Close up of Canadian one hundred dollar banknote with black bar across Sir Robert Borden's eyes

Fraud risk in an increasingly complex project landscape

Key fraud risks to watch for in 2026

The convergence of advanced technology and sophisticated tactics by malicious actors continues to redefine the fraud landscape.

According to IBM’s 2024 Cost of a Data Breach report, Canadian organizations pay an average cost of $6.32 million per data breach. From elaborate schemes to the exploitation of digital infrastructure, fraud methodologies have grown increasingly formidable. As predictions of an economic downturn continue, it can lead to a perfect storm of the fraud triangle elements: opportunity, motivation, and rationalization.

In construction, where large contracts, complex supply chains, and tight timelines intersect, these risks often surface in less obvious ways – through procurement processes, subcontractor relationships, project billing, change orders, and digital approvals. With competitive bidding environments and layered subcontracting structures, the opportunity for misrepresentation or collusion increases if controls are not clearly defined and consistently applied.

This article examines some of the circumstances that allow fraud to occur, the motivation and rationalization for committing it, and how best to position your company to mitigate key fraud risks in 2026.

AI and ML fraud

The rise of AI and machine learning (ML) has not only transformed industries but paved the way for increased vulnerabilities in the fight against fraud. Cyber criminals leverage these technologies to carry out complex schemes, making fraud detection more challenging than ever. An emerging threat is the use of GPT-based language models by bad actors to craft compelling phishing emails. Unlike traditional haphazardly written emails, these messages feature refined grammar, compelling narratives, and personalized content, increasing the likelihood of deception. 

For example, a seemingly legitimate email requesting a change to payment details on a subcontractor invoice or supplier account mid-project can lead to misdirected funds if not independently verified. Similarly, threat actors are deploying AI-generated code to automate spamming and execute system attacks with greater precision. 

To keep fraud at bay, organizations must continuously examine and enhance risk management systems to ensure they are well-positioned to prevent, detect, and – if needed

fight fraud

Another growing risk is deepfake technology that can impersonate authorized individuals, enabling fraudsters to bypass security protocols and gain unauthorized access to accounts or systems. These hyper-realistic video and audio forgeries can be used to manipulate unwitting individuals into fraudulent business transactions or extract sensitive information.

Education remains the best defence. Raise awareness about these evolving threats to help employees stay vigilant. Authentication of identities and instructions is crucial, particularly for significant transactions. Secure, multi-channel verification processes should be used to confirm high-value or sensitive requests. 

As fraud tactics become more technologically advanced, so too must our defences. AI and ML can also be harnessed to strengthen security, creating multiple layers of defence that integrate with human oversight.

Employee fraud

Economic pressures and evolving work environments can increase the risk of internal fraud within organizations. With the rising prices of just about everything and the looming threat of economic recession, people may be more likely to find other (less ethical) means of “earning” income. In construction environments, this can show up in manipulated timesheets, unauthorized change orders, or approval bypasses tied to project billing.

As project teams balance office, site, and remote work environments, oversight gaps can emerge in how financial controls and approvals are applied.

To mitigate employee fraud risks, we should modify our internal controls and implement different types of management oversight. With remote working, it may be easier to abuse the present controls, falsify or bypass approvals, or forgo asking questions when things aren’t adding up. It is essential to remain vigilant and ensure the company’s integrity isn’t compromised.

Supply chain fraud

Supply chain disruptions have become commonplace for everything from groceries to automobiles to building materials. As a result of these issues, it has become more difficult and costly to obtain certain products. Supply chain problems have affected every individual and industry in some way. In difficult and expensive times, people may be more likely to get creative with sourcing products, parts, and materials.

Supply chain fraud includes bribery, misrepresentation of goods, financial fraud, violation of sanctions, and bid rigging. In heavy civil construction, this can extend to material substitutions, misrepresented aggregate sources, or bid irregularities tied to subcontractor or supplier relationships.

Businesses can do the following to mitigate these fraud risks:

  • Conduct risk-based due diligence to ensure that distributors, business partners, and agents are held to a high standard of conduct.
  • Examine the business hierarchy and procedures to gain approvals.
  • Develop and enhance fraud and corruption controls through risk assessments, including accounting controls, training, policies, and procedures.
  • Test transactions and controls using independent and objective sources familiar with the business, industry, culture, practice, and regulations.
  • Conduct, re-evaluate, and refresh fraud and corruption risk assessments regularly to ensure the systems are continuously updated and reinforced.

To keep fraud at bay, organizations must continuously examine and enhance risk management systems to ensure they are well-positioned to prevent, detect, and – if needed – fight fraud. Maintaining stability across operations and the supply chain is the best way to ensure that they continue to thrive, and the company continues to succeed in serving others.

Insurance fraud

Due to the financial aftermath of the pandemic along with the threat of a possible recession, insurance fraud will be on high alert in 2026. Some companies or individuals may resort to providing inaccurate or misleading information to obtain insurance coverage. According to a Friss Insurance Fraud Report, pressures related to the cost-of-living crisis have contributed to an increase in staged claims and fabricated losses. Others are taking advantage of natural disaster claims or attempting to justify fraudulent activity against insurance companies using moral justifications.

On infrastructure projects, this can include inflated or misrepresented claims related to delays, damages or site conditions. On publicly funded infrastructure projects, these risks carry added scrutiny, with implications for compliance, transparency, and long-term client relationships.

Fraudulent insurance claims impact honest customers and the public. As a result, businesses can suffer indirect economic losses, valuable public service resources are used, and insurance companies will bear the financial brunt. In addition, fraud of this kind tends to have a ripple effect and quickly leads to higher premiums.

For construction businesses, where margins, timelines and reputations are closely tied to execution, strengthening these controls is not just about prevention – it’s about protecting the integrity of every project delivered. 

This article was originally published on BDO.ca and this revised version is reprinted here with permission.