act quickly can override routine checks, creating a perfect storm for Business Email Compromise. The sector now accounts for a quarter of all invoice‑fraud cases reported in 2024/25, outpacing any other industry.

In response, the NCA and the National Federation of Builders have rolled out a targeted awareness campaign focused on three practical steps: scrutinize any changes to invoice or banking information, verify the request by contacting the genuine supplier, and never release funds without double‑checking details. Complementary technical safeguards—multi‑factor authentication, robust password policies, and up‑to‑date anti‑malware—are also emphasized to harden email gateways. By embedding these controls, finance professionals can protect cash flow, preserve project timelines, and help stem the tide of a cyber‑crime vector that threatens the stability of the UK construction supply chain.