CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

UK NCA and NatWest Warn of Rising Invoice Fraud Threats

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

The UK National Crime Agency (NCA) and NatWest Bank initially warned of rising invoice fraud in January 2026, reporting nearly £4 million in losses from 83 cases in September 2025 and urging businesses to verify payment details. Recent attention has focused on the construction sector, where complex supply chains and high-value email payments create elevated risks. Invoice fraud, a form of business email compromise (BEC), involves impersonating suppliers by changing bank details on fake invoices or hijacking supplier email accounts to gather intelligence before issuing fraudulent invoices. The NCA reports that construction and manufacturing accounted for a quarter of all invoice fraud cases in 2024/25—the highest of any sector. The agency is actively disrupting criminal networks while promoting prevention measures such as checking for email anomalies, verifying invoices via trusted channels, and requiring colleague authorization for high-value payments. Globally, BEC scams cost nearly $2.8 billion in 2024, according to the FBI, underscoring the severity of the threat.

Timeline

  1. 30.01.2026 13:10 2 articles · 1mo ago

    NCA and NatWest Launch Joint Campaign Against Invoice Fraud

    The UK’s National Crime Agency (NCA) and NatWest Bank issued a joint warning about rising invoice fraud, reporting nearly £4 million in losses from 83 cases in September 2025 and recommending verification of payment details and avoidance of urgent transfers. The campaign also emphasizes the severe financial impact on businesses and promotes the 'Check, Verify, Never' approach. New details from this article clarify that construction and manufacturing accounted for a quarter of all invoice fraud cases in 2024/25—the highest among all sectors. It also explains operational tactics used by fraudsters, including email hijacking, domain spoofing, and targeted pressure tactics on finance personnel in complex supply chains. The NCA reiterates its dual strategy of disrupting criminal networks through investigations and international intelligence sharing while stressing that prevention remains equally critical.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Credential Theft and Account Compromise Surge in 2025

In 2025, cyber threat actors significantly increased their focus on credential theft, leading to a 389% rise in account compromise incidents, which constituted 55% of all attacks observed by eSentire. Credential access represented 75% of malicious activity, with two-thirds aimed at account takeovers and the remaining third used for phishing campaigns. Microsoft 365 accounts were primary targets. The use of phishing-as-a-service (PhaaS) kits, such as Tycoon2FA, FlowerStorm, and EvilProxy, fueled business email compromise (BEC) attacks. These kits are sophisticated, continuously updated, and designed to bypass modern security controls like multifactor authentication (MFA). While BEC attacks declined to less than 10% of malicious activity, they remained a top threat for companies, particularly in real estate, finance, retail, and construction. The report also highlighted a 14-fold increase in security incidents involving email bombing and IT Help Desk impersonation, a 300% spike in the ClickFix lure, and varying trends in cyber incidents across different industries.

Open in new tab

Cyber Fraud Surpasses Ransomware as Top Business Concern

Cyber fraud, particularly phishing, has overtaken ransomware as the primary cybersecurity concern for business leaders, according to the World Economic Forum’s (WEF) Global Cybersecurity Outlook for 2026. The report highlights the pervasive nature of cyber-enabled fraud, which is causing significant financial losses and undermining trust in systems. Phishing attacks, including email, voice (vishing), and SMS (smishing), are the most commonly reported form of cyber fraud, affecting 62% of respondents. Other notable threats include invoice or payment fraud (37%), identity fraud (32%), insider threats (20%), and romance or impersonation scams (17%). The rise of AI-powered cyber threats is also a key concern, with 87% of respondents experiencing increased AI-related vulnerabilities in the past year.

Open in new tab

Misconfigured Email Routing Exploited for Internal Domain Phishing

Threat actors are exploiting misconfigured email routing and spoof protections to impersonate organizations' domains and distribute phishing emails that appear to originate internally. This tactic has surged since May 2025, targeting various industries with phishing-as-a-service (PhaaS) platforms like Typhoon2FA. Successful attacks can lead to credential theft and business email compromise (BEC). The issue arises when complex routing scenarios are configured without strict spoof protections, allowing spoofed emails to bypass security measures. Microsoft blocked over 13 million malicious emails linked to the Typhoon2FA kit in October 2025. Organizations are advised to enforce strict DMARC and SPF policies, properly configure third-party connectors, and ensure MX records point directly to Office 365 to mitigate this risk.

Open in new tab