The Supplier Who Didn’t Exist: How a Phantom Vendor Nearly Drained a Construction Firm

The Supplier Who Didn’t Exist: How a Phantom Vendor Nearly Drained a Construction Firm

The outcome: A mid-sized UK construction company discovered that one of its longest-standing suppliers was entirely fictitious, created by a senior procurement manager to funnel payments into accounts he controlled. The fraud had been running for over three years and had cost the business more than £380,000 before it was detected through a targeted investigation.

The Situation

The client, a construction company with annual turnover of roughly £12 million, approached UKPI after their newly appointed finance director flagged irregularities during a routine review of supplier accounts. One particular supplier, listed as providing specialist safety equipment, had been receiving regular monthly payments of between £8,000 and £14,000 for more than three years. Yet nobody in the operations team could recall ever meeting anyone from the company, receiving deliveries from them, or seeing their products on site.

The finance director had tried to contact the supplier using the details on file. The phone number went to a voicemail that was never returned. The registered address turned out to be a virtual office service in Birmingham. The company’s website, while professional in appearance, contained stock photography and no verifiable contact information. When the finance director raised these concerns with the managing director, they decided an external investigation was needed rather than an internal enquiry that might alert the person responsible.

The Challenge

Supply chain fraud of this type is notoriously difficult to detect from inside the business. The person creating the fictitious supplier typically controls the purchasing process, approves the invoices, and ensures the paperwork looks legitimate. From the outside, the payments appear routine. The fraud only becomes visible when someone with fresh eyes questions whether the supplier actually exists and whether the goods or services were ever delivered.

In this case, the client needed answers to several questions. Was the supplier real or fabricated? Who was behind the scheme? How long had the fraud been running? How much money had been lost? Were there other fictitious suppliers in the system? And critically, could the evidence be gathered in a way that would support criminal prosecution and civil recovery without tipping off the suspect before the case was ready?

The firm also needed to continue operating normally while the investigation was underway. Disrupting procurement processes or confronting staff prematurely would have given the fraudster time to destroy evidence, move money, or resign before the full picture emerged.

The Approach

UKPI structured the investigation in three phases: corporate records analysis, financial trail mapping, and surveillance to confirm the identity of the person behind the fraud.

Corporate records analysis. Our team began with a detailed examination of the supplier’s corporate filings at Companies House. The company had been incorporated four years earlier with a single director listed at a residential address in Solihull. A background check on the named director revealed that the individual existed but had no connection to the safety equipment industry. Further investigation showed that the director’s identity details had been used without their knowledge, a common tactic in phantom vendor fraud.

The registered office was a mail-forwarding service. The bank account receiving payments had been opened using the stolen identity documents. The website domain had been registered through a privacy service, but historical registration data linked it to an email address that would prove material later in the investigation.

Financial trail mapping. Working with the client’s finance director under strict confidentiality, our investigators mapped every payment made to the fictitious supplier over the previous four years. The total came to £383,000 across 47 separate invoices. The invoices followed a pattern: they were always below the threshold that would trigger additional approval from the managing director, they were submitted on dates that coincided with large legitimate supplier payments (making them less visible in batch processing), and they referenced genuine project codes for work that was actually taking place on site.

This level of sophistication pointed to someone inside the business who understood the financial controls, knew the approval thresholds, and had access to live project information. The investigation team narrowed the suspect list to three people with the necessary access and knowledge.

Surveillance and digital analysis. The email address linked to the website domain was traced to a personal account belonging to the company’s head of procurement, a trusted employee who had been with the firm for seven years. Covert surveillance over two weeks confirmed that this individual was visiting the virtual office to collect mail, accessing the bank account linked to the fictitious supplier, and meeting with a second individual who appeared to be helping manage the financial side of the operation.

Our digital forensics team, working with the client’s IT department under a pre-agreed protocol, examined the procurement manager’s company laptop. The analysis revealed draft invoices for the fictitious supplier, correspondence with the virtual office provider, and browser history showing regular access to the bank account receiving the fraudulent payments.

The Outcome

UKPI delivered a full evidence pack to the client’s solicitors and, with the client’s authorisation, to the police. The procurement manager was arrested, charged with fraud by false representation, and later convicted. He received a custodial sentence of two years and eight months.

The civil recovery process, supported by the financial evidence our team had compiled, resulted in the freezing and partial recovery of approximately £140,000 from accounts linked to the fraudster. The remaining losses were claimed against the company’s crime insurance policy.

As part of the broader review, UKPI conducted a full audit of the client’s remaining supplier base, identifying two further vendors whose documentation raised concerns. Both turned out to be legitimate but poorly documented, a weakness in the company’s procurement controls that had allowed the fraud to go undetected for so long.

The Lessons

This case illustrates several recurring themes in supply chain fraud:

Trusted employees are the highest risk. The procurement manager had been with the company for seven years and was considered reliable. Fraud committed by long-serving staff is harder to detect precisely because colleagues and managers trust them and are less likely to question their work.

Approval thresholds create blind spots. By keeping invoices below the threshold requiring senior approval, the fraudster exploited a common weakness in financial controls. Businesses should review whether their approval processes include random checks on below-threshold payments, not just those that exceed limits.

Verification at onboarding is not enough. The fictitious supplier had been “approved” years earlier when controls were even looser. Regular re-verification of supplier details, including physical site visits for material vendors, would have exposed the fraud much earlier.

External investigation protects evidence. An internal enquiry, particularly one led by HR or finance, risks alerting the suspect before sufficient evidence has been gathered. External investigators operate under cover, gather evidence to court-standard, and can coordinate with police at the right moment.

Digital evidence is decisive. In this case, the laptop analysis provided the most direct link between the suspect and the fraud. Companies should ensure their IT policies allow for forensic examination of company devices and that employees understand company equipment is subject to monitoring.

If your business has concerns about supplier integrity, unexplained payments or procurement fraud, contact UKPI on 0800 043 1754 for a confidential discussion about how a corporate investigation can protect your business.