Is This Construction Agency a Scam? A UK Builder's Check

Self-employed builders, plumbers, electricians, and scaffolders sit on a particular combination of documents that’s very valuable to fraudsters. Beyond the passport and driving licence everyone holds, a UK tradesperson registered for the Construction Industry Scheme also has a UTR (Unique Taxpayer Reference) and a CIS verification status with HMRC. A scammer who collects those alongside basic identity documents can insert a fake business into a construction supply chain and claim tax payments down through it — what HMRC calls “gross payment status fraud”.

The scale is non-trivial. HMRC’s own Construction Industry Scheme: Tackling Fraud measures (with rule changes from 6 April 2026) are projected to recover around £300M over five years that’s currently lost to this kind of supply-chain fraud. Organised criminal groups are described in the policy paper as “cloning existing CIS IDs” and using contrived subcontractor chains to extract VAT and CIS deductions. The worker whose identity gets cloned doesn’t usually find out until HMRC contacts them about tax returns they never filed.

The fraudster’s easiest route into a tradesperson’s details is a fake recruitment agency offering site work. The site doesn’t exist, the agency doesn’t exist, and once the documents are sent, the contact goes dark. The cost of running this scam is one well-written email; the payoff is months or years of fraudulent CIS claims in your name.

Every one of these scams follows roughly the same script. If you spot two or more of these signals in the same interaction, treat the request as a scam until proven otherwise:

1. Cold approach via WhatsApp, Facebook, or a personal Gmail address. Legitimate UK construction agencies almost always have a company email domain (@firstname.lastname@agencyname.co.uk or similar). They’re not running placements from a Gmail account.
2. Documents requested before any phone call. A real agency wants to talk to you first — check your trade, your rates, your distance from site, your start availability. They don’t lead with “send your passport and UTR and we’ll get you on site Monday”.
3. Vague or unverifiable site/client. The end client is described as “a major contractor” or named but with no public reference (no news of the project, no Companies House subcontractor listing, no recognisable name). Real agencies know exactly which client and which site you’re going to and will name them.
4. Urgency pressure. “The site needs you to start Monday, can you send everything today?” The pressure exists because the scammer needs you to skip verification.
5. Asking for bank details and UTR in the same first contact. A legitimate agency might collect these for payroll setup — but only after you’ve actually agreed to take the placement, and usually through a proper onboarding portal, not by reply email.
6. Agency name doesn’t resolve on Companies House. Any genuine UK limited company that runs recruitment placements will appear in the free Companies House register with directors, registered address, and accounts. If you can’t find them in 30 seconds, they’re very probably not real.

Before you send a single document, run four free checks. None of them takes more than a minute, and any single failure should make you stop:

1. Companies House. Search the company name at find-and-update.company-information.service.gov.uk. A legitimate UK recruitment agency will be there with directors, registered address, and filed accounts. Newly-incorporated shell companies (registered in the last few months, no accounts filed) are a red flag in themselves — not a guarantee of scam, but a signal to verify everything else twice.
2. REC member directory. The Recruitment & Employment Confederation maintains a public member list at rec.uk.com/our-members. REC membership isn’t legally required to run a UK agency, so absence isn’t conclusive — but presence is a strong positive signal because REC members must follow a published Code of Professional Practice and can be sanctioned.
3. Their website. Look for a real registered office address (cross-check it against Companies House), a UK phone number that answers when you ring it during business hours, named consultants with LinkedIn profiles, and recent placements. A site that’s a single landing page with a contact form and nothing else is suspect.
4. Ring the end client directly. If the agency claims they’re placing you on a named site (e.g. “the new Crossrail extension at Old Oak Common”), find the main contractor’s site office number from their own website and ring it. Ask if they currently use the agency in question for subcontractors. Contractors handle this question often and won’t mind a one-minute call.

If you have grounds to suspect an active scam, report it to the Employment Agency Standards Inspectorate (the state regulator for UK recruitment agencies) via ACAS on 0300 123 1100, and to Action Fraud on 0300 123 2040. Both keep the reports on file even if no immediate action is taken; pattern-matching across reports is how these operations eventually get shut down.

Once you’ve verified the agency, they have real reasons to collect documents from you — but only at the right stage and through the right channels. A legitimate UK construction agency will typically need, in roughly this order:

1. Right-to-work documents — passport or share-code (for non-UK nationals). This is a legal requirement under the Immigration, Asylum and Nationality Act 2006 and applies after they’ve placed you. The check usually happens at the agency’s office or via a Home Office-approved digital identity service provider, not by emailed photo.
2. CSCS card or equivalent trade-specific competency card (ECS for electricians, CPCS for plant operators, etc.). They’ll usually want to see the front of the card; some sites need both sides for the QR check.
3. Trade qualifications — NVQ certificates, City & Guilds, JIB membership, Gas Safe registration. Send copies, keep originals.
4. UTR and bank details — for CIS verification with HMRC and for payment. Provide these through the agency’s payroll or onboarding portal, never by reply email. Any agency that’s genuinely placing workers under CIS will already have an onboarding system that handles this securely; if they don’t, that’s itself a sign to step back.

The timing rule is consistent: documents come after conversation, after a named placement, and through a verified channel — not as the opening message of a contact you haven’t reciprocated.

If you sent documents to an agency that has now gone dark or that you suspect is fraudulent, the first 24 hours matter most. Identity documents you can’t change easily (UTR, NI number) are the biggest risk and require monitoring rather than reissue.

What to do, in order:

1. Within the hour. Email the contact a clear written request to delete every copy of your documents and to confirm in writing. Even a scammer rarely responds to that, but you create a paper trail. Report the interaction to Action Fraud on 0300 123 2040 — have the email thread, the agency name, and any phone numbers ready.
2. Within 24 hours. Call HMRC’s CIS helpline on 0300 200 3210 and tell them your UTR may have been compromised. They can flag the record so any fraudulent CIS claims trigger additional verification. If you also gave bank details, call your bank’s fraud line and put a marker on your accounts.
3. Within the week. Check your credit report (free at Experian, Equifax, and TransUnion) for any account or application you didn’t make. Set up fraud alerts at all three credit agencies and consider CIFAS Protective Registration (£30 for two years), which adds a marker to your credit file that prompts lenders to run extra checks on any application in your name. Report the agency to the Employment Agency Standards Inspectorate via ACAS on 0300 123 1100.
4. Ongoing. Watch your HMRC personal tax account online for any CIS deductions or refunds you didn’t expect, and keep an eye on your credit file monthly for the next six months. CIS-fraud claims using a cloned UTR can appear weeks or months after the initial document handover, well after the agency contact has gone quiet.